# Cookies

The Cookies section allows you to monitor cookies and their attributes

## Use Cases

* **Discover cookies that may pose a risk due to lacking security attributes.** Cookies that lack security attributes can potentially be used to escalate attacks on the users of your site.
* **Identify which hosts are setting cookies.**

## Detection

During the crawling process, the scanner collects all cookies that are issued in server responses.

## Risk

Risk is assigned by verifying that:

* **Medium** (<mark style="color:yellow;">●</mark> Yellow): The "**secure**" attribute is missing on an HTTPS cookie, or the **HttpOnly** attribute is missing from a session cookie.
* **Low** (<mark style="color:green;">●</mark> Green): No significant risks are associated with the cookie.

Cookies rated **Medium** risk will create [issues](https://docs.halosecurity.com/docs/platform/issues).

{% hint style="info" %}
We recommend fixing **Medium** risk issues immediately.
{% endhint %}

## Monitoring

Cookies can be monitored for changes by toggling their monitor status on the [List](https://app.halosecurity.com/user/security/website/script/list) page. If a change is detected it will trigger a `website-cookie-monitor-change` event so you can be immediately notified.

Learn more about events at:

{% content-ref url="../events" %}
[events](https://docs.halosecurity.com/docs/platform/events)
{% endcontent-ref %}

## Reports

* [Overview](https://app.halosecurity.com/user/security/website/cookie/): Displays your risk rating associated with identified cookies as well as metrics on cookie attributes and expirations, and monitored hosts.
* [Summary](https://app.halosecurity.com/user/security/website/cookie/summary): Displays which targets offering cookies are acknowledged and what security attributes are set.
* [List](https://app.halosecurity.com/user/security/website/cookie/list): Lists every cookie found per target with extended details about expiration and other attributes. Toggle monitor status of cookies.
* [Names](https://app.halosecurity.com/user/security/website/cookie/names): Names of every cookie identified and number of times they were seen.
* [Domains](https://app.halosecurity.com/user/security/website/cookie/domains): List of hosts from all domain attributes and metrics.
* [Changes](https://app.halosecurity.com/user/security/website/cookie/changes): Changes in cookies between current and previous scans.