# Cookies

The Cookies section allows you to monitor cookies and their attributes

## Use Cases

* **Discover cookies that may pose a risk due to lacking security attributes.** Cookies that lack security attributes can potentially be used to escalate attacks on the users of your site.
* **Identify which hosts are setting cookies.**

## Detection

During the crawling process, the scanner collects all cookies that are issued in server responses.

## Risk

Risk is assigned by verifying that:

* **Medium** (<mark style="color:yellow;">●</mark> Yellow): The "**secure**" attribute is missing on an HTTPS cookie, or the **HttpOnly** attribute is missing from a session cookie.
* **Low** (<mark style="color:green;">●</mark> Green): No significant risks are associated with the cookie.

Cookies rated **Medium** risk will create [issues](/docs/platform/issues.md).

{% hint style="info" %}
We recommend fixing **Medium** risk issues immediately.
{% endhint %}

## Monitoring

Cookies can be monitored for changes by toggling their monitor status on the [List](https://app.halosecurity.com/user/security/website/script/list) page. If a change is detected it will trigger a `website-cookie-monitor-change` event so you can be immediately notified.

Learn more about events at:

{% content-ref url="/pages/MtggX3t55b2BwW9thVOd" %}
[Events](/docs/platform/events.md)
{% endcontent-ref %}

## Reports

* [Overview](https://app.halosecurity.com/user/security/website/cookie/): Displays your risk rating associated with identified cookies as well as metrics on cookie attributes and expirations, and monitored hosts.
* [Summary](https://app.halosecurity.com/user/security/website/cookie/summary): Displays which targets offering cookies are acknowledged and what security attributes are set.
* [List](https://app.halosecurity.com/user/security/website/cookie/list): Lists every cookie found per target with extended details about expiration and other attributes. Toggle monitor status of cookies.
* [Names](https://app.halosecurity.com/user/security/website/cookie/names): Names of every cookie identified and number of times they were seen.
* [Domains](https://app.halosecurity.com/user/security/website/cookie/domains): List of hosts from all domain attributes and metrics.
* [Changes](https://app.halosecurity.com/user/security/website/cookie/changes): Changes in cookies between current and previous scans.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.halosecurity.com/docs/platform/websites/cookies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.