Keep track of cookies and their attributes.
The Cookies section allows you to monitor cookies and their attributes
- Discover cookies that may pose a risk due to lacking security attributes. Cookies that lack security attributes can potentially be used to escalate attacks on the users of your site.
- Identify which hosts are setting cookies.
During the crawling process, the scanner collects all cookies that are issued in server responses.
Risk is assigned by verifying that:
- Medium (● Yellow): The "secure" attribute is missing on an HTTPS cookie, or "HttpOnly" attribute is missing from a session cookie.
- Low (● Green): No significant risks are associated with the cookie.
We recommend fixing Medium risk issues immediately.
Cookies can be monitored for changes by toggling their monitor status on the List page. If a change is detected it will trigger a
website-cookie-monitor-changeevent so you can be immediately notified.
Learn more about events at:
- Overview: Displays your risk rating associated with identified cookies as well as metrics on cookie attributes and expirations, and monitored hosts.
- Summary: Displays which targets offering cookies are acknowledged and what security attributes are set.
- List: Lists every cookie found per target with extended details about expiration and other attributes. Toggle monitor status of cookies.