search
APISupportDashboard

Cookies

Keep track of cookies and their attributes.

The Cookies section allows you to monitor cookies and their attributes

hashtag
Use Cases

  • Discover cookies that may pose a risk due to lacking security attributes. Cookies that lack security attributes can potentially be used to escalate attacks on the users of your site.

  • Identify which hosts are setting cookies.

hashtag
Detection

During the crawling process, the scanner collects all cookies that are issued in server responses.

hashtag
Risk

Risk is assigned by verifying that:

  • Medium ( Yellow): The "secure" attribute is missing on an HTTPS cookie, or the HttpOnly attribute is missing from a session cookie.

  • Low ( Green): No significant risks are associated with the cookie.

Cookies rated Medium risk will create issues.

circle-info

We recommend fixing Medium risk issues immediately.

hashtag
Monitoring

Cookies can be monitored for changes by toggling their monitor status on the Listarrow-up-right page. If a change is detected it will trigger a website-cookie-monitor-change event so you can be immediately notified.

Learn more about events at:

Eventschevron-right

hashtag
Reports

  • Overviewarrow-up-right: Displays your risk rating associated with identified cookies as well as metrics on cookie attributes and expirations, and monitored hosts.

  • Summaryarrow-up-right: Displays which targets offering cookies are acknowledged and what security attributes are set.

  • Listarrow-up-right: Lists every cookie found per target with extended details about expiration and other attributes. Toggle monitor status of cookies.

  • Namesarrow-up-right: Names of every cookie identified and number of times they were seen.

  • Domainsarrow-up-right: List of hosts from all domain attributes and metrics.

  • Changesarrow-up-right: Changes in cookies between current and previous scans.

PreviousScriptsNextHeaders

Last updated

Was this helpful?