Cookie "HTTPOnly" and "secure" attribute vulnerability

Hello,

When I scan my Frontend Page with “Qualys API SCAN” software that is intended to find vulnerabilities, it lands on AUTH0 authentification page. And it finds 2 problems with the cookies:
Cookie Does Not Contain The “secure” Attribute
Cookie Does Not Contain The “HTTPOnly” Attribute”

Example of such a cookie: com.auth0.auth.ugKuorXXXXX…

Is this normal or it is a security problem for the cookies don’t have those attributes?

Thank you!

Hi @andreinechifor83,

Welcome to the Auth0 Community!

Not all cookies will be marked HTTPOnly and secure.

Can you tell me the name of the cookie you are referring to?