Hello, When I scan my Frontend Page with “Qualys API SCAN” software that is intended to find vulnerabilities, it lands on AUTH0 page and it finds 2 problems with the cookies: Session Cookie (Authentication Related) Does Not Contain The “HTTPOnly” Attribute Cookie Does Not Contain The “HTTPOnly” A…

Hi there @coskucinkilic welcome to the community! I believe this is just do to the fact that some cookies can’t be set to HTTPOnly because they are required for our frontend SDKs to function properly - That is, if these particular cookies were HTTPOnly, they would be inaccessible by JavaScript and …

Cookie “HTTPOnly” and “secure” attribute vulnerability

Get Help

tyf Closed June 29, 2022, 12:18am 5

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cookie "HTTPOnly" and "secure" attribute vulnerability Get Help auth0 , api , login , vulnerability	2	3323	April 8, 2022
Cookies Not Marked as Secure and Cookies Not Marked as HttpOnly Get Help security-question-concern , security-compliance	5	1936	March 26, 2025
Request to use HttpOnly Cookies for Auth0 Authentication Get Help classic-universal-login-experience , login-experience	3	3215	February 15, 2023
Qualys Security Verification Get Help security-question-concern , security-compliance	1	15	May 28, 2025
Auth0 Cookies to be secure in response Get Help auth0 , cookie , samesite-cookies	0	1716	September 27, 2022

Cookie “HTTPOnly” and “secure” attribute vulnerability

Related topics