Security Checks / Cookie Flags Check

Cookie Flags Check

Check cookies for Secure, HttpOnly, and SameSite flags.

Check a Website

Enter a URL to run a scan and review relevant security signals.

What It Is

Cookie flags control how cookies are sent and accessed by scripts.

Why It Matters

Proper flags reduce XSS impact and CSRF risk.

How to Fix

  • Set Secure for cookies that should only be sent over HTTPS.
  • Set HttpOnly for session cookies to prevent JS access.
  • Set SameSite=Lax or Strict where possible.

Related Checks

CSP CheckSecurity Headers Check