Remediating Secure Cookie on Insecure Channel Findings Erin Conry Secure Cookie on Insecure Channel Findings are scanned as part of the Sensitive Data Exposure Security Tests used to evaluate the Web Application Security Risk Vector.The Secure flag instructs the browser to never pass a cookie over an insecure (e.g. non-HTTPS) channel; however, occasionally some websites set these cookies over insecure channels, defeating the purpose of the Secure flag. Some modern browsers will even ignore secure cookies set over an insecure medium.Need to fix?Ensure the site is accessible through a secure connection. If that is not possible, ensure the application does not depend on cookies with the “secure” flag set.Does this impact my WAS Risk Vector Grade? Yes.Possible Grades:Neutral: Secure cookie set on insecure channel findings are informational onlyWeight = Not applicableWhat will I see in the Portal?Issue: Secure Cookie on insecure channel.Details: A cookie with a "secure" attribute is set from a non-HTTPS endpoint. Related articles Remediating CMS Administration Portal Exposed GET: Companies with Exposed Credentials in Your Portfolio Introducing the AI Assistant for Findings - April 7, 2026 Cross-Site Request Forgery (CSRF) Mitigations Present Remediating Session Token in URL Issues Feedback 0 comments Please sign in to leave a comment.