Remediating Secure Cookie on Insecure Channel Findings Erin Conry Secure Cookie on Insecure Channel Findings are scanned as part of the Sensitive Data Exposure Security Tests used to evaluate the Web Application Security Risk Vector.The Secure flag instructs the browser to never pass a cookie over an insecure (e.g. non-HTTPS) channel; however, occasionally some websites set these cookies over insecure channels, defeating the purpose of the Secure flag. Some modern browsers will even ignore secure cookies set over an insecure medium.Need to fix?Ensure the site is accessible through a secure connection. If that is not possible, ensure the application does not depend on cookies with the “secure” flag set.Does this impact my WAS Risk Vector Grade? Yes.Possible Grades:Neutral: Secure cookie set on insecure channel findings are informational onlyWeight = Not applicableWhat will I see in the Portal?Issue: Secure Cookie on insecure channel.Details: A cookie with a "secure" attribute is set from a non-HTTPS endpoint. Related articles Remediating Session Token in URL Issues Primary Ratings Information Technology Products and Their Risks Feedback 0 comments Please sign in to leave a comment.