Last update: March 13, 2020 Sensitive Cookie Without 'HttpOnly' Flag The software uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.