When you're analyzing web applications as a pentester or reading pentest reports about web applications, you will often see findings regarding cookies missing certain security flags. The Set-Cookie HTTP header and the JavaScript document.cookie API allow to use, for example, the flags Secure, Path, and Domain. Common audit and pentest tools will tell you when your web application does not or j ...
