OWASP ZAP WAVE - Info Cookie no HTTPOnly flag

OWASP ZAP WAVE - Setting a cookie without the HTTPOnly flag

Description

The 'zap-info-cookie-no-http-only' cookie is set without the HTTPOnly flag being set.
This means that the cookie can be accessed by client side scripts, which is usually a bad idea.
Note that some servers may add this flag anyway, depending on their configuration!

OWASP ZAP WAVE - Setting a cookie without the HTTPOnly flag

Description

Example