Information Info Vega has detected that this cookie was set without the HttpOnly flag. When this flag is not present, it is possible to access the cookie via client-side script code. The HttpOnly flag is a security measure that can help mitigate the risk of cross-site scripting attacks that target session cookies of the victim. If the HttpOnly flag is set and the browser supports this feature, attacker-supplied script code will not be able to access the cookie. When creating the cookie in the code, set the HttpOnly flag to true. HttpOnly OWASP Reference