Information Info Vega has detected that this cookie was set without the Secure flag. When the Secure flag is set, the browser will only transmit the cookie back to the server over HTTPS. However, when this flag is not set, the cookie may be transmitted over unencrypted HTTP. This may allow the cookie to be observed in transit. When creating cookies, ensure the Secure flag is set. SecureFlag OWASP Reference