Information High Vega has detected that a known session cookie may have been set without the secure flag. Cookies can be exposed to network eavesdroppers. Session cookies are authentication credentials; attackers who obtain them can get unauthorized access to affected web applications. When creating the cookie in the code, set the secure flag to true. Secure Flag HttpOnly OWASP Reference