Cookies without HttpOnly and Secure flag

1. This cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser that the cookie can only be accessed by the server and not by client-side scripts.

• Name: event_filter
• Name: _sort

2. This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL channels.

• Name: event_filter

I know that these flags are used mostly for session cookies, but a lot of our users do their security testing and need to satisfy PCI requirements. If possible, you should set the Secure and HTTPOnly flags for cookies.