You are here

How to set the HTTPOnly Flag

Affects product: 
Airlock WAF
Affects version(s): 
4.2 all versions

 

The HTTPOnly flag can be set in the Configuration Center under Expert Settings > Security Gate. In the textarea just insert the following resource. After activating the configuration the HTTPOnly flag will be globaly enabled.

# HTTPONLY FLAG FOR SESSION COOKIE
#
# Enable the HttpOnly-flag in session cookies
# persistent session cookies never set the HttpOnly flag
#
SecurityGateway * SessionCookieHttpOnly "TRUE"

 

 

Knowledge Base Categories: