We earn commission when you buy through affiliate links.
This does not influence our reviews or recommendations.Learn more.
One of you asked this.
I love the feedback!
It gives me an idea of what to write.
Having HTTPOnly and Secure in HTTP response header can help toprotect your web applicationsfromcross-site scripting and session manipulation attacks.
There are multiple ways to get this configured.
There are two possible ways to achieve this in Nginx web server.
By using add_header directive
An easy way to setcookie flag as HTTPOnly and SecureinSet-CookieHTTP response header.
Take a backup of the necessary configuration file and add the following innginx.confunderhttpblock.
However, for Internet-facing, you might use an onlineHTTP response header checker tool.
I hope this helps tosecure & harden the Nginx web server.
