Secure cookie with HttpOnly and Secure flag in Apache

We earn commission when you buy through affiliate links.

This does not influence our reviews or recommendations.Learn more.

By looking at an increasing number of XSS attacks daily, you must consider securing your web applications.

Its better to manage this within the software code.

However, due to developers unawareness, it comes to Web Server administrators.

I will not talk about how to set these at the code level.

you’re able to referhere.

Implementation Procedure in Apache

Note: Header edit is not compatible withlower than Apache 2.2.4 version.

you could use the following to set theHttpOnly and Secureflag in lower than the 2.2.4 version.

Thanks to Ytse for sharing this information.

This is one of the manyhardening things to do in Apache.