Hi Folks,
Just wondering if anyone can point me in the right direction. Our PCI compliance scan fails because DirectAdmin (TCP Port 2222) isn't setting the HTTPOnly header. Here is a snapshot of the scan result:
Cookie Without HTTPOnly Attribute Can Be Accessed By Scripts
A cookie without the HTTPOnly attribute could be susceptible to theft by cross-site scripting attacks.
Thanks for any insight or help you can provide.
Just wondering if anyone can point me in the right direction. Our PCI compliance scan fails because DirectAdmin (TCP Port 2222) isn't setting the HTTPOnly header. Here is a snapshot of the scan result:
Cookie Without HTTPOnly Attribute Can Be Accessed By Scripts
A cookie without the HTTPOnly attribute could be susceptible to theft by cross-site scripting attacks.
Thanks for any insight or help you can provide.
