Insecure Cookie Test

This page deliberately emits a Set-Cookie header missing the Secure, HttpOnly, and SameSite attributes:

Set-Cookie: session_id=abc123test456; Path=/; Expires=Wed, 01 Jan 2027 00:00:00 GMT

Expected triggers in analyzer 030_response_headers:

• E01 — cookie without Secure on an HTTPS URL (MITM interception risk)
• W01 — cookie without HttpOnly (readable via JavaScript, XSS-stealable)
• W02 — cookie without SameSite (CSRF surface)

← Back to response headers test hub