This is how you can fix these Apache web server. Apply these steps in apache:
- Ensure you have mod_headers.so enabled in apache instance.
Add following entry in
httpd.conf
Header edit set-cookie ^(.*)$ $1;httponly;secure
- Restart Apache web server.
Note:
Header edit is not compatible with lower than Apache 2.2.4 version. So you can follow this to set httponly and secure flag in lower than 2.2.4 version.
- Header set set-cookie httponly;secure
Verify now open your site with http watch or check online.