Cookie set without HttpOnly flag

Have you tried adding

Header always edit Set-Cookie (.*) "$1; HttpOnly"
Header always edit Set-Cookie (.*) "$1; Secure"

to your .htaccess?

Found this on StackOverflow

Related Posts:

  1. Redefine cookie domain for subdomains
  2. Best practice for versioning wp-config.php?
  3. Login page ERROR: Cookies are blocked due to unexpected output
  4. Password in wp-config. Dangerous?
  5. What’s the difference between WP_MEMORY_LIMIT and WP_MAX_MEMORY_LIMIT?
  6. Turn Off Automatic Trash Deletion?
  7. How can I change preview URL?
  8. Override the wp_siteurl and wp_home not work
  9. COOKIE_DOMAIN setting confusion
  10. Missing a temporary folder despite settings in wp-config.php
  11. How to use live images on local install?
  12. Syntax of FS_CHMOD_DIR and FS_CHMOD_FILE
  13. WordPress PHP error handling and reporting in production environment
  14. Declaratively Configuring WordPress in XML or JSON or YAML
  15. WP_MEMORY_LIMIT didn’t work in wp-config
  16. Fatal error: Allowed memory size of 41943040 bytes exhausted (tried to allocate 20480 bytes)
  17. How to set up gmail SMTP in WordPress
  18. error:-Cannot modify header information – headers already sent by
  19. Changing HTTP URL Port
  20. wp-config.php file permissions
  21. How to update WordPress from the latest trunk
  22. how to use is_admin in wp-config.php
  23. Locked out of WordPress Site Admin after enabling Force SSL on WordPress Https (SSL)
  24. Set wp-content folder to Dropbox folder
  25. Including a 3rd party library in WordPress which needs to be accessible by wp-config
  26. wp-config.php being deleted
  27. Installation Issue WordPress locally – The file ‘wp-config.php’ already exists
  28. What is this file: wp-config-wpe.php?
  29. How does the “authentication unique keys and salts” feature work?
  30. enable SFTP via SSH keys in wordpress
  31. html lang=”” instead of lang=”en-us” – why?
  32. Why do I get a WAMP homepage when clicking on specific website’s URL on LocalHost?
  33. What Does this Code Snippet Do?
  34. WP_Debug not displaying anything
  35. Can I delete `wp-config-sample.php` after installing and configuring WordPress?
  36. How to reliably set file/folder permissions?
  37. Multiple wp-config.php files in one home directory
  38. Why edits to wp-config.php must come before “That’s all” comment
  39. error log cluttered with undefined DB_USER wp-admin/setup-config.php
  40. Is it possible to override the ABSPATH constant
  41. Should I change wp-config for SSL?
  42. Out of memory errors : how best to track them down
  43. multiple language directories
  44. Cookie Domain is preventing Admin login
  45. Error in database connection [closed]
  46. Update wp-config.php and lost pages
  47. Conflict with wp_homeurl, wp_siteurl and admin interface settings
  48. error messages in dashboard login
  49. where should I write constants in wordpress?
  50. Issues copying site into local machine
  51. Carriage Return control character (^M) found in wp-config-sample.php
  52. Are the wordpress settings (abspath, disable core updates) added by SiteGround of any use after I’ve migrated to a different host?
  53. Need help fixing my wp-config file [closed]
  54. Why was my new WordPress installation’s config page publicly viewable when first installed?
  55. WP_MEMORY_LIMIT didn’t work in wp-config, only within default-constants.php
  56. Define option outside wp-config.php (on WordPress.com)
  57. Site lost all formatting when I attempted to migrate to Bluehost [closed]
  58. Moving wp-config.php one level up – 500 error – Nginx [closed]
  59. How can I configure an SMTP Server?
  60. What should index.php contain on Synology NAS to get external access to WordPress to work?
  61. Remote server does not read `WP_HOME` from wp-config.php when local server does
  62. IP addresses to block to stop WP auto-update?
  63. Concerns over wp-config file [closed]
  64. Not showing old migrated content in website
  65. How to rename the wp-config.php file once under version control?
  66. Read wp-config without loading the rest of WordPress – i.e. wp-settings, etc
  67. Proper way to have multiple installs with a single database
  68. How turn on error reporting without reset?
  69. WordPress installed on a Sub-directory
  70. Editing wp-config.php file asks for another installation
  71. $post->id vs $post->ID problem after using WordPress config bootstrap
  72. How to stage a redesigned site on a new webhost while the original site is still live? [closed]
  73. WordPress login redirection not working on Nginx root directory
  74. Need help re-connecting local WP-config file to local database
  75. Change of “home” results in timeouts (only on index.php)
  76. wp-config.php randomly will reset to wp-config-sample.php
  77. WP_SITEURL vs WP_HOME link output
  78. How to fix wp-login.php gives error 500 after migration?
  79. Change default wordpress FS owner
  80. Serve cookie free URLs in WordPress without using a CDN
  81. Define new constants in wp-config
  82. sudden changing of host IP result in crash of the site
  83. Move wp-content outside root
  84. Can you define readability settings in wp-config.php?
  85. Can wp-config move cause dashboard not to load?
  86. Unable to change WordPress language (WordPress 4.2.2)
  87. How to change WordPress theme file path to a remote server?
  88. Why is WordPress not using $_SERVER[‘SERVER_NAME’] for ‘WP_SITEURL’ and ‘WP_HOME’ as default?
  89. WordPress Redirect on Name Change
  90. Is there any reason why using the same wp-config file might not work in MAMP?
  91. Best function/method to access wp-config?
  92. WordPress still requires FTP information
  93. “Cannot modify header information” warning?
  94. Why would changing ports from 80 to 8080 cause wordpress to act unexpectedly?
  95. Cookies in Multisite network where sites have their own domain name?
  96. Change URL when visiting wordpress site
  97. max_input_vars not updating through wp-config
  98. Disabling zlib compression and enforcing gzip
  99. Can WP-CLI modify database connection details in existing wp-config file?
  100. How to specify server path in code?