Add Secure and httpOnly Flags to Every Set-Cookie Response in Apache httpd

Question

I\'m running Apache 2.2.26:

Server version: Apache/2.2.26 (Unix)
Server built:   Jan 17 2014 12:24:49
Cpanel::Easy::Apache v3.22.30 rev9999 +cloudlinux
         


        

Answer 1

make sure that mod_headers.so is enabled then add the following header in apache2.conf for debian based system or httpd.conf for rpm based system

 Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

For lower than Apache 2.2.4 version use the following:

Header set Set-Cookie HttpOnly;Secure 

then Restart the server