A website's cookies should be protected at all times so that they cannot be read and manipulated by third-party scripts.
In the vast majority of cases, it is not necessary for the application to access cookies that have already been set in the browser. For this reason, most browsers have been enhanced with a feature that allows you to decide for each individual cookie whether it is available in the browser.
To do this, use the HttpOnly flag in the Set Cookie Response header:
Set-Cookie: MeinCookie=myvalue; path=/; HttpOnly
Tip: If you use a content management system such as WordPress or Joomla!, you can check if you are using a plug-in that uses insecure cookies. Simply disable the plug-ins you are using and run the Website-Checker again. In this way, you can easily see if any of your enabled plug-ins are using insecure cookies.