Sensitive Cookie Without 'HttpOnly' Flag in vuestorefront/vue-storefrontValid
Oct 5th 2021
HTTPOnly attribute is not set for session cookies "vsf-commercetools-token" in the application.
Proof of Concept
Check this for POC: Image