This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security Scans report "COOKIES WITHOUT HTTPONLY/SECURE FLAG SET" used by Dynatrace Synthetic (HTTP) monitors

francois_jouber
Guide

‎08 Aug 2025 10:13 AM

My customer has reported that their security scans report "COOKIES WITHOUT HTTPONLY/SECURE FLAG SET" used by Dynatrace Synthetic (HTTP) monitors that they use. 

I understand that Dynatrace can't use HTTPOnly flags since JS can't work with this. But I should be able to set a Secure Cookie attribute for the synthetic monitor - This capability is nicely documented for Web applications (https://docs.dynatrace.com/managed/shortlink/cookies#secure-cookies) but not for Synthetic monitors. I presume I can enable Cookies for the synthetic monitor via Monitor > Settings > General > Cookies but the documentation (https://docs.dynatrace.com/managed/shortlink/http-monitors-config#setup) doesn't provide clear instructions on how to do this.

Please help.

Thank you

Francois

 

Labels:
0 Kudos
Reply
1 REPLY 1

HannahM
Dynatrace Guru
Dynatrace Guru

‎22 Aug 2025 02:11 PM

For browser monitors, if the browser monitors an application with RUM enabled, it will pick up this setting from the RUM application. 
For HTTP Monitors, I wouldn't expect any cookies to be set, as no browser is involved. Could you confirm which cookies you are referring to? This might be easier to answer in a chat/ support ticket, as you can then provide links to the relevant monitors. 

Synthetic SME and community advocate.
0 Kudos
Reply
Ask a question

Featured Posts