Skip to main content
SecScannerSecScanner
Security ChecksFree ToolsPricingBlog
Get Started
Sign InGet Started
All Security Checks
HeadersMedium PriorityPro

Cookie Security Prefixes

Cookie prefixes (__Host- and __Secure-) provide additional browser-enforced security guarantees for cookies.

Why It Matters

__Host- prefix ensures cookies are set securely from the exact origin, preventing subdomain attacks. __Secure- ensures cookies are only sent over HTTPS.

How We Check

We check if session cookies use appropriate prefixes and verify the required attributes are set correctly.

How to Fix

Use __Host-session=value; Secure; Path=/ for session cookies. Use __Secure- prefix for other sensitive cookies that need subdomain access.

Related Security Checks

Headers

Set-Cookie headers

TLS

HTTPS enabled

Related Tool

Cookie Checker

Run all 2 related checks with our free cookie checker

Check Your Website Now

Run a free security scan to check for Cookie Security Prefixes issues and 58+ other security vulnerabilities.

Scan Your Website Free

Product

  • Security Checks
  • Free Tools
  • SSL Checker
  • Vulnerability Scanner
  • Email Security
  • Pricing
  • Compliance
  • Security Reports

Popular Checks

  • CSP Check
  • HSTS Check
  • TLS Version Check
  • SSL Expiry Check
  • SPF/DKIM/DMARC Check
  • Cookie Security Check
  • JS Vulnerability Scan
  • OCSP Stapling Check

Resources

  • Blog
  • Glossary
  • Contact

Legal

  • Terms of Use
  • Privacy Policy
  • Refund Policy
  • Cookie Policy

© 2025-2026 SecScanner. All rights reserved.