Many older web applications do not apply headers/tags that are now considered standard information security practices. For example: Pragma: no-cache Cache-Control: no-cache httpOnly and secure flags Adding these controls can be achieved using ModSecurity without any needs to modify the application code. In the case where I needed to modify the cookie headers to include these now controls I added the following to core rule set file: modsecurity_crs_16_session_hijacking.conf.

  This.. Read More