Severity: High
Invicti identified a session cookie not marked as secure, and transmitted over HTTPS.
This means the cookie could potentially be stolen by an attacker who can successfully intercept the traffic, following a successful man-in-the-middle attack.
It is important to note that Invicti inferred from the its name that the cookie in question is session related.