getting the following error when running vulnerability scan:

 missing the "httpOnly" attribute.. The flaw is due to a cookie is not using the 'httpOnly' attribute. This
allows a cookie to be accessed by JavaScript which could lead to session hijacking attacks. Application with session handling in cookies.

we already added the "http-only-cookie" but this broke our bookmark links, how can we pass this scan and allow access to the bookmark links in webvpn???