diff --git a/admin/check.php b/admin/check.php
index 71751c98b855770987c030b60265769ecafc432d..4fbe11904b92b0db3c2918992278dbeebb0fc1ff 100644
--- a/admin/check.php
+++ b/admin/check.php
@@ -124,6 +124,12 @@ if (extension_loaded('openssl')) {
     $messages[] = new Message('warning', __('Check','Consider enabling the PHP extension OpenSSL for increased security.'));
 }
 
+if (ini_get('session.cookie_httponly') === '1') {
+    $messages[] = new Message('info', __('Check', 'Cookies are served from HTTP only.'));
+} else {
+    $messages[] = new Message('warning', __('Check', "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript."));
+}
+
 // Datetime
 $timezone = ini_get('date.timezone');
 if (!empty($timezone)) {
diff --git a/locale/br.json b/locale/br.json
index b20e00e76c83fa26582f4dd6151d3a5aa63295a5..c3243769fa8a64852b27c0e2df88c1cf915cfcbd 100644
--- a/locale/br.json
+++ b/locale/br.json
@@ -422,6 +422,8 @@
         "The config file exists.": "Amañ mañ ar restr kefnluniañ.",
         "The config file directory (%s) is writable.": "Gallout a raer skrivañ e kavlec'h ar restr kefluniañ (%s).",
         "OpenSSL extension loaded.": "Askouezh OpenSSL karget.",
+        "Cookies are served from HTTP only.": "BR_Cookies are served from HTTP only.",
+        "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "BR_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
         "Consider enabling the PHP extension OpenSSL for increased security.": "Aliañ a reomp gweredekaat an askouezh OpenSSL evit ;uioc'h a surentez.",
         "date.timezone is set.": "Arventennet eo date.timezone.",
         "Consider setting the date.timezone in php.ini.": "Aliañ a reomp da lakaat date.timezone e php.ini.",
diff --git a/locale/de.json b/locale/de.json
index 1e100a5ac2f2316518eba0a67a32049d38ac4a37..fb31f542f28d8597fe3b70425d0fe308afc24568 100644
--- a/locale/de.json
+++ b/locale/de.json
@@ -423,6 +423,8 @@
         "The config file exists.": "Die Konfigurationsdatei existiert.",
         "The config file directory (%s) is writable.": "Die Konfigurationsdatei (%s) ist beschreibbar.",
         "OpenSSL extension loaded.": "Die OpenSSL-Erweiterung ist geladen.",
+        "Cookies are served from HTTP only.": "DE_Cookies are served from HTTP only.",
+        "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "DE_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
         "Consider enabling the PHP extension OpenSSL for increased security.": "Ziehen Sie in Erwägung, für eine verbesserte Sicherheit die OpenSSL-Erweiterung zu aktivieren.",
         "date.timezone is set.": "date.timezone ist konfiguriert.",
         "Consider setting the date.timezone in php.ini.": "Ziehen Sie in Erwägung, date.timezone in php.ini zu konfigurieren.",
diff --git a/locale/en.json b/locale/en.json
index c487a8418c501ab528b0360f87a98928d31b4e8d..5fe5fdf3cf40ef57b984436f2de64e00363bb678 100644
--- a/locale/en.json
+++ b/locale/en.json
@@ -430,6 +430,8 @@
         "The config file exists.": "The config file exists.",
         "The config file directory (%s) is writable.": "The config file directory (%s) is writable.",
         "OpenSSL extension loaded.": "OpenSSL extension loaded.",
+        "Cookies are served from HTTP only.": "Cookies are served from HTTP only.",
+        "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
         "Consider enabling the PHP extension OpenSSL for increased security.": "Consider enabling the PHP extension OpenSSL for increased security.",
         "date.timezone is set.": "date.timezone is set.",
         "Consider setting the date.timezone in php.ini.": "Consider setting the date.timezone in php.ini.",
diff --git a/locale/es.json b/locale/es.json
index 3c0ebc9d5ede06365d2dbf11859dbd3b64b176ea..758834c1333017ca24be4a4bce53d14f54589a3a 100644
--- a/locale/es.json
+++ b/locale/es.json
@@ -424,6 +424,8 @@
         "The config file directory (%s) is writable.": "ES_Le dossier du fichier de configuration (%s) est accessible en écriture.",
         "OpenSSL extension loaded.": "ES_L'extension PHP OpenSSL est chargée.",
         "Consider enabling the PHP extension OpenSSL for increased security.": "ES_Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.",
+        "Cookies are served from HTTP only.": "ES_Cookies are served from HTTP only.",
+        "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "ES_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
         "date.timezone is set.": "ES_date.timezone est défini.",
         "Consider setting the date.timezone in php.ini.": "ES_Veuillez considérer la définition de date.timezone dans le php.ini.",
         "Check again": "ES_Vérifier à nouveau",
diff --git a/locale/fr.json b/locale/fr.json
index 5fdba2fc7b0e33219d2b12909b1596bed2a597aa..4b7d7d7856a7037d4be1c90b8e472a1540cafe3b 100644
--- a/locale/fr.json
+++ b/locale/fr.json
@@ -430,6 +430,8 @@
         "The config file exists.": "Le fichier de configuration existe.",
         "The config file directory (%s) is writable.": "Le dossier du fichier de configuration (%s) est accessible en écriture.",
         "OpenSSL extension loaded.": "L'extension PHP OpenSSL est chargée.",
+        "Cookies are served from HTTP only.": "Les cookies sont accessibles uniquement via HTTP.",
+        "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "Pensez à définir « session.cookie_httponly = 1 » dans votre fichier php.ini ou bien ajouter « php_value session.cookie_httponly 1 » à votre fichier .htaccess de telle sorte que les cookies ne puissent pas être accessibles depuis Javascript.",
         "Consider enabling the PHP extension OpenSSL for increased security.": "Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.",
         "date.timezone is set.": "date.timezone est défini.",
         "Consider setting the date.timezone in php.ini.": "Veuillez considérer la définition de date.timezone dans le php.ini.",
diff --git a/locale/it.json b/locale/it.json
index 83f136808695a7f751d2470c09fd5da235ad10db..db1cbbffd44ed300eb52585964511a5d1cf171d6 100644
--- a/locale/it.json
+++ b/locale/it.json
@@ -423,7 +423,9 @@
         "The config file exists.": "IT_Le fichier de configuration existe.",
         "The config file directory (%s) is writable.": "IT_Le dossier du fichier de configuration (%s) est accessible en écriture.",
         "OpenSSL extension loaded.": "IT_L'extension PHP OpenSSL est chargée.",
+        "Cookies are served from HTTP only.": "IT_Cookies are served from HTTP only.",
         "Consider enabling the PHP extension OpenSSL for increased security.": "IT_Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.",
+        "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "IT_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
         "date.timezone is set.": "IT_date.timezone est défini.",
         "Consider setting the date.timezone in php.ini.": "IT_Veuillez considérer la définition de date.timezone dans le php.ini.",
         "Check again": "Verificare di nuovo",
diff --git a/locale/nl.json b/locale/nl.json
index 14499e040f8cb677580a3f89725122f28f1009b6..ea20df8b5fc65da8641542103afbccffad2ff74d 100644
--- a/locale/nl.json
+++ b/locale/nl.json
@@ -424,6 +424,8 @@
         "The config file directory (%s) is writable.": "De map van het configuratiebestand (%s) is schrijfbaar.",
         "OpenSSL extension loaded.": "PHP OpenSSL extensie opgeladen.",
         "Consider enabling the PHP extension OpenSSL for increased security.": "Overweeg de activering van de PHP OpenSSL extensie om de veiligheid te verhogen.",
+        "Cookies are served from HTTP only.": "NL_Cookies are served from HTTP only.",
+        "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "NL_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
         "date.timezone is set.": "date.timezone is ingesteld.",
         "Consider setting the date.timezone in php.ini.": "Overweeg de instelling van date.timezone in het php.ini bestand.",
         "Check again": "Controleer opnieuw",
diff --git a/locale/oc.json b/locale/oc.json
index 8bdac4b1935dccae40b1b2fa56fd867e28a701c7..dffbcde4b9f468a04abfdce5e8cc0a659a61dba2 100644
--- a/locale/oc.json
+++ b/locale/oc.json
@@ -424,6 +424,8 @@
         "The config file directory (%s) is writable.": "Lo dorsièr del fichièr de configuracion (%s) es accessible en escritura.",
         "OpenSSL extension loaded.": "L’extension PHP OpenSSL es cargada.",
         "Consider enabling the PHP extension OpenSSL for increased security.": "Mercés de pensar a activar l’extension PHP OpenSSL per milhorar la seguritat.",
+        "Cookies are served from HTTP only.": "OC_Cookies are served from HTTP only.",
+        "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "OC_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
         "date.timezone is set.": "date.timezone es definit.",
         "Consider setting the date.timezone in php.ini.": "Mercés de far cas a la definicion de date.timezone dins lo php.ini.",
         "Check again": "Tornar verificar",