Can a user read my session cookies?

Sensitive cookies like session cookies are protected with HttpOnly. An HttpOnly Cookie prevents client-side scripts from accessing data.

Another layer of protection is the Content Security Policy (CSP) which prevents scripts being loaded or data sent to third party servers which are not white listed.

To further protect user sessions, we implement a CSRF (Cross-Site Request Forgery) token as an additional security measure. A CSRF token adds an extra layer of verification by ensuring that every sensitive request originates from our own application. This token is unique to the user’s session and must be submitted alongside the request, making it practically impossible for third-party websites to perform actions on behalf of a user without authorization.

When you create a landing page you can also use JavaScript code. When you have a free account the landing page will have an URL like this http://free.qrplanet.com/your-landing-page. When another user creates a landing page with JavaScript code and you call his URL e.g. http://free.qrplanet.com/another-landing-page when you are logged in a warning will be displayed to protect your account from cookies being stolen.