diff --git a/bin/.bin/webtest/analyse-headers b/bin/.bin/webtest/analyse-headers
index eec89b94..b3c4e173 100755
--- a/bin/.bin/webtest/analyse-headers
+++ b/bin/.bin/webtest/analyse-headers
@@ -229,12 +229,14 @@ channel.\n\n"
 }
 
 test_set-cookie(){
-	local value="$(echo "$1" | cut -d ':' -f 2 | trimWhitespace)"
+	local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
 	local cookieName="$(echo "$value" | cut -d '=' -f 1)"
 	local ret=0
 	local output=""
 
 	if ! echo "$value" | grep -q "HttpOnly"; then
+		echo "$value"
+		echo "$value" | grep -q "HttpOnly" --color always
 		output+="The HttpOnly flag isn't set which means the cookie value can \
 be read by JavaScript. If a malicious actor manages to run JavaScript through \
 methods like XSS, they may be able to steal the contents of cookies\n\n"