1. For this recipe, select Cookie without HttpOnly flag set under the Issues heading:

2. Look at the Response tab of that message to validate the finding. We can clearly see the PHPSESSID cookie does not have the HttpOnly flag set. Therefore, we can change the severity from Low to High and the confidence level from Firm to Certain:

3. Right-click the issue and change the severity to High by selecting Set severity | High:

4. Right-click the issue and change the severity to Certain by selecting Set confidence | Certain:

5. For this recipe, select the issues with the highest confidence and severity levels to be included in the report. After selecting (highlighting + Shift key) the items shown here, right-click and select Report selected issues:

Upon clicking Report selected issues, a pop-up box appears prompting us for the format of the report. This pop-up is the Burp Scanner reporting wizard. 

6. For this recipe, allow the default setting of HTML. Click Next.
7. This screen prompts for the types of details to be included in the report. For this recipe, allow the default settings. Click Next.

8. This screen prompts for how messages should be displayed within the report. For this recipe, allow the default settings. Click Next.
9. This screen prompts for which types of issues should be included in the report. For this recipe, allow the default settings. Click Next.
10. This screen prompts for the location of where to save the report. For this recipe, click Select file…, select a location, and provide a file name followed by the .html extension; allow all other default settings. Click Next:

11. This screen reflects the completion of the report generation. Click Close and browse to the saved location of the file. 

12. Double-click the file name to load the report into a browser:

Congratulations! You've created your first Burp report!