My Zabbix frontend runs in a basic LAMP. I've configured Apache for adding HttpOnly to cookies (see http://tools.ietf.org/html/rfc6265), so session stealing is much harder. However, Zabbix doesn't seem to support it; multiple errors raised after logon.