Resolved Web Application Cookies Lack Secure Flag and HttpOnly Flag

Martin73

Martin73

Basic Pleskian
I am using the service ScanMyServer from Beyond Security for my Nextcloud server. Since a few weeks i get the following message:
Web Application Cookies Lack Secure Flag

The following cookie does do not have the Secure cookie flag:
Cookie name: SameSite, Path: /, Secure Flag: 0
Click to expand...
Web Application Cookies Lack HttpOnly Flag

The following cookies do do not have set the HttpOnly cookie flag:
Cookie name: __Host-nc_sameSiteCookielax, Path: /, HttpOnly Flag: 0
Cookie name: __Host-nc_sameSiteCookiestrict, Path: /, HttpOnly Flag: 0
Cookie name: SameSite, Path: /, HttpOnly Flag: 0
Click to expand...

I have activated SSL/TLS support and SEO-safe permanent 301 redirect to https.
I'm not sure, is this now a server issue or an issue of Nextcloud? Security & setup warnings of Nextcloud is telling me: All checks passed.

OS ‪Ubuntu 18.04.2 LTS‬
Plesk Onyx 17.8.11
 

Attachments

  • Plesk_Security.PNG
    Plesk_Security.PNG
    5.8 KB · Views: 25
You must log in or register to reply here.

Similar threads

K
Resolved Web Application Firewall: Security rule IDs broken/reset
Replies
8
Views
3K
pleskpanel
P
N
Issue 421 Misdirected Request on Apache-only Plesk server after recent Apache update (CVE-2025-23048)
Replies
2
Views
996
NatuurlijkHosting
N
K
Issue Nextcloud Your web server is not properly set up to resolve
Replies
3
Views
2K
Rexikon
R
micneon
Issue Problems to del certificate with cli
Replies
0
Views
1K
micneon
micneon
R
Issue Problem with web application firewall - file extension is restricted by policy
Replies
3
Views
3K
Linulex
Linulex
Back
Top