#12208 improved the security of Matomo sessions, but it also seems to have caused some (broken) environments that formerly worked to fail with the
Form security failed error.
At the moment the error mentions four suggestions:
But there seem to be more reasons that can cause this bug:
(reverse proxy blocked the cookie header)
I do have a reverse proxy (haproxy) as well as a cache layer (varnish) before apache 2.4, with remoteip module enabled.
Unfortunately it is hard to know what exactly is causing the issue in the latter cases, so maybe just a FAQ that lists common reason could already help.