You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Cookie "_pk_testcookie.1.b4ee=1; _pk_id.1.b4ee=..." is set by matomo, which leads to a security warning "Security: Cookie Does Not Contain The "HTTPOnly" Attribute" on the security scanner qualysguard.
Can you add the HTTPOnly Attribute?
How to reproduce: Run a security test on any site with installed matomo (for eg. with qualysguard from qualys). Check results.
Expected behaviour: No warnings from the security scanner.
Greetings
The text was updated successfully, but these errors were encountered:
Those cookies are set by the matomo.js tracking script which means you can't set them HTTPOnly as this means that they would not be accessible via Javascript.
From the above comment made by you on June 24,2020
Those cookies are set by the matomo.js tracking script which means you can't set them HTTPOnly as this means that they would not be accessible via Javascript.
I understand that we cant set the cookies as HTTPOnly so it still remains as security issue , so can we disable these cookies and will it have any impact on the Matomo tracking functionality?
The Cookie
"_pk_testcookie.1.b4ee=1; _pk_id.1.b4ee=..."
is set by matomo, which leads to a security warning"Security: Cookie Does Not Contain The "HTTPOnly" Attribute"
on the security scanner qualysguard.Can you add the HTTPOnly Attribute?
How to reproduce: Run a security test on any site with installed matomo (for eg. with qualysguard from qualys). Check results.
Expected behaviour: No warnings from the security scanner.
Greetings
The text was updated successfully, but these errors were encountered: