@qualle
opened this Issue on June 24th 2020
@qualle
The Cookie "_pk_testcookie.1.b4ee=1; _pk_id.1.b4ee=..." is set by matomo, which leads to a security warning "Security: Cookie Does Not Contain The "HTTPOnly" Attribute" on the security scanner qualysguard.
Can you add the HTTPOnly Attribute?
How to reproduce: Run a security test on any site with installed matomo (for eg. with qualysguard from qualys). Check results.
Expected behaviour: No warnings from the security scanner.
Greetings
@Findus23
commented
on June 24th 2020
@Findus23
Hi,
Those cookies are set by the matomo.js tracking script which means you can't set them HTTPOnly as this means that they would not be accessible via Javascript.
This Issue was closed on June 24th 2020