Session cookie set without using the Secure flag or set over HTTP

  • Resolved ceef454

    (@ceef454)


    4 years, 6 months ago

    I’m having some security scans run against our company sites and have been using this plug in on them for years because it’s awesome.

    I have 3 main issues they’re sending me I’m wondering if I can fix using your plugin. Thank you so much for your plugin and help!

    1: HTTP Strict Transport Security (HSTS) header cannot be recognized

    2: Session cookie set without using the Secure flag or set over HTTP

    3: This includes ‘unsafe-inline’ or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    I have 3 main issues they’re sending me I’m wondering if I can fix using your plugin. Thank you so much for your plugin and help!

    Are you wanting to protect your site against the 3 issues mentioned above using our plugin?

    Regards

    Thread Starter ceef454

    (@ceef454)

    yes if that’s possible with this plugin – ??

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, I have submitted a message to the developers to investigate further your request.

    Thank you

    Thread Starter ceef454

    (@ceef454)

    thank you so much for your help!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Session cookie set without using the Secure flag or set over HTTP’ is closed to new replies.