__Host-Prefix wrong


Rating A
X __Host-Prefix
The __Host prefix mitigates cookie injection vulnerabilities within potential third-party software sharing the same second level domain. It is an additional hardening on top of ‘normal’ same-site cookies.

HI I tried the method in the forum, the error is also displayed, and there is only A but not A+, does anyone have a better suggestion?

like this:
vi “/var/www/nextcloud/config/config.php”
‘overwriteprotocol’ => ‘https’,
vi /etc/apache2/sites-available/000-default.conf
Header edit Set-Cookie ^(.*)$ “$1;HttpOnly;Secure;SameSite=Strict”

Running Nextcloud

Latest patch level

Major version still supported

Scanned at 2023-02-06 07:30:27

There are two conditions:

OK, it seems that the cause of this error is because my folder is

I saw " this is only a “hardening” but not a security vulnerability per se"
So…Ok, let it continue to Rating A
Thanks you.

The test, and also the messages in the admin interface, they are not always hard error messages where something is really broken, often these are warnings and tips what you can do better but it doesn’t apply in all cases.