Security Hardening: "__Host prefix"

Upon running I found one Hardening that my system does not have titled " __Host-Prefix" This is described as:

The __Host prefix mitigates cookie injection vulnerabilities within potential third-party software sharing the same second level domain. It is an additional hardening on top of 'normal' same-site cookies.

Interestingly the doc does not seem to have any info on the hardening server page:

However there is some more information at:

I’m confused as to why I’m seeing this error, and I don’t see much about mitigation. I’m unclear if the problem is that I have server aliases like nextcloud redirecting to

or is it that I’m using because redirects to the apache webserver success page?

1 Like