I have a home based Nextcloud which gives the Security Scan error: __Host-Prefix
The __Host prefix mitigates cookie injection vulnerabilities within potential third-party software sharing the same second level domain. It is an additional hardening on top of ‘normal’ same-site cookies.
I had already done that search extensively and could not find the solution before I posted here. I had already studied the “I want to fix this and get A+ on security scan” and many others. I even tried the NGINX forums.
I did find references that say " Your nextcloud must be installed in a subdomain like cloud.example.tld and not in a subfolder like example.tld/nextcloud".