Web Application Cookies Lack Secure Flag and HttpOnly Flag

I am using the service ScanMyServer from Beyond Security for my Nextcloud server. Since a few weeks i get the following message:

I have activated SSL/TLS support and SEO-safe permanent 301 redirect to https.
Plesk_Security

I’m not sure, is this now a server issue or an issue of Nextcloud? Security & setup warnings of Nextcloud is telling me: All checks passed.

OS ‪Ubuntu 18.04.2 LTS‬
Plesk Onyx 17.8.11
Nextcloud 15.0.4

This is the solution for Apache and this for Nginx.

1 Like