- Issue created by @La19913
I work on my Drupal 10 website (https) using WAMP Server with Apache.
I've just received the results of a security audit and found two issues:
the cookies don't contain the 'secure' and 'HttpOnly' attributes.
I tried to fix this by adding the following lines to my httpd.conf BUT it doesn't seem to be working.
Can anyone help me with this?
I'm using Eu cookies compliance module
<IfModule mod_headers.c>
Header always edit Set-Cookie (.*) "$1; HttpOnly; Secure"
</IfModule>
mod_headers is enabled and I restarted Apache
Active
1.24
Code