https://community.dynatrace.com/t5/Real-User-Monitoring/Cookie-Does-Not-Contain-The-secure-Attribute-in-SaaS/m-p/118070#M1774 <P>Hi. </P><P>We are working with Dynatrace Saas, with <STRONG>OneAgent<BR />version 1.157.201.20181211-092722</STRONG></P><P>The security department of our<BR />company found a warning security risk.</P><P>Cookie Does Not Contain The<BR />¨secure¨ Attribute</P><P>Impact: Cookies with “secure”<BR />attribute are one permitted to be sent via HTTPS. Cookies sent via HTTP expose<BR />an unsuspecting user to sniffing attacks that could lead to user impersonation<BR />or compromise of the application account.</P><P>HTTP Cookie missing Secure<BR />attribute on port 443.</P><P>Set-Cookie:<BR />dtCookie==3=srv=3=sn=3A695446E5F92C0A76D24CFC824D60B4=perc=100000=ol=0=mul=1;<BR />Path=/</P><P><STRONG>Could anybody please tell us<BR />if there is an option we could configure to avoid this warning?</STRONG></P><P>I have seen something similar<BR />but in AppMon </P><BR /> Thu, 09 May 2019 22:09:15 GMT porrasmj 2019-05-09T22:09:15Z https://community.dynatrace.com/t5/Real-User-Monitoring/Cookie-Does-Not-Contain-The-secure-Attribute-in-SaaS/m-p/118070#M1774 <P>Hi. </P><P>We are working with Dynatrace Saas, with <STRONG>OneAgent<BR />version 1.157.201.20181211-092722</STRONG></P><P>The security department of our<BR />company found a warning security risk.</P><P>Cookie Does Not Contain The<BR />¨secure¨ Attribute</P><P>Impact: Cookies with “secure”<BR />attribute are one permitted to be sent via HTTPS. Cookies sent via HTTP expose<BR />an unsuspecting user to sniffing attacks that could lead to user impersonation<BR />or compromise of the application account.</P><P>HTTP Cookie missing Secure<BR />attribute on port 443.</P><P>Set-Cookie:<BR />dtCookie==3=srv=3=sn=3A695446E5F92C0A76D24CFC824D60B4=perc=100000=ol=0=mul=1;<BR />Path=/</P><P><STRONG>Could anybody please tell us<BR />if there is an option we could configure to avoid this warning?</STRONG></P><P>I have seen something similar<BR />but in AppMon </P><BR /> Thu, 09 May 2019 22:09:15 GMT https://community.dynatrace.com/t5/Real-User-Monitoring/Cookie-Does-Not-Contain-The-secure-Attribute-in-SaaS/m-p/118070#M1774 porrasmj 2019-05-09T22:09:15Z https://community.dynatrace.com/t5/Real-User-Monitoring/Cookie-Does-Not-Contain-The-secure-Attribute-in-SaaS/m-p/118071#M1775 <P>Go to Application settings =&gt; Advanced:</P><P><IMG src="https://community.dynatrace.com/legacyfs/online/20478-zrzut-ekranu-2019-05-10-o-085602.png" /></P><P>Here is option you need.</P><P>Sebastian </P><BR /> Fri, 10 May 2019 06:56:40 GMT https://community.dynatrace.com/t5/Real-User-Monitoring/Cookie-Does-Not-Contain-The-secure-Attribute-in-SaaS/m-p/118071#M1775 skrystosik 2019-05-10T06:56:40Z https://community.dynatrace.com/t5/Real-User-Monitoring/Cookie-Does-Not-Contain-The-secure-Attribute-in-SaaS/m-p/118072#M1776 <P>We already set the set the attibute to our application but the the result scan still says the cookie is not secured.</P> <P><IMG src="https://community.dynatrace.com/legacyfs/online/20628-dtcookienotsecured.jpg" border="0" /></P> <P>&nbsp;</P> <P>Please anwser the two questions:</P> <P>Q1. Is there any something else we should configure? Maybe in the two host of our dmz cluster?</P> <P>Q2. Our two dmz host have the latest available version : OneAgent version 1.167.176.20190508-104947, however, the <STRONG><U>Cookie and header settings</U></STRONG> requires OneAgent version 1.87 or highter</P> <P><IMG src="https://community.dynatrace.com/legacyfs/online/20629-cookiechecksetted.jpg" border="0" /></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG><U>but</U></STRONG> the point is the latest version available for us is 1.167....</P> <P>&nbsp;</P> <P>So I think something is wrong: or the label which ask 1.87 version or why we only can see until 1.167 version...</P> <P>&nbsp;</P> <P>Thanks a lot.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 26 Nov 2021 14:30:06 GMT https://community.dynatrace.com/t5/Real-User-Monitoring/Cookie-Does-Not-Contain-The-secure-Attribute-in-SaaS/m-p/118072#M1776 porrasmj 2021-11-26T14:30:06Z https://community.dynatrace.com/t5/Real-User-Monitoring/Cookie-Does-Not-Contain-The-secure-Attribute-in-SaaS/m-p/118073#M1777 <P>1.167 is grater version than 1.87 <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> If after reconfiguration cookie is still unsecure make sure that this applications covers all requests that you are talking about. If you have more than one application or there are some requests in default one it is possible that there are some of them without secure parameter. If not, open support ticket and put link to this questions.</P><P>Sebastian </P><BR /> Thu, 23 May 2019 18:30:27 GMT https://community.dynatrace.com/t5/Real-User-Monitoring/Cookie-Does-Not-Contain-The-secure-Attribute-in-SaaS/m-p/118073#M1777 skrystosik 2019-05-23T18:30:27Z