Summary

The matomo_lang cookie is not served as httpOnly, which was flagged by a pentest of our app. For use in high security or regulated industries, this can be a dealbreaker.

Your Environment

• Matomo Version: 4.1.1
• PHP Version: 7.4.7
• Server Operating System: Amazon Linux
• Additionally installed plugins: none