Qlik Sense session cookie does not have the Secure flag enabled. This may be reported as a potential vulnerability by security and penetration test tools.
For example browser Dev Tools can be used to confirm session cookie settings:
Environment:
Qlik Sense Enterprise on Windows
Resolution:
Qlik Sense Enterprise for Windows allows for secure HTTPS communication, including secure session cookies.
Qlik Sense Enterprise on Windows April 2020 and later
Qlik Sense Enterprise on Windows February 2020 and later
For deployments with reverse proxy between the client browser and Qlik Sense server, please validate that the reverse proxy also applies requires security attributes.