Cookie does not contain secure/HTTPOnly attribute


Our security team has flagged a vulnerability when our Keycloak instance running in kubernetes using ngnix-ingress, was scanned via Qualys. Is this something to be worried about?

I have already configured Require SSL to all requests.

These are the url being tagged below: