I ran a Nessus scan and it threw up results for NtopNG - mainly the following?

1. HSTS support where HTTPS is enabled
2. Hardened cookie/session defaults
3. Reduced banner/version exposure where supported

These should be simple fixes. Can we please harden this package?

Details¶

Web Application Cookies Are Expired
Description
The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, Nessus has detected that one or more of the cookies have an 'Expires' attribute that is set with a past date or time, meaning that these cookies will be removed by the browser.
Solution
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.¶

If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.

Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Solution
Configure the remote web server to use HSTS.
See Also
https://tools.ietf.org/html/rfc6797
Output
HTTP/1.1 302 Found

Server: ntopng 6.6.260401 (amd64)
Set-Cookie: session=; HttpOnly; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT; max-age=0; HttpOnly; SameSite=lax; Secure
Location: /lua/login.lua?referer=203.0.113.25%3A3000%2F

The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

HTTP Server Type and Version
Description
This plugin attempts to determine the type and the version of the remote web server.
Output
The remote web server type is : ntopng 6.6.260401 (amd64)¶