Cookie name	Description	Lifetime	Provider
_ce.clock_data	Store the difference in time from the server's time and the current browser.	1 day	Crazy Egg
_ce.clock_event	Prevent repeated requests to the Clock API.	1 day	Crazy Egg
_ce.irv	Store isReturning value during the session	Session	Crazy Egg
_ce.s	Track a recording visitor session unique ID, tracking host and start time	1 year	Crazy Egg
_hjSessionUser_2909345	Store a unique user identifier to track user sessions and interactions for analytics purposes.	1 year	HotJar
_hjSession_2909345	Store session data to identify and analyze individual user sessions.	1 day	HotJar
apt.uid	Store a unique user identifier for tracking and personalization.	1 year	Mageplaza
cebs	Store user preferences and settings.	Session	Mageplaza
cf_clearance	Store a token that indicates a user has passed a Cloudflare security challenge.	1 year	Cloudflare
crisp-client	The crisp-client/session cookie is used to identify and maintain a user session within the Crisp platform. It allows the live chat system to recognize returning users, maintain chat history, and ensure continuity in customer service interactions.	Session	Crisp
_ga	Store a unique client identifier (Client ID) for tracking user interactions on the	2 years	Google
_ga_7B0PZZW26Z	Store session state information for Google Analytics 4.	2 years	Google
_ga_JTRV42NV3L	Store session state information for Google Analytics 4.	2 years	Google
_ga_R3HWQ50MM4	Store a unique client identifier (Client ID) for tracking user interactions on the website.	2 years	Google
_gid	Store a unique client identifier (Client ID) for tracking user interactions on the website.	1 day	Google
_gat_UA-76130628-1	Throttle the request rate to Google Analytics servers.	1 day	Google

Cookie name	Description	Lifetime	Provider
_gcl_au	The cookie is used by Google to track and store conversions.	1 day	Google
__Secure-3PAPISID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
HSID	This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access.	2 years	Google
__Secure-1PSID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
SID	This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access.	2 years	Google
APISID	This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.	2 years	Google
__Secure-1PAPISID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
__Secure-3PSID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
SSID	This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.	2 years	Google
SAPISID	This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.	2 years	Google
__Secure-3PSIDTS	This cookie collects information about visitor's interactions with Google services and ads. It is used to measure advertising effectiveness and deliver personalised content based on interests. The cookie contains a unique identifier.	2 years	Google
__Secure-1PSIDTS	This cookie collects information about visitor's interactions with Google services and ads. It is used to measure advertising effectiveness and deliver personalised content based on interests. The cookie contains a unique identifier.	2 years	Google
SIDCC	This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data, and protect visitor data from unauthorized access.	3 months	Google
__Secure-1PSIDCC	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	1 year	Google
__Secure-3PSIDCC	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	1 year	Google
1P_JAR	This cookie is a Google Analytics Cookie created by Google DoubleClick and used to show personalized advertisements (ads) based on previous visits to the website.	1 month	Google
NID	Show Google ads in Google services for signed-out users.	6 months	Google

Cookie name	Description	Lifetime	Provider
_dc_gtm	Manage and deploy marketing tags through Google Tag Manager.	1 year	Google
1P_JAR	Gather website statistics and track conversion rates for Google AdWords campaigns.	1 month	Google
AEC		1 month	Google
ar_debug	Debugging purposes related to augmented reality (AR) functionalities.	1 month	Doubleclick
IDE	The IDE cookie is used by Google DoubleClick to register and report the user's actions after viewing or clicking on one of the advertiser's ads with the purpose of measuring the effectiveness of an ad and to present targeted ads to the user.	1 year	Doubleclick
ad_storage	Enables storage, such as cookies (web) or device identifiers (apps), related to advertising.	1 year	Google
ad_user_data	Sets consent for sending user data to Google for online advertising purposes.	1 year	Google
ad_personalization	Sets consent for personalized advertising.	1 year	Google
analytics_storage	Enables storage, such as cookies (web) or device identifiers (apps), related to analytics, for example, visit duration.	1 year	Google

The Most Popular Extension Builder for Magento 2

With a big catalog of 224+ extensions for your online store

[Resolved] Your web server is set up incorrectly and allows unauthorized access to sensitive files

Your web server is set up incorrectly and allows unauthorized access to sensitive files. Please contact your hosting provider Magento 2

After Install Magento 2 package, you may face the folder permissions error Your web server is set up incorrectly and allows unauthorized access to sensitive files. Please contact your hosting provider. It means that any visitor can get access to your files.

Everytime Magento create a new folder, it will set permission to 770 and may get error in this case. If you change it to 755, it is working normally. So how to resolve this error in Magento 2? In this guide, we will show you how to resolve “Your web server is set up incorrectly and allows unauthorized access to sensitive files” correctly.

In the Magento Community forum, there are many people who have the same problem.

Your web server is set up incorrectly and allows unauthorized access to sensitive files. Please contact your hosting provider Magento 2

When look into Magento 2 Code Core, you can see class Magento\AdminNotification\Model\System\Message\Security function getText() It return the following message:

Your web server is set up incorrectly and allows unauthorized access to sensitive files. Please contact your hosting provider

You also see method _isFileAccessible for futher information.

In this investigation, we can say all files, folders in app/etc/* is accessible from unauthority visitors such as app/etc/env.php file which contain database information, encryption key, admin URL and more …

How to resolve the problem?

First you need to set the permissions on your magento web server directory so that you ‘webuser’ are the owner of the files and ‘nginx’ as the group. To do this, as a user with root privileges issue the command:

chown -R webuser:nginx /path

where /path = the root path for your magento installation. And next

find -type d -exec chmod 770 {} \; && find . -type f -exec chmod 660 {} \; && chmod u+x bin/magento

Now when you run the cron, make sure you are doing this as the owner of the file system, in this example called ‘webuser’. Do NOT run it as root as the files created will have root as the owner.

Recommendations

If you are still facing this problem, you should consider finding a better hosting here. All list of Magento 2 hosting providers for you to get started.

Final words

The problem Your web server is set up incorrectly and allows unauthorized access to sensitive files. Please contact your hosting provider. will be solved in a minute with the above tutorial. To protect your site better, you can go to Mageplaza Magento 2 Security. If you need more support in security issues, please chat with us.

Looking for Magento Development Company?

8+ years of experiences in e-commerce & Magento has prepared us for any challenges, so that we can lead you to your success.

Get free consultant