We run PCI scans every week and have been for 5 year or so, however on the last scan all our IP's came back with
"Session Cookie Does Not Contain the "Secure" Attribute" QID 13162.
We've sorted a couple of these out over the years when they appear for new services or changes - but I'm surprised to see it appear for all of them in one go.
Has the QID 13162 changed recently - has the PCI standard changed ? I'm scanning again tonight to see if there was an issue with the scanning engines.