150004 Predictable Resource Location Via Forced Browsing:
Access controls prevent unauthorized use of both examples.
150112 Sensitive form field has not disabled autocomplete
Can be addressed via customization. A feature request could change base code.
150123 Cookie Does Not Contain The "HTTPOnly" Attribute
These cookies are used by JavaScript to influence front-end behaviors and cannot be marked HTTPOnly. A feature request could redesign this functionality to not be cookie based to prevent this finding.
150476 Cookies Issued Without User Consent
The listed cookies are currently essential for proper site functionality and do not contain PII. I'm not qualified to say whether our use here is compliant with EU regulation. A feature request could change base code behavior regarding cookie management for unprompted users.