Problems with logging in because of missing headers or cookies

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms.


The Confluence Data Center and Server mobile app shows one of the following errors when user tries to log in or connect the app to an existing Confluence site, or displays a desktop version of Confluence after logging in.

Can't connect to your site

This could be because the URL is wrong, you need to use a VPN, or <url> is unavailable.

Can't check compatibility

A custom filter may be preventing unauthenticated requests to your server. Talk to your admin to resolve this.

Your site is unavailable or you need to connect to your VPN or network to access it.


This error often occurs if you’re using a proxy server, which might modify the response returned to the mobile app. If the response doesn’t include all headers or cookies required by the app, you either won’t be able to log in at all or will see a desktop version of Jira instead of the mobile one.

This problem affects earlier versions of the Confluence mobile app connecting to Confluence 7.5 and earlier


To check if the mobile app returns all required headers, you can make a HEAD request with the URL: <your-instance-base-url>/server-info.action.

Show sample response...
HTTP/2 404 
server: Apache/2.4.41 (Ubuntu)
push-notification-enabled: true
vary: Accept-Encoding
content-type: text/html;charset=UTF-8
content-security-policy: frame-ancestors 'self'
strict-transport-security: max-age=63072000; preload
date: Thu, 24 Oct 2019 11:00:14 GMT
x-arequestid: 660x4236x1
x-asen: SEN-500
x-asessionid: sbc7qf
x-xss-protection: 1; mode=block
mobile-event-supported: true
mobile-supported-version: true
mobile-plugin-enabled: true
x-ausername: anonymous
x-content-type-options: nosniff
set-cookie: atlassian.xsrf.token=BS5L-D6D1-TLY9-HJM8_180be825a5962c0f012571d52bd43059e28ed795_lout; Path=/; Secure
set-cookie: JSESSIONID=16920DAB51A44904479F3CA1C9AF7C0C.node2; Path=/; Secure; HttpOnly
x-frame-options: SAMEORIGIN
x-confluence-request-time: 1469203272054
instance-name: Confluence


If you're using the latest version of the app, and connecting to Confluence 7.6 or later, you no longer need to allowlist headers. If you're seeing the desktop view in the app, see The Confluence Data Center and Server mobile app displays a desktop version of Confluence after log in.

If you're using an older version of the app to connect to Confluence 7.5 or earlier, the response should include all of the following headers. If it doesn’t, make sure to allowlist the missing ones on your proxy server.

instance-name: <name>
confluence-base-url: <base-url>
mobile-event-supported: true
mobile-supported-version: true
mobile-plugin-enabled: true
push-notification-enabled: true
x-confluence-request-time: <integer, e.g. 1554880367304>

Last modified on Jun 2, 2021

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.