How to set utag_main to be secure cookie


Our pen test reported a potential issue with utag_main cookie being set as not secure. I'm trying to find a way to change that with no success. Any help will be appreciated. Thanks.



How to set utag_main to be secure cookie

Tealium Employee

Hi there,

You can set the cookie to secure by updating the uTag loader file. This file is the backbone of Tealium on your site, so please be cautious in editing it. You can access this by clicking on your name in the upper right hand corner and clicking on manage templates from the drop down menu. From there you can select the uTag loader template and edit the following line (line 423) from:

document.cookie = a + “=” + v + “;path=/;domain=” + utag.cfg.domain + “;expires=” + x;  
document.cookie = a + “=” + v + “;path=/;domain=” + utag.cfg.domain + “;expires=” + x + “;secure”; 
Prior to making changes, I would recommend saving a copy of the utag loader locally, just as a precaution. In addition, with this modification, the loader becomes customized. In the future, when updating the loader to a newer version, you will have to make the same modification.
If you do not feel comfortable making these changes, please don't hesitate to reach out to Tealium support!