Highlighted

utag_main Cookie does not have HTTPOnly attribute.

Rookie Contributor

Hailstorm scan complains that 'utag_main' does not have HTTPOnly attribute. Is there a way to fix this vulnerability? 

 

2 REPLIES 2
Highlighted

utag_main Cookie does not have HTTPOnly attribute.

Tealium Employee
Hi @homerocavazos. This warning can be safely ignored. The HTTPOnly flag is only used for cookies set on the server-side, and it is not possible to set this flag when creating a cookie using JavaScript.

Since Tealium iQ is a client-side technology, we are setting the utag_main cookie using JavaScript. Therefore, it is not possible to set the HTTPOnly flag.
Check out our new Swift integration library for iOS, macOS, tvOS and watchOS: https://github.com/Tealium/tealium-swift with updated
documentation https://community.tealiumiq.com/t5/Swift/tkb-p/swift.
Highlighted

utag_main Cookie does not have HTTPOnly attribute.

Rookie Contributor

This confirms what I believed to be the case. 

Thanks.