Tealium iQ Tag Management

homerocavazos · ‎09-15-2017

Hailstorm scan complains that 'utag_main' does not have HTTPOnly attribute. Is there a way to fix this vulnerability?

craig_rouse · ‎09-18-2017

Hi @homerocavazos. This warning can be safely ignored. The HTTPOnly flag is only used for cookies set on the server-side, and it is not possible to set this flag when creating a cookie using JavaScript.

Since Tealium iQ is a client-side technology, we are setting the utag_main cookie using JavaScript. Therefore, it is not possible to set the HTTPOnly flag.

Check out our new Swift integration library for iOS, macOS, tvOS and watchOS: https://github.com/Tealium/tealium-swift with updated
documentation https://community.tealiumiq.com/t5/Swift/tkb-p/swift.

homerocavazos · ‎09-18-2017

This confirms what I believed to be the case.

Thanks.

Tealium iQ Tag Management

utag_main Cookie does not have HTTPOnly attribute.

utag_main Cookie does not have HTTPOnly attribute.

utag_main Cookie does not have HTTPOnly attribute.

Re: utag_main Cookie does not have HTTPOnly attribute.

utag_main Cookie does not have HTTPOnly attribute.

Re: utag_main Cookie does not have HTTPOnly attribute.

Attach attributes to the generic script tag

Pass Cookie Value in Tealium Variable

Debug Cookie Type Variable in Tealium

How to turn an E-commerce event attribute into an Audience...

Max number of attributes in EventStream & AudienceStream

Timeline attribute more information

Products

Company