Tealium iQ Tag Management

homerocavazos · ‎09-15-2017

Hailstorm scan complains that 'utag_main' does not have HTTPOnly attribute. Is there a way to fix this vulnerability?

craig_rouse · ‎09-18-2017

Hi @homerocavazos. This warning can be safely ignored. The HTTPOnly flag is only used for cookies set on the server-side, and it is not possible to set this flag when creating a cookie using JavaScript.

Since Tealium iQ is a client-side technology, we are setting the utag_main cookie using JavaScript. Therefore, it is not possible to set the HTTPOnly flag.

Check out our new Swift integration library for iOS, macOS, tvOS and watchOS: https://github.com/Tealium/tealium-swift with updated
documentation https://community.tealiumiq.com/t5/Swift/tkb-p/swift.

homerocavazos · ‎09-18-2017

This confirms what I believed to be the case.

Thanks.

Tealium iQ Tag Management

utag_main Cookie does not have HTTPOnly attribute.

utag_main Cookie does not have HTTPOnly attribute.

utag_main Cookie does not have HTTPOnly attribute.

Re: utag_main Cookie does not have HTTPOnly attribute.

utag_main Cookie does not have HTTPOnly attribute.

Re: utag_main Cookie does not have HTTPOnly attribute.

trigger tags after cookie consent is accepted with 3rd par...

First Party Cookie Not Getting Picked Up

Cookies in tags

Setting Audeince Stream string attribute to an UDO variabl...

Cookie Consent utag.link should trigger Google Analytics P...

Visitor Attributes blank

Products

Company