CookieConsent not secure

Comments

3 comments

  • Avatar
    Kenan

    Hi Manfred,

    Thanks for reaching out!

    Cookiebot is a javascript solution.

    When a user consents, the CookieConsent cookie is created by Cookiebot. Javascript cannot set or manipulate HTTPOnly cookies, why setting the HTTPOnly attribute on CookieConsent is not possible. 

    Setting the Secure attribute means that the cookie will only be sent through secure channels (HTTPS). Unfortunately, we cannot force all our users to use HTTPS, which is why the Secure flag is not set. Maybe (no promise), in a future version of Cookiebot, users could get the opportunity to choose whether or not the secure flag should be set on their websites. 

     

    0
    Comment actions Permalink
  • Avatar
    Claus Harup

    Any news on how:

    "users could get the opportunity to choose whether or not the secure flag should be set on their websites"

    .... this is really important!!!

     

    1
    Comment actions Permalink
  • Avatar
    Alex

    Hi Kenan, Any news on this topic?

    1
    Comment actions Permalink

Please sign in to leave a comment.