Hello,
Productivity solutions & programmes, soft skills, management, leadership, personnel development, Power BI. Delivery in London, UK wide & 85+ countries.
Our vulnerability scan is saying the ‘cf_use_ob’ cookie does NOT have the httpOnly setting.
We understand this cookie is to do with ‘Offline Browsing’, which we have disabled (so the cookie is set to ‘0’).
We cannot figure out WHEN this cookie is set, nor how we would ensure the httpOnly setting would be set.
Any ideas?
Regards,
Rich Talbot
matteo
April 16, 2019, 11:29pm
2
I don’t get that cookie though…
Xaq
April 17, 2019, 12:09am
3
If you are setting the cookie as secure
but the traffic between your server and CF edge servers are insecure then the cookie would not be passed to the client.
system
Closed
May 16, 2019, 11:23pm
4
This topic was automatically closed after 30 days. New replies are no longer allowed.