Security issue - insecure HTTP cookiesSOLVE
May 13, 2019 6:29 AM
Our security officer reached out to me and pointed that he performed a check of our website hosted on Hubspot CMS and noticed 1 thing that needs to be fixed: one of the cookies set by Hubspot does not have a "Secure" flag. (here is the screenshot of that issue - http://prntscr.com/nnucf1) I was wondering, if that is something that can be set/fixed by the development team?
I understand this issue is not of a high risk, and that having an SSL enabled on our website would cover the security issue of this lacking flag, but still that might be something we would like to have fixed.
Solved! Go to Solution.
May 20, 2019 12:04 PM
The _cfruid and _cfduid cookies are owned by Cloudflare, our web application firewall. Unfortunately we have no control over their implementation. This cookie has no security impact on the site itself and is only used by CloudFlare for whitelisting specific users from security restrictions, the cookie does not contain user or authentication information. I wanted to share this CloudFlare documentation which describes the use of this cookie.
|We are excited to announce that the Community will be launching a weekly newsletter on November 2, 2020!|
Sign up today!