Hello,
We have hit PCI issues due to Adobe Cookies and are unsure how to move forward correcting them. They appear to all be Analytics related and we have set the 'Only Write Secure Cookies' option in the Analytics Plug In.
Here are the ones that were called out by the scan:
Cookie Does Not Contain the "HTTPOnly" Attribute:
Cookie Does Not Contain the "Secure" Attribute:
We believe that the ones missing the 'Secure' attribute come from the VisitorAPI.js, but we don't know how to update or disable it. There was another post here asking to do so but there wasn't resolution unfortunately.
The evar ones appear to be generated from the Adobe Analytics Plug-Ins, such as 'getPreviousValue' and 'getValOnce' - but Adobe notes that these are not supported by standard support.
Obviously PCI compliance is of utmost importance, so we're hoping that others have encountered this and found ways to resolve the issues, any suggestions or advice is greatly appreciated.
Thank you!
Robbie
Topics help categorize Community content and increase your ability to discover relevant content.
Views
Replies
Total Likes
Hi, on your Experience Cloud ID Service extension, you should be able to set secure cookies with this:
The other cookies as you mentioned are coming from Adobe plugin code (getPreviousValue and getValOnce, etc). I don't use a lot of the Adobe plugins, but I don't believe those could ever be set to HTTPOnly because by definition, that is a cookie that is set by the server, and only allows the server to manipulate it... and anything you set with a plugin wouldn't comply...
However, there may be alternate available to you...
Activity Map will track the "previous page name" in Activity Map Page (and I believe this uses session storage, not cookies - and shouldn't have the security issue); and as for "getValOnce", you can create a segment using "Non Repeating Instance" to essentially get the same thing.
Thank you @Jennifer_Dungan ! We'll be updating the Experience Cloud ID extension right away, we didn't know about that one.
Interesting idea with the Activity Map! We'll work with some of our super users to see if that can work.
Great ideas, thanks for chiming in!
You're welcome. I hope you can get what you need with some work-arounds!
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies