Expand my Community achievements bar.

Security compliance: Please add attributes "secure" and "HTTPOnly" to Target cookies

Avatar

Employee Advisor

6/7/23

Here is a list of all the Target Cookies:

  • mbox (Stores anonymous identifiers)
  • at_check (Temporary cookie to check cookie read/write capability)
  • mboxEdgeCluster (This cookie is only present when/if overrideMboxEdgeServer setting is set to true)
  • customerclientcode!mboxPC (This cookie is present when/if cross domain is enabled.)
  • customerclientcode!mboxSession (This cookie is present when/if cross domain is enabled.)


"secure" can be enabled on all of these cookies using secureOnly: true configuration in at.js implementation. (See this KB.)

The two cookies below are already "HTTPOnly" out of the box:

  • customerclientcode!mboxPC
  • customerclientcode!mboxSession

It is not possible to use "HTTPOnly" on the three cookies below because at.js needs to read/write to these cookies:

  • mbox
  • at_check
  • mboxEdgeCluster