Feb 19, 2021 — Cloudlet cookies security improvement
almost 4 years ago by kporeba@akamai.com
This release improves the security of Cloudlet cookies. Application Load Balancer (ALB) and Visitor Prioritization (VP) cookies have the HttpOnly attribute turned on by default. Using the HttpOnly flag when generating a cookie helps mitigate the risk of client-side script attacks (such as XSS) accessing the protected cookie. This setting was previously disabled, but is now turned on by default for added security. You may still override this default setting in your Property Manager configuration.