Noticed that the intercom cookies don’t have the Secure and HttpOnly attributes set. Is it possible to do so?
Could this be a security issue for our website without t?
Page 1 / 1
Hey 
The Secure flag is not enabled by default on Intercom cookies because the service needs to be compatible with non-HTTPS sites, such as customer-hosted help centre pages.
However, if your site exclusively uses HTTPS and you want to enable the Secure flag for Intercom cookies, this can be arranged by adding your site to a feature flag we have setup. You can reach out to our support team to get your workspace added to that 
As for the HttpOnly attribute, it is not set because Intercom's JavaScript needs to access the cookies. Not having these attributes does not necessarily constitute a security issue, but enabling the Secure flag on cookies is a good practice if your website uses HTTPS to add an extra layer of security.
Hope this helps!
Reply
Join the Intercom Community 🎉
Already have an account? Login
Login to the community
No account yet? Create an account
Intercom Customers and Employees
Log in with SSOor
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.