Skip to main content
Answered

HttpOnly and Secure cookies for intercom

  • 7 January 2025
  • 1 reply
  • 40 views

Noticed that the intercom cookies don’t have the Secure and HttpOnly attributes set. Is it possible to do so?
Could this be a security issue for our website without t?

Best answer by Jacques Reynolds

Hey ​@Pranjal 👋

The Secure flag is not enabled by default on Intercom cookies because the service needs to be compatible with non-HTTPS sites, such as customer-hosted help centre pages.

However, if your site exclusively uses HTTPS and you want to enable the Secure flag for Intercom cookies, this can be arranged by adding your site to a feature flag we have setup. You can reach out to our support team to get your workspace added to that 👍

As for the HttpOnly attribute, it is not set because Intercom's JavaScript needs to access the cookies. Not having these attributes does not necessarily constitute a security issue, but enabling the Secure flag on cookies is a good practice if your website uses HTTPS to add an extra layer of security.

Hope this helps!

View original
Did this topic help you find an answer to your question?

1 reply

Jacques Reynolds
Intercom Team
Forum|alt.badge.img+4

Hey ​@Pranjal 👋

The Secure flag is not enabled by default on Intercom cookies because the service needs to be compatible with non-HTTPS sites, such as customer-hosted help centre pages.

However, if your site exclusively uses HTTPS and you want to enable the Secure flag for Intercom cookies, this can be arranged by adding your site to a feature flag we have setup. You can reach out to our support team to get your workspace added to that 👍

As for the HttpOnly attribute, it is not set because Intercom's JavaScript needs to access the cookies. Not having these attributes does not necessarily constitute a security issue, but enabling the Secure flag on cookies is a good practice if your website uses HTTPS to add an extra layer of security.

Hope this helps!


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings