cookie-consent icon indicating copy to clipboard operation
cookie-consent copied to clipboard

Published 20 hours ago verified publisher icon nhsuk

nhsuk-cookie-consent cookie secure attribute

Open nhsbsa-Will opened this issue 4 years ago • 0 comments

Hi,

Should the nhsuk-cookie-consent cookie have the secure attribute? Guidance from GDS here says "You should only send cookies with the Secure attribute and, when appropriate, the HttpOnly attribute. These flags provide additional assurances about how browsers should handle cookies."

Currently the nhsuk-cookie-consent cookie doesn't have secure checked, as can be seen in the attached screenshot.

Cheers. Screenshot 2021-02-09 at 11 09 30

nhsbsa-Will avatar Feb 09 '21 11:02 nhsbsa-Will