cancel
Showing results for 
Search instead for 
Did you mean: 

PCI Compliance: Cookies HttpOnly flag is not set

PCI Compliance: Cookies HttpOnly flag is not set

In the default cookie settings, the Use HTTP Only option is already set to Yes. But the PCI Compliance checking has found several cookies that are not set. Here is the list:
  1. section_data_ids
  2. section_data_clean
  3. private_content_version
  4. recently_viewed_product
  5. mage-cache-storage-section-invalidation
  6. form_key

I already tried the suggestions here: Magento 2 : How to set secure cookie OR HTTP ONLY FLAG SET. But none of them worked. Can someone please help on this issue?

2 REPLIES 2

Re: PCI Compliance: Cookies HttpOnly flag is not set

Have you come across any solutions?  Pretty sure I'm running into the same issue with 2.3.4 and 2.3.6 in my testing environment.   Still digging into it currently. 

Re: PCI Compliance: Cookies HttpOnly flag is not set

Still no solution. Posted this on Github too
https://github.com/magento/magento2/issues/30583