I need to add secure flags to my ga cookies

  • Resolved alexwebpuro

    (@alexwebpuro)


    1 month, 3 weeks ago

    Howdy

    Last days I receive from security department this warnings on my site,

    – Cookie Without HttpOnly Flag Detected Instances,
    – Cookie Without SameSite Flag
    – Cookie Without Secure Flag

    How I can add this cookie flag in Google cookies.

    Exist any hook in your plugin that help me to resolve?

    Best regards.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support Adam Dunnage

    (@adamdunnage)

    Hello @alexwebpuro thanks for reaching out. We are limited to support for the Site Kit plugin here. There isn’t any functionality within the plugin to manage and flag cookies.

    This guide on managing cookies may be helpful to you. If there is anything you need assistance with on the Site Kit side of things then please let me know and I will be happy to help!

    Thread Starter alexwebpuro

    (@alexwebpuro)

    Hello @adamdunnage thanks for your quick response.

    But this guide is related to how to handle the cookies on the browser side, I need to modify the cookies when the track scripts ( this plugin handle ) are load on the site.

    Like this response ( stack overflow ) https://stackoverflow.com/questions/9094026/secure-google-tracking-cookies

    Can you help me with this?

    Plugin Support Adam Dunnage

    (@adamdunnage)

    @alexwebpuro I am not aware of any such hook to do this in the plugin. I will check with the internal team however to make sure there isn’t something you can do from the plugin. Once I have an update, I will share it with you here.

    Plugin Support Adam Dunnage

    (@adamdunnage)

    @alexwebpuro You can also ask your question at the Analytics Help Center where the experts there may be able to help you with this.

    Plugin Support Adam Dunnage

    (@adamdunnage)

    @alexwebpuro I just wanted to follow up on this with you as I have discussed this with the internal team. We don’t currently provide any hook for this but the team are going to investigate this further to see if anything can be done on the Site Kit side for this.

    While this isn’t a guarantee that any changes will be made for this, I can tell you that it will be looked at and considered. I hope this helps.

    Is there anything else I can help you with?

    Plugin Support Adam Dunnage

    (@adamdunnage)

    @alexwebpuro After the team took a look into this, it looks like it can actually be implemented independently of Site Kit if you wish to do this. More information on this can be found here.

    The example in the documentation linked above can be implemented like so:

    add_action( 'googlesitekit_setup_gtag', function ( $gtag ) {
    $gtag->add_command( 'set', array( 'cookie_flags', 'SameSite=None;Secure' ) );
    } );

    I hope this helps and please let me know if you have any questions on this.

    Plugin Support Adam Dunnage

    (@adamdunnage)

    As we didn’t receive a response I’ll mark this as resolved. Feel free to?open a new support topic?if you continue to encounter issues, or reopen this topic and we’d be happy to assist.

Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.