Osano Cookie Consent and HTTP-Only Cookies

  • Updated

An HTTP-only cookie is unlike other cookies. It is encrypted and has a “gate” that prevents client-side scripts (and anything that isn't the server) from accessing the cookie.  

These cookies instruct the browser to block JavaScript access and the HTTP attribute on the cookie will cause an exception where JavaScript can’t read, write, or delete it.  

What does this mean for Osano?  

Osano Cookie Consent may not be able to discover http-only cookies by default and may require a URL scan or manual entry to accomplish this identification. 

Additionally, Osano may be unable to discover or block HTTP-only cookies directly because of how they are placed on the page. Osano is a JavaScript tag and, as such, is prevented from interacting with these special cookies.

In certain cases, the Cookie Consent Manager can block the scripts or iframes that set those cookies which can, in turn, stop the cookie itself from being set. For this to happen, the HTTP-only cookie cannot be set in the browser prior to Osano as there’ll be no way for Osano to stop the loading of that cookie. The HTTP-only cookie must be placed after Osano, so we can discover the scripts/ iframes and attempt to block them according to users' preferences.

Note: If the cookie is set before Osano on the page or via the site headers, Osano cannot affect this cookie.