Zopim chat application returning unsecure flag

If you view sercurity messages in your browser console or run a third party tool for security checks against Project Insight, you may see a message with this warning: "A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections".

According to the Zopim support team: "We cannot use the SECURE flag for the Chat cookie because it could lead to loss of visitor identity for pages that are not https. For HTTPONLY, it is not supported because our widget Javascript needs to read the cookie.

To have the highest level of security, we would recommend embedding the widget on a https only website and whitelist the domain via the Widget Security Settings."

Please make a note that since Zopim is a third party plug-in tool, we do not have full control over security measures and protocols with the plug-in.

Online 9/29/2017
Updated on: