Knowledgebase: General

Why is my PCI Scan Returning a "Non-Secure Cookie" error?


Your PCI scan may be registering a cookie called "ASPSESSIONIDAQCATAQS" as a non-secure cookie.

This is an automatically generated cookie that is not actually created by the Shift4Shop software but rather the IIS server running your site. It is used by IIS for running classic ASP applications.

While the cookie itself is technically not secure, there is no inherit PCI danger due to the fact that it does not have any bearing on your cart's checkout process or anything with the store's sensitive information. Those areas of the cart are protected by other cookies which are secure and marked as HTTPOnly to control sensitive data.

If your PCI scan returns a non-secure cookie error, please check to see if it is referring to this ASPSESSIONIDAQCATAQS and ask your PCI scan provider to bypass it.

Help Desk Software by Kayako fusion