securitycookiescdngoogle-cdnmicrosoft-cdn

Content Delivery Network(s) security


What are the latest news on CDN security, related to the fact that CDN provider has access to my users' cookies? Let's assume that the delivered scripts are not patched to do a malicious job behind the scenes, but the fact that someone intercepts (by design, SSL can't help here) cookies of my users is somewhat worrying.


Solution

  • A CDN won't have access to your user's cookies. Cookies are tied to a specific domain (or subdomains if you tell them to be) so HTTP requests to a CDN won't include the cookies because the domain name will be different. You can use Fiddler or your network monitor tool of choice to verify this.