MyBB Internal: One or more warnings occured. Please contact your administrator for assistance.
Cookieless domains and XSS issues?
Current time: 07-10-2020, 08:52 PM Hello There, Guest! (LoginRegister)

Post Reply 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Cookieless domains and XSS issues?
04-23-2011, 12:56 AM
Post: #1
Cookieless domains and XSS issues?
Our site is getting dinged pretty hard on "cookieless" domains. For example:

Home page is
We use the following CDN domains: (javascripts) (css) (images, media, graphics, etc) (static images associated with our customers) (video files served up for our pages)

All of the CDN domains are Akamai, with a dedicated server in our data center for origin, except for the images and video domains, which have Akamai NetStorage as origin.

We set a cookie on (not, so obviously all of our CDN domains are "cookied". We have to set this cookie domain-wide, since we have multiple hostnames under (such as, which are used for our A/B testing, etc, etc.

We are looking to move to a "cookieless" domain for the stuff that doesn't require a cookie. Obviously we can get quick wins by setting up,, etc.

The one I am concerned about is the - will we run into any XSS issues? Or will this only occur if the javascripts require access to the cookies?
Find all posts by this user
Quote this message in a reply
Post Reply 

Messages In This Thread
Cookieless domains and XSS issues? - mattstratton - 04-23-2011 12:56 AM

Forum Jump:

User(s) browsing this thread: 1 Guest(s)