4 replies

`cf_clearance` cookie scoped to parent of the issuing domain?

Hello from rainy, gloomy Liverpool!

A stranger on an @gmail.com address emailed me a "vulnerability report" whilst asking for cash for reporting it—but I'm not convinced it has any merit as it's just how Cloudflare Turnstile is, right? Can anyone sanity-check this?

Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:

    cf_clearance

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:

    cf_clearance

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Thank you very much in advance, really appreciative of your time. :- )

`cf_clearance` cookie scoped to parent of the issuing domain?

Similar Threads

`cf_clearance` cookie scoped to parent of the issuing domain?

Similar Threads

Similar Threads

Similar Threads