PCI Scan Vulnerability - Cookie Does Not Contain The "secure" Attribute

New Member
1 0 0

Hello Community!


My payment gateway (Authorize.Net) ran a PCI scan on my Shopify store and the results said "Cookie Does Not Contain The "secure" Attribute".


I tried to talk to shopify support but they say they are PCI compliant...


how can I fix this issue?


Please HELP!


Best to all of you!

Shopify Staff
Shopify Staff
3 0 0

Hi CykadasLLC!

All ASV scanning companies return different results when scanning Shopify stores.    This finding should be reported to the ASV scanning company as a false positive via their false positive or findings dispute process.  (It also varies with each ASV company!)

You will need to provide the following explanation with the false positive report:  

These cookies are not related to session management and unrelated to the security of cardholder data.

Shawn | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog