Current time: 02-27-2021, 08:39 AM Hello There, Guest! (LoginRegister)

Post Reply 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Cookieless domains and XSS issues?
04-23-2011, 12:56 AM
Post: #1
Cookieless domains and XSS issues?
Our site is getting dinged pretty hard on "cookieless" domains. For example:

Home page is
We use the following CDN domains: (javascripts) (css) (images, media, graphics, etc) (static images associated with our customers) (video files served up for our pages)

All of the CDN domains are Akamai, with a dedicated server in our data center for origin, except for the images and video domains, which have Akamai NetStorage as origin.

We set a cookie on (not, so obviously all of our CDN domains are "cookied". We have to set this cookie domain-wide, since we have multiple hostnames under (such as, which are used for our A/B testing, etc, etc.

We are looking to move to a "cookieless" domain for the stuff that doesn't require a cookie. Obviously we can get quick wins by setting up,, etc.

The one I am concerned about is the - will we run into any XSS issues? Or will this only occur if the javascripts require access to the cookies?
Find all posts by this user
Quote this message in a reply
04-25-2011, 05:25 AM
Post: #2
RE: Cookieless domains and XSS issues?
There should not be any cross-domain issues in moving the js to another domain.

AFAIK for cross-domain stuff, the browser is only concerned about the hostname of the page that the javascript is being run on, but not the hostname of the actual javascript files.... -- not entirely sure We help you select the right CDN
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 

Forum Jump:

User(s) browsing this thread: 1 Guest(s)