Ensure 'Accept cookies' is set to 'From websites I visit' or `From current website only`


This recommendation pertains to the acceptance of third-party cookies.

The HEIST cookie exploit allows for retrieving data from cookies stored on a device. Cookies often follow poor coding practices and often include authentication properties. Limiting acceptance of cookies to only those from sites intentionally visited reduces the likelihood of exploit.


1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the Restrictions tab.
4. In the right windowpane, under the tab Apps, set the Accept cookies menu to From websites I visit or From current website only.
5. Deploy the Configuration Profile.

See Also