What happened?
On November 16th, 2021, at 12:50 UTC, we identified an issue related to Hotjar script cookies that caused some customer sites to stop working.
Why did this issue occur?
Following the previous incident related to Hotjar script cookies, from Oct 20th, we have implemented ways to mitigate the risk of introducing invalid cookie values but it appeared that specific firewall configuration were still considering them insecure.
A change was deployed at 11:15 UTC, that introduced cookies, considered insecure by some firewalls. Once identified, the issue was fixed by reverting the change.
What will we do to prevent this from happening in the future?
We have updated our testing routines to include this specific scenario in order to prevent this problem from reappearing.