Cookies and Privacy Attributes
What is a http Only cookie?
HTTP cookies can be created in two ways: either in the HTTP layer, on in the application layer in the DOM using JavaScript. And after they are created, some cookies can be accessed from either layer, depending on the application requirements.
HTTP cookies can be created in a web browser either by the Set-Cookie header in a HTTP response or using JavaScript using the document.cookie property. An example from JavaScript console:
> document.cookie
“cookieconsent_status=dismiss; test_cookie=true”
The same cookie can be set using a HTTP response header:
Set-Cookie: cookieconsent_status=dismiss; test_cookie=true
This gives application developers great flexibility in customizing the application behavior to match user preferences — for example, if an user indicated a preference to see the website in Russian language, the application can set a cookie language=russian which the browser will send in all subsequent requests. Upon receiving the cookie, the application will then display content in appropriate language, always returning what the user has chosen to see. The cookie can be read from either the HTTP session (Cookie request header), which is what most server-side applications would do, or client-side using JavaScript, a mode preferred by most AJAX JavaScript-based applications.
Size: 212 bytes
Sample value:
BjfIqifFTC28aSoJVocgPKXH3ctPsRlu6qUcqy+qO6htlKEg3D+tMz/+OXGs7q3sM4+1ydSmtQ3WZavup83R4ULU9pD6F4BDTPVlxesi7zgheknikuCnzEknm1XJV07ycSpzDInO+4f5XzTxibCJYarkE0MxAjol4aj3lT/eWt3lueAcNpTi30RRQIO3AjkO000137
Shannon entropy: 3.96
Bit length: 1080
Cookie classification: same-origin persistent
_ga
Google Analytics tracking cookie
Type: HTTP Cookie
Domain: bookstation.ie
This cookie expires in 729 days
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It’s recommended that cookies storing authentication-related session token are protected by the flag » More…
Size: 26 bytes
Sample value:
GA1.2.170706661.1528453694
Cookie classification: same-origin persistent
_gid
Type: HTTP Cookie
Domain: bookstation.ie
The cookie is only valid during current browser session and it will be deleted when you close browser
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It’s recommended that cookies storing authentication-related session token are protected by the flag
Size: 26 bytes
Sample value:
GA1.2.631285523.1528453694
Cookie classification: same-origin session
_gat
Google Analytics tracking cookie
Type: HTTP Cookie
Domain: bookstation.ie
The cookie is only valid during current browser session and it will be deleted when you close browser
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It’s recommended that cookies storing authentication-related session token are protected by the flag
Size: 1 bytes
Sample value:
1
This cookie seems to be a hexadecimal-encoded data. Attempted decoded value:
b’x01′
Shannon entropy: 0.00
Bit length: 8
Cookie classification: same-origin session
_ga 2 years Used to distinguish users.
_gid 24 hours Used to distinguish users.
_gat 1 minute Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_.
AMP_TOKEN 30 seconds to 1 year Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
_gac_ 90 days Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out.