Manage Your Cookies
You can view and delete cookies set on your computer by sites accessed through our service. You will find your cookies listed below:
What are cookies?
An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to a user's web browser. The browser may store it (in memory or on your disk) and send it back later to the same server.
Often, a cookie contains only textual information. So it can’t pass viruses or capture personal information from your computer. It may be human readable or without any particular significance for shy eyes.
A cookie has a lifetime. The website emitting the cookie controls this feature. A cookie may live from a few seconds to a few years. Other cookies may survive until you close your browser tab/window.
Another feature a cookie has is its domain. The cookie often has the domain of the website it comes from.
The word cookie was first coined in 1994 by the Netscape developers team. They were trying to find a solution for an online shopping application. How to “remember” the items customer wanted to buy? One tiny text file stored on a user’s computer could solve this problem.
What are they used for?
Cookies are mainly used for three purposes:
- Session management: Logins, shopping carts, game scores, or anything else the server should remember
- Personalization: User preferences, themes, and other settings
- Tracking: Recording and analyzing user behavior
Should I be afraid of their use?
There is a lot of concern about privacy and security on the internet.
Cookies do not in themselves present a threat to privacy. They store information that the user has volunteered or that the web server already has. Third party websites may access this information. But this is no worse than storing it in a central database.
You may feel a website won't treat an information you provide as confidential as it should. In this case, ask yourself whether you actually need to provide that information.
Types of cookies
- First-party cookie
- A first-party cookie is a cookie whose domain matches your browser adresss bar domain.
- Http-only cookie
Some hackers may inject malicious code to a website you visit. Neither the website owner nor you may detect this malicious add.
As a result, the malicious may be able to read sensitive cookies.
Http-only cookies fight back this kind of threats especially cross-site scripting (XSS) threats. The cookie still remains vulnerable to cross-site tracing (XST). Cross-site request forgery (XSRF) attacks can bite them too.
Such cookies have an "HttpOnly" flag to identify them.
- Persistent cookie
A persistent cookie expires at a specific date or after a specific length of time. Your browser will send it back each time you visit the cookie website. This is also true if you visit another website loading a resource (image, chat ...) from this same cookie website.
Advertisements often use this trick. For this reason, persistent cookies are sometimes referred to as tracking cookies. Advertising systems may record your browsing habits for a long time.
Yet, those cookies get handy in legitimate situation. Remember your last favorite website visit. You didn't enter your credentials and you reach your private area with one click. Chances are that the magic happens thanks to a persistent cookie.
- Same-site cookie
In 2016 Google Chrome version 51 introduced a new kind of cookie with attribute SameSite. This attribute helps determining the cookie shareness among websites given websites domains.
Browsers like Chrome, Firefox, Microsoft Edge started offering Same-site cookies support. Some existing cookies don't use this feature yet. As a result, browsers use a lax treatment when this feature is missing.
Google wanted to put a less lax treatment as of February 2020. This change would lead to soem applications/websites outage. Extensive changes for web developers and COVID-19 crisis made Google postpone this change.
- Secure cookie
A secure cookie is only transmitted over an encrypted connection (i.e. HTTPS). Unencrypted connections (i.e. HTTP) cannot bring them.
Eavesdropping have less chances to steal those cookies. Such cookies have a secure flag to help your browser identifying them.
Sensitive transactions (such as login, payment orders) can use these cookies. They help raising protection of the transaction.
- Session cookie
A session cookie exists only as long as you navigate the website who emitted it. A web browser usually deletes session cookies when you close it. Session cookies do not have a lifetime set. This is how the browser knows to treat them as session cookies.
You can encounter those cookies when you want to book a flight for instance. As long as you search your best flight, the sessions cookie remains. Staying inactive too long make the cookie vanishing. Hence your flight details also disappear.
A supercookie is a cookie with an origin of a top-level domain (such as .com) or a public suffix (such as .co.uk). Ordinary cookies, by contrast, have an origin of a specific domain name, such as example.com.
Browsers often block supercookies because they present a potential security threats. For example, a malicious attacker could set a supercookie with an origin of .com. This could affect a request made to example.com, even if the cookie did not originate from example.com. Fake logins or user information changes could appear.
The Public Suffix List helps to mitigate the risk that supercookies pose. The Public Suffix List is a cross-vendor initiative. It provides an accurate and up-to-date list of domain name suffixes. Older versions of browsers may not have an up-to-date list. So they will be vulnerable to supercookies from certain domains.
- Third-party cookie
A third-party cookie, belongs to a domain different from the one shown in your browser address bar. This sort of cookie appears on web pages featuring content from external websites. They help users tracking
As of 2014, a website were setting cookies readable for over 100 third-party domains. On average, a single website was setting 10 cookies. Some others could reach over 800 cookies (first- and third-party).
Most modern web browsers contain privacy settings that can block third-party cookies. As of July 2020, Apple Safari, Firefox, and Brave, block all third-party cookies by default. Chrome plans to start blocking third-party cookies by 2022.