Small pieces of data stored by a web browser while on a website
HTTP
Persistence
Compression
HTTPS
QUIC
Request methods
OPTIONS
GET
HEAD
POST
PUT
DELETE
TRACE
CONNECT
PATCH
Header fields
Cookie
ETag
Location
HTTP referer
DNT
X-Forwarded-For
Response status codes
301 Moved Permanently
302 Found
303 See Other
403 Forbidden
404 Not Found
451 Unavailable for Legal Reasons
Security access control methods
Basic access authentication
Digest access authentication
Security vulnerabilities
HTTP header injection
HTTP request smuggling
HTTP response splitting
HTTP parameter pollution
v
t
e
HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user's device during a session.
Cookies serve useful and sometimes essential functions on the web. They enable web servers to store stateful information (such as items added in the shopping cart in an online store) on the user's device or to track the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past).[1] They can also be used to save information that the user previously entered into form fields, such as names, addresses, passwords, and payment card numbers for subsequent use.
Authentication cookies are commonly used by web servers to authenticate that a user is logged in, and with which account they are logged in. Without the cookie, users would need to authenticate themselves by logging in on each page containing sensitive information that they wish to access. The security of an authentication cookie generally depends on the security of the issuing website and the user's web browser, and on whether the cookie data is encrypted. Security vulnerabilities may allow a cookie's data to be read by an attacker, used to gain access to user data, or used to gain access (with the user's credentials) to the website to which the cookie belongs (see cross-site scripting and cross-site request forgery for examples).[2]
Tracking cookies, and especially third-party tracking cookies, are commonly used as ways to compile long-term records of individuals' browsing histories — a potential privacy concern that prompted European[3] and U.S. lawmakers to take action in 2011.[4][5] European law requires that all websites targeting European Union member states gain "informed consent" from users before storing non-essential cookies on their device.
^"What are cookies? What are the differences between them (session vs. persistent)?". Cisco. 17 July 2018. 117925.
^Vamosi, Robert (14 April 2008). "Gmail cookie stolen via Google Spreadsheets". News.cnet.com. Archived from the original on 9 December 2013. Retrieved 19 October 2017.
^"What about the "EU Cookie Directive"?". WebCookies.org. 2013. Archived from the original on 11 October 2017. Retrieved 19 October 2017.
^"New net rules set to make cookies crumble". BBC. 8 March 2011. Archived from the original on 10 August 2018. Retrieved 21 June 2018.
^"Sen. Rockefeller: Get Ready for a Real Do-Not-Track Bill for Online Advertising". Adage.com. 6 May 2011. Archived from the original on 24 August 2011. Retrieved 2 June 2011.
HTTPcookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a...
Secure cookies are a type of disable HTTPcookie that have Secure attribute set, which limits the scope of the cookie to "secure" channels (where "secure"...
so they implement states, or server side sessions, using for instance HTTPcookies or hidden variables within web forms. To start an application user session...
computing, a magic cookie, or just cookie for short, is a token or short packet of data passed between communicating programs. The cookie is often used to...
specially crafted URLs that set cookies on users' browsers. However, with cookie stuffing, affiliates use techniques like HTTP redirects, hidden iframes, or...
over HTTPS while the rest of the site is loaded over plain HTTP, the user will be vulnerable to attacks and surveillance. Additionally, cookies on a site...
access to the saved cookies on the victim's computer (see HTTPcookie theft). After successfully stealing appropriate session cookies an adversary might...
is a mistake in how some web browsers use HTTP". Retrieved January 16, 2018. "Verizon Injecting Perma-Cookies to Track Mobile Customers, Bypassing Privacy...
semantic equivalence only. ETags can be used to track unique users, as HTTPcookies are increasingly being deleted by privacy-aware users. In July 2011,...
This is a list of Hypertext Transfer Protocol (HTTP) response status codes. Status codes are issued by a server in response to a client's request made...
against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other...
location to stay anonymous on the internet using a VPN connection. A HTTPcookie is code and information embedded onto a user's device by a website when...
communications, the HTTP 404, 404 not found, 404, 404 error, page not found, or file not found error message is a hypertext transfer protocol (HTTP) standard response...
HTTP 403 is an HTTP status code meaning access to the requested resource is forbidden. The server understood the request, but will not fulfill it, if...
Scenario: Mallory visits http://vulnerable.example.com/ and checks which SID is returned. For example, the server may respond: Set-Cookie: SID=0D6441FEA4496C2...
local shared object (LSO), commonly called a Flash cookie (due to its similarity with an HTTPcookie), is a piece of data that websites that use Adobe...
with most operating systems). An HTTPcookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from...
The HTTP response status code 302 Found is a common way of performing URL redirection. The HTTP/1.0 specification (RFC 1945) initially defined this code...
user input. Header injection in HTTP responses can allow for HTTP response splitting, session fixation via the Set-Cookie header, cross-site scripting (XSS)...
browser, similar to regular HTTPcookies, but with mechanisms in place to prevent the deletion of the data by the user. Zombie cookies could be stored in multiple...
Cookie Monster is a blue Muppet character on the PBS/HBO children's television show Sesame Street. He is best known for his voracious appetite and his...
URL Click identifier Common Gateway Interface (CGI) HTTPcookie HyperText Transfer Protocol (HTTP) Semantic URLs URI scheme UTM parameters Web beacon...
In HTTP, "Referer" (a misspelling of Referrer) is an optional HTTP header field that identifies the address of the web page (i.e., the URI or IRI), from...