FAQ cookies

This document contains the collected answers to the most frequently asked questions to Web Governance about cookies.

What does Web Governance track with their cookies?

The cookie(s) created by the Web Governance script track unique returning visitors and collect page views from the same visitor. This data is included in visit session details.

See Statistics for instructions on how to set up this feature.

The value is a randomly generated string. A new one is generated if the cookie is not found. The cookie expires 30 days after the latest visit, and each visitor has a unique value on each visited domain; for example, it is not shared across domains or with Web Governance customers in general.

Web Governance tracks with this cookie:

• Time and duration of visit
• Geographical location
• Type of browser
• Operating system
• Screen size
• IP addresses (anonymized).

The unique ID is located on the user's machine and is not stored.

What is the difference between Secure and HTTPOnly cookies?

The security of cookies is an important subject. HttpOnly and secure flags can be used to make the cookies more secure.

• HttpOnly: The cookies cannot be accessed using JavaScript.

  This request is already being sent via Javascript from Web Governance, so that means that the cookie is already being installed on Javascript.

  This can’t be set by Web Governance, primarily because we use the cookie from Javascript. It is created, read, and deleted with JavaScript.

• Secure: HTTPS only.

  When a secure flag is used, the cookie is only sent over HTTPS, which is HTTP over SSL/TLS.

• Web Governance does not use this. We have customers that use our system on HTTP pages, and our script at the moment needs to support customers that use both HTTP and HTTPS.

Additional resources

• Web Governance cookie policy
• Consent manager user guide
• Data privacy user guide
• Cookieless tracking