--- title: "FAQ cookies" date: "2023-11-22T09:34:41+00:00" summary: "Discover how Web Governance uses cookies, their security features, and data privacy options for website analytics and visitor tracking." image: type: "article" url: "/web-governance/help/59261-faq-cookies" id: "7f371d15-e6f5-4dd3-9031-1526b73857d5" --- This document contains the collected answers to the most frequently asked questions to Web Governance about cookies. Table of contents will be added What does Web Governance track with their cookies? -------------------------------------------------- The cookie(s) created by the Web Governance script track unique returning visitors and collect page views from the same visitor. This data is included in _visit session_ details. Note The Web Governance cookie is only created when the Statistics feature is enabled. See [Statistics](https://docs.acquia.com/acquia-optimize/features/statistics) for instructions on how to set up this feature. The value is a randomly generated string. A new one is generated if the cookie is not found. The cookie expires 30 days after the latest visit, and each visitor has a unique value on each visited domain; for example, it is not shared across domains or with Web Governance customers in general. Web Governance tracks with this cookie: * Time and duration of visit * Geographical location * Type of browser * Operating system * Screen size * IP addresses (anonymized). Note Before we anonymize the IP address, Web Governance extracts the GEO information. The unique ID is located on the user's machine and is not stored. What is the difference between Secure and HTTPOnly cookies? ----------------------------------------------------------- The security of cookies is an important subject. HttpOnly and secure flags can be used to make the cookies more secure. * **HttpOnly**: The cookies cannot be accessed using JavaScript. This request is already being sent via Javascript from Web Governance, so that means that the cookie is already being installed on Javascript. **This can’t be set by Web Governance**, primarily because we use the cookie from Javascript. It is created, read, and deleted with JavaScript. * **Secure**: HTTPS only. When a secure flag is used, the cookie is only sent over HTTPS, which is HTTP over SSL/TLS. * **Web Governance does not use this**. We have customers that use our system on HTTP pages, and our script at the moment needs to support customers that use both HTTP and HTTPS. Additional resources -------------------- * [Web Governance cookie policy](https://www.acquia.com/about-us/legal/privacy-policy#:~:text=Session%20cookies%20are%20temporary%20and,to%20up%20to%202%20years.) * [Consent manager user guide](https://docs.acquia.com/acquia-optimize/add-ons/consent-manager) * [Data privacy user guide](https://docs.acquia.com/acquia-optimize/add-ons/data-privacy) * [Cookieless tracking](https://docs.acquia.com/acquia-optimize/features/statistics/cookieless-tracking)