Talk:HTTP cookie

Semi-protected edit request on 26 October 2020

I want to edit. 96.232.83.69 (talk) 12:26, 26 October 2020 (UTC)

You can request specific changes here on this talk page on the form "Please change X to Y", citing reliable sources. – Thjarkur (talk) 12:36, 26 October 2020 (UTC)

Semi-protected edit request on 31 January 2021

2601:586:500:8800:9C45:87FE:372A:9811 (talk) 02:51, 31 January 2021 (UTC)

 Not done: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format and provide a reliable source if appropriate. Pupsterlove02 talk • contribs 03:59, 31 January 2021 (UTC)

"Alternatives to cookies" should be split out into a separate article

The section "Alternatives to cookies" list various identifiers and cache records stored by the client (and metadata like IP). These things can be used for tracking (one application of cookies), but they don't actually substitute cookies in general. Also, this list is missing a few entries, like:

- favicon cache:

https://arstechnica.com/information-technology/2021/02/new-browser-tracking-hack-works-even-when-you-flush-caches-or-go-incognito/

- HSTS tracking, see

https://nakedsecurity.sophos.com/2015/02/02/anatomy-of-a-browser-dilemma-how-hsts-supercookies-make-you-choose-between-privacy-or-security/

https://webkit.org/blog/8146/protecting-against-hsts-abuse/

- redirect tracking, see

https://digiday.com/marketing/wtf-what-is-redirect-tracking/

Also see: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Redirect_tracking_protection#what_data_is_cleared

Semi-protected edit request on 24 March 2021

Change "For obvious security reasons" to "For security reasons" in the Domain and path subsection, as the "obvious" is unhelpfully exclusionary Wlycdgr (talk) 16:09, 24 March 2021 (UTC)

 Done EN-Jungwon 16:18, 24 March 2021 (UTC)

Semi-protected edit request on 24 March 2021 (2)

Update third party cookie discussion to reflect recent developments: Firefox now blocks third party cookies by default^[1], and the Chrome team has announced plans to do so by 2022^[2] Wlycdgr (talk) 16:26, 24 March 2021 (UTC)

•  Already done - these claims already appear in the article. Thank you!  A S U K I T E  19:54, 24 March 2021 (UTC)

References

1. https://blog.mozilla.org/blog/2019/09/03/todays-firefox-blocks-third-party-tracking-cookies-and-cryptomining-by-default/
2. https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html

Semi-protected edit request on 8 June 2021

Please remove the sentence "Google Project Zero researcher Jann Horn describes ways cookies can be read by intermediaries, like Wi-Fi hotspot providers. He recommends using the browser in incognito mode in such circumstances". The reason is:

• This doesn't belong in this article at all. It gives un-due focus to an unimportant blog post. That cookies may be stolen is alredy mentioned in the section "Cookie theft and session hijacking", that blog posts does not make a significant contribution over that.
• The source is just a minor demonstration at the author's personal blog. It's hardly a recommendation.
• The recommendation is misleading to readers.

--157.157.113.183 (talk) 10:45, 8 June 2021 (UTC)

 Done ScottishFinnishRadish (talk) 11:22, 8 June 2021 (UTC)

terrible cringe taxonomy

tracking cookies are not a thing there are literally infinite ways to track a browser session, cookies being one of them please rewrite the entire article

is there even a reference here to the original cookie spec? this entire article is written for american retards who are paranoid about being tracked and want to learn how precisely a cookie can "violate their privacy", the irony being that the idiots browsing and writing this article are unaware as a method so simple as tracking IP addresses — Preceding unsigned comment added by 198.91.180.20 (talk • contribs) 16:33, 28 September 2021 (UTC)

P3P discontinued by W3C, removed from MS browsers since Windows 10.

Please delete the line:

By default, Internet Explorer allows third-party cookies only if they are accompanied by a P3P "CP" (Compact Policy) field.[60]

and change:

The P3P specification offers a possibility for a server to state a privacy policy using an HTTP header field, which specifies which kind of information it collects and for which purpose. These policies include (but are not limited to) the use of information gathered using cookies. According to the P3P specification, a browser can accept or reject cookies by comparing the privacy policy with the stored user preferences or ask the user, presenting them the privacy policy as declared by the server. However, the P3P specification was criticized by web developers for its complexity. Some websites do not correctly implement it. For example, Facebook jokingly used "HONK" as its P3P header field for a period.[83] Only Internet Explorer provides adequate support for the specification.

to (updated, and shorter since the unsupported spec is now less relevant, and because the linked page has all the necessary information about the current status of the P3P's demise):

A W3C specification called P3P was proposed for servers to communicate their privacy policy to browsers, allowing automatic, user-configurable handling. However, few websites implement the specification, no major browsers support it, and the W3C has discontinued work on the specification.

This should bring this page's reporting of P3P current with the P3P page: it's currently several years out of date. 207.191.44.146 (talk) 15:24, 12 October 2021 (UTC)

 Done Parrotapocalypse ^(hello) 02:26, 15 October 2021 (UTC)