Talk:HTTP cookie

	HTTP cookie is a former featured article. Please see the links under Article milestones below for its original nomination page (for older articles, check the nomination archive) and why it was removed.
	This article appeared on Wikipedia's Main Page as Today's featured article on May 8, 2006.
Article milestones Date Process Result January 16, 2006 Peer review Reviewed January 28, 2006 Featured article candidate Promoted April 7, 2009 Featured article review Demoted June 6, 2011 Good article nominee Not listed Current status: Former featured article

This article is of interest to the following WikiProjects:

Computing C‑class Mid‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles C This article has been rated as C-class on Wikipedia's content assessment scale. Mid This article has been rated as Mid-importance on the project's importance scale. Internet C‑class High‑importance This article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the Internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.InternetWikipedia:WikiProject InternetTemplate:WikiProject InternetInternet articles C This article has been rated as C-class on Wikipedia's content assessment scale. High This article has been rated as High-importance on the project's importance scale. Computer Security: Computing C‑class High‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles C This article has been rated as C-class on Wikipedia's content assessment scale. High This article has been rated as High-importance on the project's importance scale. This article is supported by WikiProject Computing (assessed as Mid-importance). Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Spoken Wikipedia This article is within the scope of WikiProject Spoken Wikipedia, a collaborative effort to improve the coverage of articles that are spoken on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Spoken WikipediaWikipedia:WikiProject Spoken WikipediaTemplate:WikiProject Spoken WikipediaSpoken Wikipedia articles Websites: Computing C‑class High‑importance This article is part of WikiProject Websites, an attempt to create and link together articles about the major websites on the web. To participate, you can edit the article attached to this page, or visit the project page.WebsitesWikipedia:WikiProject WebsitesTemplate:WikiProject WebsitesWebsites articles C This article has been rated as C-class on Wikipedia's content assessment scale. High This article has been rated as High-importance on the importance scale. This article is supported by WikiProject Computing. Etymology The etymology section in this article is within the scope of the Etymology Task Force, a collaborative effort to improve the coverage of etymology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.EtymologyWikipedia:WikiProject Linguistics/EtymologyTemplate:Etymology sectionEtymology articles

This article is based on material taken from the Free On-line Dictionary of Computing prior to 1 November 2008 and incorporated under the "relicensing" terms of the GFDL, version 1.3 or later.

This article is substantially duplicated by a piece in an external publication. Please do not flag this article as a copyright violation of the following source: Surhone, L. M., Timpledon, M. T., & Marseken, S. F. (2010), Online advertising: World Wide Web, interactive advertising, HTTP cookie, Betascript Publishing{{citation}}: CS1 maint: multiple names: authors list (link) Additional comments OCLC 709610692, ISBN 9786132026712.

The contents of the Cookiejacking page were merged into HTTP cookie on February 2019. For the contribution history and old versions of the redirected page, please see its history; for the discussion at that location, see its talk page.

This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request.

I want to edit. 96.232.83.69 (talk) 12:26, 26 October 2020 (UTC)[reply]

You can request specific changes here on this talk page on the form "Please change X to Y", citing reliable sources. – Thjarkur (talk) 12:36, 26 October 2020 (UTC)[reply]

This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request.

2601:586:500:8800:9C45:87FE:372A:9811 (talk) 02:51, 31 January 2021 (UTC)[reply]

 Not done: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format and provide a reliable source if appropriate. Pupsterlove02 talk • contribs 03:59, 31 January 2021 (UTC)[reply]

The section "Alternatives to cookies" list various identifiers and cache records stored by the client (and metadata like IP). These things can be used for tracking (one application of cookies), but they don't actually substitute cookies in general. Also, this list is missing a few entries, like:

- favicon cache:

https://arstechnica.com/information-technology/2021/02/new-browser-tracking-hack-works-even-when-you-flush-caches-or-go-incognito/

- HSTS tracking, see

https://nakedsecurity.sophos.com/2015/02/02/anatomy-of-a-browser-dilemma-how-hsts-supercookies-make-you-choose-between-privacy-or-security/

https://webkit.org/blog/8146/protecting-against-hsts-abuse/

- redirect tracking, see

https://digiday.com/marketing/wtf-what-is-redirect-tracking/

Also see: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Redirect_tracking_protection#what_data_is_cleared

This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request.

Change "For obvious security reasons" to "For security reasons" in the Domain and path subsection, as the "obvious" is unhelpfully exclusionary Wlycdgr (talk) 16:09, 24 March 2021 (UTC)[reply]

 Done EN-Jungwon 16:18, 24 March 2021 (UTC)[reply]

This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request.

Update third party cookie discussion to reflect recent developments: Firefox now blocks third party cookies by default^[1], and the Chrome team has announced plans to do so by 2022^[2] Wlycdgr (talk) 16:26, 24 March 2021 (UTC)[reply]

•  Already done - these claims already appear in the article. Thank you!  A S U K I T E  19:54, 24 March 2021 (UTC)[reply]

This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request.

Please remove the sentence "Google Project Zero researcher Jann Horn describes ways cookies can be read by intermediaries, like Wi-Fi hotspot providers. He recommends using the browser in incognito mode in such circumstances". The reason is:

• This doesn't belong in this article at all. It gives un-due focus to an unimportant blog post. That cookies may be stolen is alredy mentioned in the section "Cookie theft and session hijacking", that blog posts does not make a significant contribution over that.
• The source is just a minor demonstration at the author's personal blog. It's hardly a recommendation.
• The recommendation is misleading to readers.

--157.157.113.183 (talk) 10:45, 8 June 2021 (UTC)[reply]

 Done ScottishFinnishRadish (talk) 11:22, 8 June 2021 (UTC)[reply]

tracking cookies are not a thing there are literally infinite ways to track a browser session, cookies being one of them please rewrite the entire article

is there even a reference here to the original cookie spec? this entire article is written for american retards who are paranoid about being tracked and want to learn how precisely a cookie can "violate their privacy", the irony being that the idiots browsing and writing this article are unaware as a method so simple as tracking IP addresses — Preceding unsigned comment added by 198.91.180.20 (talk • contribs) 16:33, 28 September 2021 (UTC)[reply]

This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request.

Please delete the line:

By default, Internet Explorer allows third-party cookies only if they are accompanied by a P3P "CP" (Compact Policy) field.[60]

and change:

The P3P specification offers a possibility for a server to state a privacy policy using an HTTP header field, which specifies which kind of information it collects and for which purpose. These policies include (but are not limited to) the use of information gathered using cookies. According to the P3P specification, a browser can accept or reject cookies by comparing the privacy policy with the stored user preferences or ask the user, presenting them the privacy policy as declared by the server. However, the P3P specification was criticized by web developers for its complexity. Some websites do not correctly implement it. For example, Facebook jokingly used "HONK" as its P3P header field for a period.[83] Only Internet Explorer provides adequate support for the specification.

to (updated, and shorter since the unsupported spec is now less relevant, and because the linked page has all the necessary information about the current status of the P3P's demise):

A W3C specification called P3P was proposed for servers to communicate their privacy policy to browsers, allowing automatic, user-configurable handling. However, few websites implement the specification, no major browsers support it, and the W3C has discontinued work on the specification.

This should bring this page's reporting of P3P current with the P3P page: it's currently several years out of date. 207.191.44.146 (talk) 15:24, 12 October 2021 (UTC)[reply]

 Done Parrotapocalypse ^(hello) 02:26, 15 October 2021 (UTC)[reply]

There have been some changes to browser implementations of SameSite cookies since May 2020 that are not shown in this paragraph.

I suggest this replacement paragraph, most importantly to note that the Chrome rollout was actually completed in 2020.

As of 2022, Chrome, Firefox, Safari and Edge have all added support for SameSite cookies. An important part of the rollout of this feature is the treatment of existing cookies without the SameSite attribute defined. Chrome began by treating those existing cookies as if SameSite=None, to keep all websites/applications behaving as before. Chrome changed that default to SameSite=Lax in 2020, to increase users' security. The change would break those applications/websites that rely on third-party/cross-site cookies, that were not updated to use the SameSite attribute. Given the extensive changes for web developers and COVID-19 circumstances, Google temporarily rolled back the SameSite cookie change, but completed the rollout later in 2020. [1] . Other browsers have added support at different times.

Also, could we please remove the hyphen, as "SameSite" is the common usage, not "Same-Site". Both forms are used in the original specification, so it's not wrong, but "SameSite" is what the wider web development community typically uses. Bhforbróir (talk) 21:59, 10 January 2023 (UTC)[reply]

This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request.

103.171.165.169 (talk) 08:18, 20 July 2023 (UTC)[reply]

X500

 Not done: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format and provide a reliable source if appropriate. Cannolis (talk) 08:46, 20 July 2023 (UTC)[reply]

It's not my place to edit this into the HTTP cookie page, so I'm leaving a note here. My name is Gary Robinson, and I'm the original inventor of the tracking cookie, and the coiner of that term. (The tracking cookie was independently invented a few months later at DoubleClick.) I am the sole inventor listed for patent 5,918,014 with priority date Dec 27, 1995.[1]

The term "tracking cookie" is coined in that patent at column 10, line 9. The technical mechanism is described starting at column 9, line 38.

Google eventually came to own the patent, which has now expired. It also describes mechanisms for privacy and user control of their data. I do already have a wikipedia page,[2] and it seems like the tracking cookie section of the HTTP Cookie page should link to it. But I leave that for other people to decide about and do, if it is judged to be appropriate.

In any case my suggestion is to edit the Tracking part of the Uses section to refer to the patent and to me. I'd do it myself, but my understanding is that it would be inappropriate for me to edit something about me.

[1] https://patentimages.storage.googleapis.com/c3/d4/40/239073914fa7fc/US5918014.pdf [2] Gary Robinson Garyrob (talk) 14:06, 30 August 2023 (UTC)[reply]

It has been proposed in this section that HTTP cookie be renamed and moved to Cookies. A bot will list this discussion on requested moves' current discussions subpage within an hour of this tag being placed. The discussion may be closed 7 days after being opened, if consensus has been reached (see the closing instructions). Please base arguments on article title policy, and keep discussion succinct and civil. Please use {{subst:requested move}}. Do not use {{requested move/dated}} directly. Links: current log • target log • direct move

HTTP cookie → Cookies – First, WP:COMMONNAME. "HTTP cookie" is not a very common name for cookies on the Internet — in fact, I don't think I had heard of them being called that until I found this article. The Google Ngram Viewer shows a dramatic drop in usage after 2005, when it spiked and never recovered. This article is currently buried near the very bottom of Cookie (disambiguation) and took me a while to find because Cookies redirects to Cookie (the food). Per WP:SMALLDETAILS, the plural form should be sufficient to distinguish Internet cookies from edible ones, plus there is clear evidence that Internet cookies are the WP:PRIMARYTOPIC for the term "cookies". HTTP cookie actually dwarfs Cookie in terms of pageviews, but obviously the food is the long-term primary topic for "cookie". For the plural form "cookies", however, this is clearly the one most people are and will be looking for. InfiniteNexus (talk) 00:34, 16 October 2023 (UTC)[reply]

• Oppose. The baked good should remain the WP:PRIMARYREDIRECT for "cookies". Rreagan007 (talk) 02:16, 16 October 2023 (UTC)[reply]

  Could you please elaborate? Primary redirects are a thing, but WP:PLURALPT permits a plural redirect to redirect to another article if there is a different primary topic for the plural form. For example, Windows vs. Window, Snickers vs. Snicker, Queens vs. Queen, etc. InfiniteNexus (talk) 02:24, 16 October 2023 (UTC)[reply]

  "Windows is an operating system", "Snickers is a candy bar", "Queens is a county in New York State": these are all singular nouns. "Cookies are stored on your hard drive": plural. Your analogy is invalid. "Cookie" the unit of stored data, just as "cookie" the baked good, is subject to the same rules regarding singular and plural usage in article titles. And how would it be a valid disambiguation? If we had Cookie and Cookies, how wouldn't anyone know in advance which is about the baked good and which is about the computer topic? Largoplazo (talk) 02:38, 16 October 2023 (UTC)[reply]

  Well, let's play a game (no cheating). 1984 and Nineteen Eighty-Four do not point to the same page. Without clicking or hovering on either article, can you tell in advance which is which? InfiniteNexus (talk) 03:05, 16 October 2023 (UTC)[reply]

  Obviously the latter is Orwell, but that's not really on topic. No one ever uses "Nineteen Eighty-Four" to mean the year, whereas "cookies" is a regularly used plural form of "cookie". O.N.R. ^(talk) 03:45, 16 October 2023 (UTC)[reply]

• Oppose. A cookie can be plural too, and is certainly the primary topic for cookies. 162 etc. (talk) 02:27, 16 October 2023 (UTC)[reply]
• Commment I agree that the current title could be improved upon. I wonder, though, if a better rename would be something like Cookie (HTTP) or Cookie (internet). I'm not necessarily in support of the positions of @Rreagan007 or @162 etc. but the distinction between Cookie and Cookies is not so clear, so people will have to look at the short description to figure out what they want.
  Oblivy (talk) 02:39, 16 October 2023 (UTC)[reply]
• Oppose How is the HTTP cookie (or web cookie) the primary topic for "cookie"? And there is no rhyme or reason to assigning singular to the baked good and plural to the unit of web storage. The baked good is a cookie. The unit of storage is a cookie. Both can be pluralized. Both can be considered individually.
  The only thing the Ngram tells you is that "HTTP cookie(s)" fell in usage by about 50% between 2005 and 2013 (and has risen since then) as a proportion out of all of the literature in those years. It tells us nothing about its frequency relative to references to the baked good at any given time. Largoplazo (talk) 02:47, 16 October 2023 (UTC)[reply]

  (edit conflict) Because cookies on the Internet are rarely referred to in singular form. "This website uses cookies." "Accept all cookies." "Clear cookies." "Block third-party cookies." InfiniteNexus (talk) 02:52, 16 October 2023 (UTC)[reply]

• Oppose move. The primary topic for "cookies", plural, is obviously the baked goods. O.N.R. ^(talk) 03:45, 16 October 2023 (UTC)[reply]
• Oppose. Not only is the block of data not the primary meaning of "cookies", but I see no evidence that people only identify such blocks using the plural form. A quick glance at Google shows that reliable sources often say things like, "a cookie is information that a website puts on a user's computer"[2], or "the most common use of a cookie is to store a user ID"[3], or similar singular constructions. ╠╣uw [talk] 10:50, 16 October 2023 (UTC)[reply]
• Oppose not primary for the plural form and may not pass WP:PLURAL anyway but I'm not sure. Crouch, Swale (talk) 18:47, 16 October 2023 (UTC)[reply]
• Oppose. Per everything above, but also, Cookie ([[Cookie]]) and Cookies ([[Cookie]]s) will both lead to the same page, but if this page moves as proposed, Cookies ([[Cookie]]s) and Cookies ([[Cookies]]) won't and that is just bad user experience (and tools such as AWB will obviously not be able to handle it). Gonnym (talk) 19:04, 16 October 2023 (UTC)[reply]
• Oppose this move. I agree that "HTTP cookie" is perhaps a rare term that this sort of natural disambiguation isn't best, perhaps, and something like "Cookie (web)" or "Cookie (Internet)" could be better. I also think that the disambiguation page should have both cookie and HTTP cookie linked from the top of the page in some style, which is done when there are two topics much more common than others (which is true in this case). I may try to do that sometime when I can think exactly how if no one else beats me to it. Skynxnex (talk) 19:43, 17 October 2023 (UTC)[reply]

  As I indicated above, I agree with @InfiniteNexus the current title is not great.

  Cookie (Internet) would be fine. I suggested Cookie (HTTP). Cookie (Web) is as good or better.

  Since this RFC seems doomed to fail as 100% - nominator oppose, should this be opened as a new RFC to see if a different change is going to be acceptable? If not, what's the next move? Oblivy (talk) 02:38, 18 October 2023 (UTC)[reply]

• Let it... Randy Kryn (talk) 03:35, 18 October 2023 (UTC)[reply]