The web browser is a complex gateway into your personal computer and life. This is why we, and many others cautious about cybersecurity and information security (InfoSec), recommend you:
- Ensure your web browser(s), and all software in general, are up-to-date
- Know how to create incognito / private browsing sessions
- Use browser security extensions like Privacy Badger and uBlock Origin
- Consider a virtual private network (VPN) to negate location tracking methods
- Consider using DNS resolvers that implement DNS Security Extensions (DNSSEC) validation and DNS-over-HTTPS (DoH)
This is only a small list of ways to secure your web activity. Another way is managing how your web browser handles website cookies – files that store info to identify and track you when you visit websites. The option to remove them from your browser is normally near options to clear your browser cache. The more popular browsers allow you to specify which sites can store cookies or whether cookies can be stored at all.
Two of the most popular cookie examples on the web in 2020:
– .cfduid tracks users across websites using the Cloudflare content delivery network (CDN), including Discord.com, to identify malicious users
– wordpress_test_cookie checks if a web browser accepts cookies
In most browsers, there’s an option to see what cookies are stored in the browser. Below we cover:
- How to check cookies in Firefox based browsers
- How to check cookies in Google Chrome based browsers
- How to read site cookie information
Need a web server but don’t want cPanel? Check out our bare-bones Debian Cloud Server hosting.
Check Cookies in Firefox
Firefox-based browsers include Pale Moon and Tor Browser.
- Press F12
Or
Select the menu button in the upper-right corner, then Web Developer
Or
Right-click anywhere on a web page and select Inspect Element - Select the Storage Inspector tab
If you don’t see it in the Web Development section, you may need to select the Settings icon in the upper-right corner, then check Storage to show the tab.
- On the left, select the arrow beside Cookies to expand the list of domains with cookies on the current web page
For example, in the screenshot below, Discord’s homepage shows 2 Cloudflare session cookies (__cfduid and __cfruid for rate limiting) and a locale cookie which tracks the visitor’s language setting (English in this case).
Check Cookies in Google Chrome
Chrome-based web browsers include Chromium, Falkon (formerly QupZilla), Min, and Vivaldi.
- Select the menu in the upper-right corner, then Tools and Web Inspector
Or
Right-click anywhere on the page and select Inspect Element - Select the Application tab if you’re not already there
- Select the arrow beside beside Cookies to expand the list of domains with cookies on the current web page
In the example below, a Meet.jit.si chatroom has an Amplitude tracking cookie.
How to Read Site Cookies
Below we briefly describe the columns for site cookies:
- Name – Cookie name
- Value – Content of the cookie
- Domain – Domain of the cookie
- Path – Path of the cookie
- Expires / Max-Age – How long until the cookie expires (or
Sessionif only for that current session) - Size – Cookie byte size
- HttpOnly – Whether the cookie is set to HTTP only to mitigate cross-site scripting (XSS) attacks (
trueoffalse) - Secure – Whether the cookie is sent over HTTPS/TLS
- SameSite – Whether the cookie can be sent with external website requests
- Last Accessed – When you last used the cookie
- Created – When the cookie was created
- HostOnly – Whether the cookie domain matches the current website exactly
Have more questions about cookie security? Let us know if our Community Support Center.
