API
WAAP
WAAP
About WAAPBilling
Configure WAAP for a domainWAAP modesManage domains protected with WAAP
Protocol validationWAF and OWASP top threatsIP reputationBehavioral WAFAnti-automation and bot protectionCMS protectionCommon automated servicesAdvanced API protection
Allow and block IP addresses in firewallIP Spotlight
API discoveryConfigure API access with reserved tagsManually add endpoints to API base path
Advanced rate limiting rulesAdvanced rule objects and attributesSource field objects
Create and manage custom rules
Reserved tagsPredefined tags
Create custom response pagesManage custom response pages
How does WAAP JavaScript injection work?What cookies are used by WAAP?What storage variables does WAAP use?
Enable and troubleshoot bot protectionTroubleshoot blocked usersTroubleshoot 5xx errors
API
Chosen image
Home/WAAP/FAQs/What cookies are used by WAAP?

What are the required cookies used by WAAP?

Gcore WAAP uses different cookies to analyze user and browsing behavior. These cookies are required for the correct functioning of the Web Application and API Protection product.

This cookie is created by the Set-Cookie response header. It gets the value from injected JavaScript, and the value contains a unique ID of the requested page.

  • Duration: Session
  • Sample value: AV
  • Path: /
  • SameSite: Lax

This cookie is created by the Set-Cookie response header. It contains the sessionID value.

  • Duration: Session
  • Sample value: 4e1ed32a27577bd95612f973777f8c3d
  • Path: /
  • HttpOnly: V
  • SameSite: Lax

This is a user tag token, a unique identifier of behavior on a domain. It's created by the Set-Cookie response header and gets values from injected JavaScript.

This cookie contains the usertag value, and is unique to browser and domain.

  • Duration: Persistent
  • Sample value: h4c5f3ab2d0ea64a63234ae2df4417f2d145
  • Path: /
  • SameSite: Lax

This cookie is related to the CSRF protection module.

  • Duration: Immediately
  • Sample value: e98c27a664bbd73bd1b55be5a0f753eb
  • Path: /
  • HttpOnly: V
  • SameSite: Strict

This is a CAPTCHA client-side cookie.

  • Duration: Immediately
  • Path: /
  • SameSite: Lax

This is a CAPTCHA client-side cookie.

  • Duration: Immediately
  • Path: /
  • SameSite: Lax

This cookie is related to CAPTCHA validation.

  • Duration: 4 days
  • Sample value: G5g+JHlalFD1U0ZibWbs57jWH7h0cUNTagGqnvbxA5XjJ3I/WhkqS4X6dx ysiXNrjFBsJDcJqVRg+bqjiarVGVtO6fKYBBEBlW+Ik/PBRLTHwPeZlFAmW zECQ/lhv7rOBsNCJFCBRlnJ+qgFuWQHOg==
  • Path: /
  • HttpOnly: V
  • SameSite: Lax

This cookie is related to CAPTCHA and JavaScript validation.

  • Duration: 1 day
  • Sample value: javiVOxxF5xj9D1HJ62QVzjeM3I84j8KYF1VF7iS+uEoWE=
  • Path: /
  • SameSite: Lax

This cookie is related to DDoS protection.

  • Duration: Session
  • Sample value: F1046F5C84F1047ED441475A38AB15917B210EE
  • Path: /
  • SameSite: Lax

This cookie is related to DDoS protection.

  • Duration: 1 day
  • Sample value: ps
  • Path: /
  • SameSite: Lax

This cookie is related to DDoS protection.

  • Duration: Session
  • Sample value: jyRENJbozdn/oyQae70NAYfKSeufcz4tPfbyMhLCOysLU3/FNaYu06nS01 7SdLejOhXriDKOU2X/uLUCZaBb2Q==
  • Path: /
  • SameSite: Lax

This cookie is related to DDoS protection.

  • Duration: Session
  • Sample value: pE9
  • Path: /
  • HttpOnly: V
  • SameSite: Lax

This cookie is created by the Set-Cookie response header.

  • Duration: Session
  • Sample value: Eko0ihLuM2ND530rxn6S07NWKAWS3wW89XYxX3VbjVnFhREKfgyRAN 3ttUFROFQqIpi+kmdrla9jH7EaII0nnA==
  • Path: /
  • HttpOnly: V
  • SameSite: Lax

This cookie is related to load balancing.

  • Duration: Session
  • Path: /
  • SameSite: Lax

This is session-related cookie created by the Set-Cookie response header. It gets values from injected JavaScript.

  • Duration: 5 minutes
  • Sample value: gFYBNNtE+xA+GebbXECksQ==
  • Path: /
  • HttpOnly: V
  • SameSite: Strict

Was this article helpful?

Edit on GitHub