Traces the datadome cookie end to end: how it is issued after a challenge, what the 128-byte token encodes, when it rotates, how long it lives, and how the edge validates it on every request through the Protection API.
Traces what the _abck cookie carries, how it relates to the sensor_data POST, and the handshake that flips it from a challenge state to a validated one, with notes on what is documented versus inferred.
Traces the bm_sz cookie, the pixel challenge that mints ak_bmsc, and the sec-cpt proof-of-work interstitial that sits alongside _abck, and why a client that only validates _abck still gets challenged or dropped.
Traces HUMAN's _px3 risk cookie end to end: the salt:iterations:ciphertext wire format, the AES-CBC and PBKDF2 layer, the HMAC bound to the user agent, the score and action fields, and how _pxhd and _pxvid sit alongside it.
A reference on Cloudflare's cf_clearance cookie: when a passed challenge issues it, what it is bound to, its zone scope and partitioned cross-site behaviour, its configurable lifetime, and why a stolen copy does not travel.
Traces the cookies Imperva (formerly Incapsula) keeps in the browser: the ___utmvc RC4 cookie, the reese84 sensor token, and the visid_incap and incap_ses session pair, and how the layers fit together. Notes documented versus inferred throughout.
How identity stays coherent when a crawler rotates IPs: binding cookies and sessions to exit nodes, what breaks when a session leaks across IPs, and the signals anti-bot systems use to catch the mismatch.
Traces the HTTP cookie from a 1994 shopping-cart hack to the web's identity layer: how SameSite reshaped it, why the third-party-cookie phase-out collapsed in 2024-2025, and what partitioning leaves behind.
A primary-source walk through CHIPS: the Partitioned cookie attribute, the double-keyed cookie jar, the cross-site ancestor chain bit, the 10 KiB per-partition budget, and where it sits now that Privacy Sandbox is gone.
A primary-source reference for the cookie security attributes: what HttpOnly, Secure, SameSite, Domain, and Path each enforce, why the __Host-/__Secure- prefixes exist, and the gaps each one leaves behind.
Traces the HTTP cookie from Lou Montulli's 1994 design at Netscape through RFC 2109, 2965, and 6265, the third-party tracking era, and the SameSite phase-out endgame that never quite arrived.