Help Center

  1. StackPath Help
  2. WAF
  3. Supplemental Information

Learn About WAF Cookies

Avatar
Yaniv Parasol
Updated:

Overview

The StackPath WAF uses different cookies to analyze user and browsing behavior. These cookies are required in order for the WAF to function properly. 

Review the specific cookies used by the WAF:

Cookie Duration Notes Example Value Path HttpOnly SameSite
PRLST Session
  • Created By ‘Set-Cookie’ response header
  • Gets the value from injected JS
  • Value Contains a Unique ID of the requested page
 AV /   Lax
SPSI Session
  • Session cookie
  • Created By ‘Set-Cookie’ response header
  • Contains the sessionID value
 4e1ed32a27577bd95612f973777f8c3d / V Lax
UTGv2 Persistent
  • User Tag Token - 
    Unique identifier to identify behavior on site
  • Created and gets values from injected JS
  • Contains the usertag value
  • Unique to browser and domain
 h4c5f3ab2d0ea64a63234ae2df4417f2d145   /   Lax
adOtr Session
  • Unique identifier to identify behavior on site
  • GUI interaction related
  • Shell mouse script
  • Filled by the JS with the value of the first GUI interaction like:
    Mouse move, Mouse Click (Mouse Down), Scroll (Both Mouse / Keyboard / Touch), Mobile Touch down
 dee34a1T257  /   Lax
spcsrf Immediately
  • CSRF module Protection related
 e98c27a664bbd73bd1b55be5a0f753eb / V Strict
cnfc Immediately
  • Captcha client-side cookie
   /   Lax
pvstr Immediately
  • Captcha client-side cookie
   /   Lax
SPC 4 days
  • Captcha related cookie
 G5g+JHlalFD1U0ZibWbs57jWH7h0cUNTagGqnvbxA5XjJ3I/WhkqS4X6dx
ysiXNrjFBsJDcJqVRg+bqjiarVGVtO6fKYBBEBlW+Ik/PBRLTHwPeZlFAmW
zECQ/lhv7rOBsNCJFCBRlnJ+qgFuWQHOg==		 / V Lax
sbtsck 1 day
  • Captcha/handshake related cookie
 javiVOxxF5xj9D1HJ62QVzjeM3I84j8KYF1VF7iS+uEoWE= /   Lax
DCSS session

  • DDoS protection related cookie

 F1046F5C84F1047ED441475A38AB15917B210EE /   Lax
DGCC 1 day
  • DDoS protection related cookie
 ps /   Lax
DSR session
  • DDoS protection related cookie
 jyRENJbozdn/oyQae70NAYfKSeufcz4tPfbyMhLCOysLU3/FNaYu06nS01
7SdLejOhXriDKOU2X/uLUCZaBb2Q==		 /   Lax
DCST session
  • DDoS protection related cookie
 pE9 / V Lax
SPSE session
  • Session cookie - multiple locations related
 Eko0ihLuM2ND530rxn6S07NWKAWS3wW89XYxX3VbjVnFhREKfgyRAN
3ttUFROFQqIpi+kmdrla9jH7EaII0nnA==		 / V Lax
SPLB  
  • Load balancer related
   /   Lax
sp_lit 5 minutes
  • Session cookie
 gFYBNNtE+xA+GebbXECksQ== / V Strict

 

The following table contains a list of local storage variables. These are not cookies; they are used to save key/value pairs in a web browser. 

 

Variable
Notes
Example Value

cnv
  • captcha-related Local storage data
 51507208066

csr
  • captcha-related  Local storage data
 RSNBLPNDACD

otr

  • shell mouse script-related Local storage data

 cfc3f5050e9

altutgv2
  • User Tag token-related - Local storage data
 h4d73db3157e44edb918eea80571a69f2776

 

For any questions or help, feel free to drop us a line at hi@stackpath.com or join us in our 24/7 support chat.

Was this article helpful?

Related articles

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Contact Us