_px* (e.g _px, _px2, _px3) | Sightline Cyberfraud Defense, Bot Defender | Used to maintain a session with HUMAN. It does not correspond to any user ID in the web application and does not store any personally identifiable information. | JS | 5.5 minutes | 1st Party | Strictly Necessary | up to 500B | Visitor ID (randomly generated ID)
Session ID (uuid)
Time expiration |
_pxac | Sightline Cyberfraud Defense, Bot Defender | Allows passing an access token that the Enforcer extracts. If the value matches the Console token, the request is whitelisted. | N/A | N/A | N/A | N/A | Access token (Free pass) | N/A |
_pxde | Sightline Cyberfraud Defense, Bot Defender | Data enrichment feature (e.g., is the user in access control) | JS | 5 days | 1st Party | Analytics | 100B-200B | Hashed incident type
Hashed access control identification |
_pxff_* (e.g _pxff_af_c, _pxff_af_rf, _pxff_af_se, _pxff_af_sp, _pxff_af_wp, _pxff_bdd, _pxff_idp_c, _pxff_idp_p, _pxff_wa, _pxff_wow, _pxff_ww, _pxff_tm) | Sightline Cyberfraud Defense, Bot Defender | Used to flag features for browser detection and distinguishing whether it is a real user or malicious bot. | JS | 1 day | 1st Party | Strictly Necessary | 9B-20B | All pxff cookies are feature flags for HUMAN code, including no visitor-specific data, but instead instructions for HUMAN client-side code. |
_pxhd | Sightline Cyberfraud Defense, Bot Defender | Used for server-side detection and distinguishing whether it is a real user or malicious bot. | HTTP | 1 year | 1st Party | Strictly Necessary | 106B | Visitor ID (randomly generated ID) |
_pxmvid | Sightline Cyberfraud Defense, Bot Defender | User Token (from WebView via mobile SDK integration) | JS | 1 hour | 1st Party | Strictly Necessary | 43B | Visitor ID (randomly generated ID) |
_pxttld | Sightline Cyberfraud Defense, Bot Defender | Determines the appropriate domain settings for cookies to enable site-wide detection functionality | JS | 1 millisecond | 1st Party | Strictly Necessary | 8B | |
_pxvid | Sightline Cyberfraud Defense, Bot Defender, Code Defender | Used for browser detection and distinguishing whether it is a real user or malicious bot. | JS | 1 year | 1st Party | Strictly Necessary | 42B | Visitor ID (randomly generated ID) |
pxcts | Sightline Cyberfraud Defense, Bot Defender, Code Defender | Used to maintain a cross-tab session | JS | session | 1st Party | Strictly Necessary | 43B | Cross-tab session
(randomly generated ID). Falls back to local storage if first-party cookies are blocked. |
__pxvid | Code Defender | Used to differentiate users for cost purposes as well as counters, such as how many users were exposed to a certain behavior caused by a script. HUMAN can add a secure flag to this cookie upon request. | JS | 1 year | 1st Party | Strictly Necessary | 43B | Visitor ID (randomly generated ID) |
_pxwvm | Bot Defender, Account Defender | Configured by the Mobile SDK to indicate to the Sensor that it’s operating within a web view context inside a mobile app. | JS | session / 1 year | 1st Party | Strictly Necessary | N/A | |
_pxmd | Bot Defender, Account Defender | Contains data from the Mobile SDK related to the current session. | JS | Session / Session storage | 1st Party | Strictly Necessary | N/A | |
_pxda | Bot Defender, Account Defender | Indicates that the Doctor App feature is enabled in the Mobile SDK. | JS | Session | 1st Party | N/A | N/A | |
_px_mobile_data | Bot Defender, Account Defender | Contains data from the Mobile SDK related to the current session. | JS | Session / Session storage | 1st Party | Strictly Necessary | N/A | |
