Recent security patches have covered many security leaks. Some of the changes were added via .htaccess files either in Magento root or in specific directories (e.g. shell directory). These fixes will be applied automatically, if your Magento 1.x installation is running on Apache 2, but it won’t work if you prefer Nginx. In this post we will show you the proper Nginx config which provides the same result with a few additions.
| Cookie | Duration | Description |
|---|---|---|
| __jid | 1 day | Used to add comments to the website and remember the user's Disqus login credentials across websites that use said service. |
| cf_ob_info | past | The cf_ob_info cookie is set by Cloudflare to provide information on HTTP Status Code returned by the origin web server, the Ray ID of the original failed request and the data center serving the traffic. |
| cf_use_ob | past | Cloudflare sets this cookie to improve page load times and to disallow any security restrictions based on the visitor's IP address. |
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| li_gc | 2 years | Linkeding cookie that stores the user's cookie consent state for the current domain |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
| Cookie | Duration | Description |
|---|---|---|
| _ga | 2 years | Google Analytics cookie. Used to identify unique users and expires after two years |
| _gat | 1 day | Used by Google Analytics to throttle request rate |
| _gid | 24 hours | Google Analytics cookie. Used to identify user and expires in 24 hours. |
| _hjAbsoluteSessionInProgress | 30 minutes | Hotjar cookie. Used to detect the first pageview session of a user. 30 minutes duration. Boolean true/false data type. |
| _hjFirstSeen | User session | Hotjar cookie. Identifies a new user’s first session. Used by Recording filters to identify new user sessions. Session duration. Boolean true/false data type. |
| _hjIncludedInPageviewSample | 30 minutes | Hotjar cookie. Set to determine if a user is included in the data sampling defined by your site's pageview limit. 30 minutes duration. Boolean true/false data type. |
| _hjIncludedInSessionSample | 30 minutes | Hotjar cookie. Set to determine if a user is included in the data sampling defined by your site's daily session limit. 30 minutes duration. Boolean true/false data type. |
| _hjRecordingLastActivity | User session | Hotjar cookie. Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes |
| _hjSession_2881021 | 30 minutes | Hotjar cookie. Holds current session data. Ensures subsequent requests in the session window are attributed to the same session. 30 minutes duration. JSON data type. |
| _hjSessionRejected | User session | Hotjar cookie. If present, set to '1' for the duration of a user's session, when Hotjar has rejected the session from connecting to our WebSocket due to server overload. Applied in extremely rare situations to prevent severe performance issues. Session duration. Boolean true/false data type. |
| _hjSessionUser_2881021 | 1 year | Hotjar cookie. Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Ensures data from subsequent visits to the same site are attributed to the same user ID. 365 days duration. JSON data type. |
| _hjTLDTest | User session | Hotjar cookie. Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator. |
| AnalyticsSyncHistory | 29 days | Linkedin cookie. Used in connection with data-synchronization with third-party analysis service. |
| disqus_unique | 1 year | Disqus cookie. Collects statistics related to the user's visits to the website, such as number of visits, average time spent on the website and loaded pages. |
| https://#.#/ | User session | leadfeeder.com cookie. Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator. |
| juggler/event.gif | User session | Disqus cookie. Identifies the visitor across devices and visits, in order to optimize the chat-box function on the website. |
| Cookie | Duration | Description |
|---|---|---|
| aet-dismiss | User session | Disqus cookie. Necessary for the functionality of the website's comments system |
| drafts.queue | Disqus cookie. Necessary for the functionality of the website's comments system | |
| lang | Linkedin cookie. Remembers the user's selected language version of a website | |
| submitted_posts_cache | User session | Disqus cookie. Necessary for the functionality of the website's comments system |
| Cookie | Duration | Description |
|---|---|---|
| _hjRecordingEnabled | User session | Hotjar cookie. This cookie is used to identify the visitor and optimize ad-relevance by collecting visitor data from multiple websites – this exchange of visitor data is normally provided by a third-party data-center or ad-exchange. |
| _lfa | 2 years | Leadfeeder cookie. Used to store and track audience reach and expires in 2 years. |
| _lfa_expiry | persistent | Leadfeeder cookie. : Contains the expiry-date for the cookie with corresponding name |
| _lfa_test_cookie_stored | 1 day | Leadfeeder cookie. Used in context with Account-Based-Marketing (ABM). The cookie registers data such as IP-addresses, time spent on the website and page requests for the visit. This is used for retargeting of multiple users rooting from the same IP-addresses. ABM usually facilitates B2B marketing purposes |
| ads/ga-audiences | User session | Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites. |
| badges-message | Persistent | Disqus cookie. Used for comments functionality |
| bcookie | 2 years | Used by the social networking service, LinkedIn, for tracking the use of embedded services. |
| bscookie | 2 years | Used by the social networking service, LinkedIn, for tracking the use of embedded services. |
| lidc | 1 day | Used by the social networking service, LinkedIn, for tracking the use of embedded services. |
| UserMatchHistory | 29 days | Linkedin cookie. Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor. |
