Supercookie
Also known as: evercookie, zombie cookie
A tracking identifier stored in a place that survives normal cookie deletion.
Supercookies use less-obvious storage — HSTS pins, ETag caching, IndexedDB, service worker caches, TLS session tickets — to re-identify a browser after the user clears cookies. Some ISPs have historically injected supercookie-like identifiers at the network level.
Browser vendors have closed most known vectors, but the class of attack persists. Regularly clearing site data and using strict isolation (Firefox Total Cookie Protection, Safari ITP) reduces the risk.
Related terms
A small piece of data a website stores in your browser to remember state between requests.
Identifying a user by combining many small browser and device attributes into a unique signature.
Code, pixel or request that collects information about a user across websites.
