When HTTP cookies are set they are normally targeted at a specific private domain, for example example.com, in which case a web browser would send the cookies to all websites in this domain — www.example.com, login.example.com etc. A normal header for setting such cookie would look like this:

Set-Cookie: name=value; domain=.example.com

Some websites however may mistakenly or maliciously set cookies for a top-level domain, for example domain=.com. Most modern browsers would properly ignore such headers, but older versions might have actually acccepted and sent such cookies.

WebCookies.org will warn about such cookies being set by a website.

Supercookies should not be mistaken for Evercookies.

Fully automated RESTful API is now available. Subscribe for your free trial today!