What is a Supercookie?
When HTTP cookies are set they are normally targeted at a specific private domain, for example
example.com, in which case a web browser would send the cookies to all websites in this domain —
login.example.com etc. A normal header for setting such cookie would look like this:
Set-Cookie: name=value; domain=.example.com
Some websites however may mistakenly or maliciously set cookies for a top-level domain, for example
domain=.com. Most modern browsers would properly ignore such headers, but older versions might have actually acccepted and sent such cookies.
WebCookies.org will warn about such cookies being set by a website.
Supercookies should not be mistaken for Evercookies.