https://my.asos.com/

Title: "ASOS | Sign in"

Category: Arts & Fashion

Keywords: asos plus shop curve advice allnew fashion vintage bodyback giftstop shopping product50 rangeasos stylesnew brandsasos brandsshop productview accessoriesshop insidersfashion allclothingshoesaccessoriesface

Privacy Impact Score

Privacy Impact Score is a score reflecting overall cookie-related impact of the website relative to other websites, primarily taking into account the number of third-party domains it reports to and number of persistent cookies it sets. See Privacy Impact Score article for more details.

Third-party domains

Persistent cookies

Session cookies

Third-party domains is the count of organisations allowed by the webmaster to trace your across the site. These cookies may be set for various purposes, like tracking ads displayed on the website, collection of statistics, targeted advertising etc. This website allows 6 other websites to track your activity.

Persistent cookies are the cookies that are preserved through browser shutdowns. This means, even if you close this page today and ever return there in future, the website will know you're a returning visitor. This may be used for "remember me" features, as well as persistent user tracking. These cookies, especially if set by third party organisations, are powerful tool for monitoring your activities across all the websites you visit. This website sets 19 persistent cookies with average life-time of 413 days and longest 732 days.

Session cookies are cleared when you close your browser and allow the website to identify user's state — such as logged-in users. They are mostly considered harmless because they cannot be used for long-term user tracking. This site sets 24 session cookies.

Last fetched: 2020-07-03T15:25:08.769945+00:00

HTTP status: 200 200

Cookies and Privacy Attributes


                browseMVT

Type: HTTP Cookie
Domain: my.asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and correctly uses the Secure flag to prevent session identifier leaks through plaintext channels » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
nam-control-group
```
- Length: 17 bytes (136 bits)
- Information entropy: 3.45 bits (average bits per symbol)
- Information content: 58.73 bits

Cookie classification: same-origin session


                AMCV_C0137F6A52DEAFCC0A490D4C@AdobeOrg

Unique user tracking cookie set by Adobe Experience Cloud Visitor ID service

» More...

Type: HTTP Cookie
Domain: asos.com
This cookie expires in 729 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...

Sample value:

-1303530583|MCIDTS|18447|MCMID|53624134752562143242344713591161223326|MCAAMLH-1594394703|6|MCAAMB-1594394703|6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y|MCOPTOUT-1593797103s|NONE|MCAID|NONE|MCSYNCSOP|411-18454|vVersion|3.3.0

This might be a Base64-encoded cookie. Decoded value:

b'0#\x8fL\xe5\x13' … b'4\xe3D' … b'4\xe3D' … b"\xbdW\xab\xb2*'"

Length: 18 bytes (144 bits)
Information entropy: 3.84 bits (average bits per symbol)
Information content: 69.06 bits

Cookie classification: same-origin persistent


                s_ecid

Type: HTTP Cookie
Domain: asos.com
This cookie expires in 729 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
sameSite This flag prevents the cookie from being automatically sent by browser at specific cross-site requests, protecting from a range of attacks against authentication and authorization (for example CSRF) » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
MCMID|53624134752562143242344713591161223326
```
- Length: 44 bytes (352 bits)
- Information entropy: 3.31 bits (average bits per symbol)
- Information content: 145.54 bits

Cookie classification: same-origin persistent


                check

Type: HTTP Cookie
Domain: asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and correctly uses the Secure flag to prevent session identifier leaks through plaintext channels » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
true
```
This might be a Base64-encoded cookie. Decoded value:
```
b'\xb6\xbb\x9e'
```
- Length: 3 bytes (24 bits)
- Information entropy: 1.58 bits (average bits per symbol)
- Information content: 4.75 bits

Cookie classification: same-origin session


                mbox

Type: HTTP Cookie
Domain: asos.com
This cookie expires in 732 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...

Sample value:

session#37aa384dce8a4f0fbb48ba60c4c5a494#1593791765|PC#37aa384dce8a4f0fbb48ba60c4c5a494.37_0#1657034705

This might be a Base64-encoded cookie. Decoded value:

b'\xdf\xb6\x9a\xdf\xce\x1dq\xef\x1a\xe1\xfd\x1fm\xbe<m\xae\xb4s\x879k\x8fx' … b'\xdf\xb6\x9a\xdf\xce\x1dq\xef\x1a\xe1\xfd\x1fm\xbe<m\xae\xb4s\x879k\x8fx'

Length: 48 bytes (384 bits)
Information entropy: 4.42 bits (average bits per symbol)
Information content: 212.08 bits

Cookie classification: same-origin persistent


                mboxPC

Type: HTTP Cookie
Domain: asoscomltd.tt.omtrdc.net
This cookie expires in 731 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie is not readable by client-side JavaScript code » More...
Sample value:
```
37aa384dce8a4f0fbb48ba60c4c5a494.37_0
```
This might be a Base64-encoded cookie. Decoded value:
```
b'\xdf\xb6\x9a\xdf\xce\x1dq\xef\x1a\xe1\xfd\x1fm\xbe<m\xae\xb4s\x879k\x8fx'
```
- Length: 24 bytes (192 bits)
- Information entropy: 4.42 bits (average bits per symbol)
- Information content: 106.04 bits

Cookie classification: third-party persistent


                mboxSession

Type: HTTP Cookie
Domain: asoscomltd.tt.omtrdc.net
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and is sent over TLS but is not protected with Secure flag, which means if the page is loaded over plain HTTP or any of the pages loads mixed content the cookie may be leaked » More...
sameSite This flag prevents the cookie from being automatically sent by browser at specific cross-site requests, protecting from a range of attacks against authentication and authorization (for example CSRF) » More...
httpOnly This cookie is not readable by client-side JavaScript code » More...
Sample value:
```
37aa384dce8a4f0fbb48ba60c4c5a494
```
This seems to be a UUID (GUID), version: 4
This cookie seems to be a hexadecimal-encoded data. Attempted decoded value:
```
b'7\xaa8M\xce\x8aO\x0f\xbbH\xba`\xc4\xc5\xa4\x94'
```
This seems to be a MD5 hex-encoded cookie
- Length: 16 bytes (128 bits)
- Information entropy: 4.00 bits (average bits per symbol)
- Information content: 64.00 bits

Cookie classification: third-party session


                gig_canary_ver_3_GNj4zF8XRKKMJ16RgOtacywNOmbD1Ms7kvCLUDF02EPXjis6U0-exJJYYlYVjVRS

Type: HTTP Cookie
Domain: cdns.eu1.gigya.com

A number of privacy protection projects maintain lists of known web trackers. These trackers will be in most cases effectively blocked by their browser extensions:

Tracker gigya (category content) will be blocked by privacybadger

This cookie expires in 365 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
11036-5-26563155
```
This might be a Base64-encoded cookie. Decoded value:
```
b'\xdb\xaez\xdf^y'
```
- Length: 6 bytes (48 bits)
- Information entropy: 2.58 bits (average bits per symbol)
- Information content: 15.51 bits

Cookie classification: third-party persistent


                gig_canary_3_GNj4zF8XRKKMJ16RgOtacywNOmbD1Ms7kvCLUDF02EPXjis6U0-exJJYYlYVjVRS

Type: HTTP Cookie
Domain: cdns.eu1.gigya.com

A number of privacy protection projects maintain lists of known web trackers. These trackers will be in most cases effectively blocked by their browser extensions:

Tracker gigya (category content) will be blocked by privacybadger

This cookie expires in 365 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
false
```
- Length: 5 bytes (40 bits)
- Information entropy: 2.32 bits (average bits per symbol)
- Information content: 11.61 bits

Cookie classification: third-party persistent


                ai_session

Type: HTTP Cookie
Domain: my.asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and is sent over TLS but is not protected with Secure flag, which means if the page is loaded over plain HTTP or any of the pages loads mixed content the cookie may be leaked » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
F+uxo|1593789904218|1593789904218
```
- Length: 33 bytes (264 bits)
- Information entropy: 3.67 bits (average bits per symbol)
- Information content: 120.96 bits

Cookie classification: same-origin session

RT

Type: HTTP Cookie
Domain: asos.com
This cookie expires in 7 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...

Sample value:

"z=1&dm=asos.com&si=30571efc-5ad0-443b-b0c1-8153d535ae90&ss=kc6dcvad&sl=1&tt=1ck&bcn=//684dd30d.akstat.io/&ld=1cv"

This might be a Base64-encoded cookie. Decoded value:

b'\xe5\xa7t' … b'\xe3\x8d\xdb' … b'oG5' … b'\xf3^ww\x9d\xf9i\xeft' … b'm\xc9'

Length: 20 bytes (160 bits)
Information entropy: 4.12 bits (average bits per symbol)
Information content: 82.44 bits

Cookie classification: same-origin persistent


                s_cc

Adobe Experience Cloud functional cookie set and read by the JavaScript code to determine if cookies are enabled

» More...

Type: HTTP Cookie
Domain: asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and correctly uses the Secure flag to prevent session identifier leaks through plaintext channels » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
true
```
This might be a Base64-encoded cookie. Decoded value:
```
b'\xb6\xbb\x9e'
```
- Length: 3 bytes (24 bits)
- Information entropy: 1.58 bits (average bits per symbol)
- Information content: 4.75 bits

Cookie classification: same-origin session


                _s_fpv

Type: HTTP Cookie
Domain: asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and correctly uses the Secure flag to prevent session identifier leaks through plaintext channels » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
true
```
This might be a Base64-encoded cookie. Decoded value:
```
b'\xb6\xbb\x9e'
```
- Length: 3 bytes (24 bits)
- Information entropy: 1.58 bits (average bits per symbol)
- Information content: 4.75 bits

Cookie classification: same-origin session


                s_pers

Type: HTTP Cookie
Domain: asos.com
This cookie expires in 365 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...

Sample value:

 s_vnum=1596240000158%26vn%3D1|1596240000158; s_invisit=true|1593791704158; s_nr=1593789904164-New|1625325904164; gpv_p10=desktop%20com%20%7C%20secure%20%7C%20sign%20in|1593791704166; gpv_e47=no%20value|1593791704169;

This might be a Base64-encoded cookie. Decoded value:

b'\xdb\xab\xe7' … b'\x8a{\xe2\xb2+' … b'\xa7]' … b'\xdbK\x1er\xea\xde' … b'\xdbH\xa7' … b'{\x8e'

Length: 21 bytes (168 bits)
Information entropy: 3.98 bits (average bits per symbol)
Information content: 83.48 bits

Cookie classification: same-origin persistent

dpm

Type: HTTP Cookie
Domain: dpm.demdex.net

A number of privacy protection projects maintain lists of known web trackers. These trackers will be in most cases effectively blocked by their browser extensions:

Tracker adobe (category analytics) will be blocked by privacybadger

This cookie expires in 180 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
53344645438041144242370816515030621778
```
- Length: 38 bytes (304 bits)
- Information entropy: 3.08 bits (average bits per symbol)
- Information content: 126.00 bits

Cookie classification: third-party persistent


                demdex

Adobe Audience Manager sets this tracking cookie to assign a unique ID to a site visitor. The demdex cookie helps Audience Manger perform basic functions such as visitor identification, ID synchronization, segmentation, modeling, reporting, etc.

» More...

Type: HTTP Cookie
Domain: demdex.net

A number of privacy protection projects maintain lists of known web trackers. These trackers will be in most cases effectively blocked by their browser extensions:

Tracker adobe (category analytics) will be blocked by disconnectme
Tracker adobe (category analytics) will be blocked by privacybadger

This cookie expires in 180 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
sameSite This flag prevents the cookie from being automatically sent by browser at specific cross-site requests, protecting from a range of attacks against authentication and authorization (for example CSRF) » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
53344645438041144242370816515030621778
```
- Length: 38 bytes (304 bits)
- Information entropy: 3.08 bits (average bits per symbol)
- Information content: 126.00 bits

Cookie classification: third-party persistent


                everest_session_v2

Adobe (former Everest Technologies) tracking cookie

» More...

Type: HTTP Cookie
Domain: everesttech.net

A number of privacy protection projects maintain lists of known web trackers. These trackers will be in most cases effectively blocked by their browser extensions:

Tracker adobe (category analytics) will be blocked by disconnectme
Tracker adobe (category analytics) will be blocked by privacybadger

The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and correctly uses the Secure flag to prevent session identifier leaks through plaintext channels » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
Xv9NxwAAA694RFL0
```
This might be a Base64-encoded cookie. Decoded value:
```
b'^\xffM\xc7\x00\x00\x03\xafxDR\xf4'
```
- Length: 12 bytes (96 bits)
- Information entropy: 3.42 bits (average bits per symbol)
- Information content: 41.02 bits

Cookie classification: third-party session


                everest_g_v2

Adobe (former Everest Technologies) tracking cookie

» More...

Type: HTTP Cookie
Domain: everesttech.net

A number of privacy protection projects maintain lists of known web trackers. These trackers will be in most cases effectively blocked by their browser extensions:

Tracker adobe (category analytics) will be blocked by disconnectme
Tracker adobe (category analytics) will be blocked by privacybadger

This cookie expires in 729 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
g_surferid~Xv9NxwAAA694Q1L0
```
This might be a Base64-encoded cookie. Decoded value:
```
b'\xb2\xea\xdfz\xb8\x9d' … b'^\xffM\xc7\x00\x00\x03\xafxCR\xf4'
```
- Length: 18 bytes (144 bits)
- Information entropy: 4.06 bits (average bits per symbol)
- Information content: 73.06 bits

Cookie classification: third-party persistent


                gig_bootstrap_3_Gl66L3LpFTiwZ8jWQ9x_4MLyUUHPRmPtRni0hzJ9RH5WA2Ro6tUv47yNXtKn3HQ8

Type: HTTP Cookie
Domain: asos.com
This cookie expires in 365 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
_gigya_ver3
```
This might be a Base64-encoded cookie. Decoded value:
```
b'\xbd\xea\xf7'
```
- Length: 3 bytes (24 bits)
- Information entropy: 1.58 bits (average bits per symbol)
- Information content: 4.75 bits

Cookie classification: same-origin persistent


                hasGmid

Type: HTTP Cookie
Domain: gigya.com

A number of privacy protection projects maintain lists of known web trackers. These trackers will be in most cases effectively blocked by their browser extensions:

Tracker gigya (category content) will be blocked by disconnectme
Tracker gigya (category content) will be blocked by privacybadger
Tracker gigya (category content) will be blocked by eff

This cookie expires in 184 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
ver3
```
This might be a Base64-encoded cookie. Decoded value:
```
b'\xbd\xea\xf7'
```
- Length: 3 bytes (24 bits)
- Information entropy: 1.58 bits (average bits per symbol)
- Information content: 4.75 bits

Cookie classification: third-party persistent


                ucid

Type: HTTP Cookie
Domain: gigya.com

A number of privacy protection projects maintain lists of known web trackers. These trackers will be in most cases effectively blocked by their browser extensions:

Tracker gigya (category content) will be blocked by disconnectme
Tracker gigya (category content) will be blocked by privacybadger
Tracker gigya (category content) will be blocked by eff

This cookie expires in 364 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
DstZCElqbY0yzm_MIVIweg
```
- Length: 22 bytes (176 bits)
- Information entropy: 4.37 bits (average bits per symbol)
- Information content: 96.11 bits

Cookie classification: third-party persistent


                gmid

Type: HTTP Cookie
Domain: gigya.com

A number of privacy protection projects maintain lists of known web trackers. These trackers will be in most cases effectively blocked by their browser extensions:

Tracker gigya (category content) will be blocked by disconnectme
Tracker gigya (category content) will be blocked by privacybadger
Tracker gigya (category content) will be blocked by eff

This cookie expires in 364 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
sameSite This flag prevents the cookie from being automatically sent by browser at specific cross-site requests, protecting from a range of attacks against authentication and authorization (for example CSRF) » More...
httpOnly This cookie is not readable by client-side JavaScript code » More...
Sample value:
```
dqPdBdosWgX1nN4sohUan5O2cuI0dgtzE_FDcb7462w
```
- Length: 43 bytes (344 bits)
- Information entropy: 4.91 bits (average bits per symbol)
- Information content: 211.33 bits

Cookie classification: third-party persistent


                AMCVS_C0137F6A52DEAFCC0A490D4C@AdobeOrg

Technical cookie set by Adobe Experience Cloud that holds a boolean flag indicating whether session for this particular visitor has been initialized. The cookies is a counterpart to AMCV_ cookie that holds full session identifier.

» More...

Type: HTTP Cookie
Domain: asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and correctly uses the Secure flag to prevent session identifier leaks through plaintext channels » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
1
```
- Length: 1 bytes (8 bits)
- Information entropy: 0.00 bits (average bits per symbol)
- Information content: 1.00 bits

Cookie classification: same-origin session


                apiDomain_3_GNj4zF8XRKKMJ16RgOtacywNOmbD1Ms7kvCLUDF02EPXjis6U0-exJJYYlYVjVRS

Type: HTTP Cookie
Domain: cdns.eu1.gigya.com

A number of privacy protection projects maintain lists of known web trackers. These trackers will be in most cases effectively blocked by their browser extensions:

Tracker gigya (category content) will be blocked by privacybadger

This cookie expires in 365 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
eu1.gigya.com
```
- Length: 13 bytes (104 bits)
- Information entropy: 3.39 bits (average bits per symbol)
- Information content: 44.11 bits

Cookie classification: third-party persistent


                _abck

Type: HTTP Cookie
Domain: asos.com
This cookie expires in 365 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...

Sample value:

A4D98E258B92BDDFC47A49D813B4AA0B~-1~YAAQBkYUAr8iNQ9zAQAAldFHFQQN5sqWvQBGkYXR5u9HjwDYNi+lLo3RdkiUxGVrxMdadlkoe6YY1eSEaIcKgYIBFvf9mivjUtA7FeV2GA8gktBThacFJYmtzldCkDAct4FGpbixNTNL9NUPOxbpscf3xpovVmDDQENdNZ9T9Yy1BMK5c96HYHhAPlaiyf1VDKThd91NRn0oGcJOIl77OIQ0VypM6qZeqdg0oIVo7887WORniMAdtn4r0k+9PSWO4OUhWEKKfGK720+HHbXLx+YNfkfDLZrHh6JOSReuM8mj9CHHVdISIF/ylYY8gRIZJShzaAN4~-1~-1~-1

This might be a Base64-encoded cookie. Decoded value:

b'\x03\x80\xfd\xf0M\xb9\xf0\x1fv\x040\xc5\x0b\x8e\xc0\xe3\xd0\xfc\xd7px\x00\r\x01' … b'`\x00\x10\x06F\x14\x02\xbf"5\x0fs\x01\x00\x00\x95\xd1G\x15\x04\r\xe6\xca\x96\xbd\x00F\x91\x85\xd1\xe6\xefG\x8f\x00\xd86/\xa5.\x8d\xd1vH\x94\xc4ek\xc4\xc7ZvY({\xa6\x18\xd5\xe4\x84h\x87\n\x81\x82\x01\x16\xf7\xfd\x9a+\xe3R\xd0;\x15\xe5v\x18\x0f \x92\xd0S\x85\xa7\x05%\x89\xad\xceWB\x900\x1c\xb7\x81F\xa5\xb8\xb153K\xf4\xd5\x0f;\x16\xe9\xb1\xc7\xf7\xc6\x9a/V`\xc3@C]5\x9fS\xf5\x8c\xb5\x04\xc2\xb9s\xde\x87`x@>V\xa2\xc9\xfdU\x0c\xa4\xe1w\xddMF}(\x19\xc2N"^\xfb8\x844W*L\xea\xa6^\xa9\xd84\xa0\x85h\xef\xcf;X\xe4g\x88\xc0\x1d\xb6~+\xd2O\xbd=%\x8e\xe0\xe5!XB\x8a|b\xbb\xdbO\x87\x1d\xb5\xcb\xc7\xe6\r~G\xc3-\x9a\xc7\x87\xa2NI\x17\xae3\xc9\xa3\xf4!\xc7U\xd2\x12 _\xf2\x95\x86<\x81\x12\x19%(sh\x03x'

Length: 270 bytes (2160 bits)
Information entropy: 7.15 bits (average bits per symbol)
Information content: 1930.52 bits

Cookie classification: same-origin persistent


                asos-gdpr22

Type: HTTP Cookie
Domain: asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and correctly uses the Secure flag to prevent session identifier leaks through plaintext channels » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
true
```
This might be a Base64-encoded cookie. Decoded value:
```
b'\xb6\xbb\x9e'
```
- Length: 3 bytes (24 bits)
- Information entropy: 1.58 bits (average bits per symbol)
- Information content: 4.75 bits

Cookie classification: same-origin session


                ak_bmsc

Type: HTTP Cookie
Domain: asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and correctly uses the Secure flag to prevent session identifier leaks through plaintext channels » More...
httpOnly This cookie is not readable by client-side JavaScript code » More...

Sample value:

90F851E640158E04AD70D22AA626923302144606F7540000C64DFF5E845A9912~plcr++MIHroQjzpUAxKytjXq7g+BxYO8tQZY611Pz424vwP5I0dgxE9cdK/OQSVFEgJcCw8FXjuXCrVb4G1mioM8N66RlTxyDVTUXIWhOtPLJ6UW4WQ/+b4TB1OVAwPPyPwHQXb0FQrvf8LE8+uShGlLM/nQ0k7SsqMLWKgykSw0isP3gLGDC6Qj3XTn3t+RDuD4fB0LmoWaSTX+71vBqJ6SEbpettAjuFVBaIXIMqMTExoPVEZvdq7iAjK60jkUfIbyt/pNqAjnJ50XbdvA2U0DasKEcLsNju/4KxkYFjIxU=

This might be a Base64-encoded cookie. Decoded value:

b'\xf7A|\xe7Q:\xe3My\xf0M8\x00>\xf4\x0fm\x80\x03\xad\xba\xf7m\xf7\xd3mx\xe3\xad:\x17\xbex\xd3M4\x0b\xae\x03\x14^D\xf3\x8e@\xf7\xddv'

Length: 48 bytes (384 bits)
Information entropy: 4.97 bits (average bits per symbol)
Information content: 238.57 bits

Cookie classification: same-origin session


                gig_canary_ver

Type: HTTP Cookie
Domain: my.asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and correctly uses the Secure flag to prevent session identifier leaks through plaintext channels » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
11036-5-26563155
```
This might be a Base64-encoded cookie. Decoded value:
```
b'\xdb\xaez\xdf^y'
```
- Length: 6 bytes (48 bits)
- Information entropy: 2.58 bits (average bits per symbol)
- Information content: 15.51 bits

Cookie classification: same-origin session


                gig_canary

Type: HTTP Cookie
Domain: my.asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and correctly uses the Secure flag to prevent session identifier leaks through plaintext channels » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
false
```
- Length: 5 bytes (40 bits)
- Information entropy: 2.32 bits (average bits per symbol)
- Information content: 11.61 bits

Cookie classification: same-origin session


                ai_user

Type: HTTP Cookie
Domain: my.asos.com
This cookie expires in 365 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
tc03G|2020-07-03T15:25:03.046Z
```
This might be a Base64-encoded cookie. Decoded value:
```
b'\xdbM\xb4' … b'\xd3\x8e\x99'
```
- Length: 6 bytes (48 bits)
- Information entropy: 2.58 bits (average bits per symbol)
- Information content: 15.51 bits

Cookie classification: same-origin persistent


                bm_mi

Type: HTTP Cookie
Domain: asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and correctly uses the Secure flag to prevent session identifier leaks through plaintext channels » More...
httpOnly This cookie is not readable by client-side JavaScript code » More...

Sample value:

6FB2E619779AFCDBC87616B2DE287AB2~oG8CnHOFPdvOKh5FZaisMk4ttuffmUvBBV27zFZowxIIEAIowphfoHkmiMs9m/J6mfzmAzbUQW09eDQhcfxLvsjzoqH6ZFfANM+7nb8slLyV6PDv2e+XchnlApItNjOl/iUsHkNfSWfC7gKnQMjeuRDbMfCYId7O84KiZpZsuaGfffX9sdtUcW8slMv2bEviBmRm0XJSzuVaTBOig4TmKneD0Aj/7QXZ+DTjPaDVLE/2DXlE1FiSgyt9flN8UWvTkueKHsLv2LkswpvCF8nGd8jhDYr7eeJyo1VFbMbX1WQ=

This might be a Base64-encoded cookie. Decoded value:

b'\xe8Pv\x13\xad}\xef\xbf@\x14 \xc1\x0b\xce\xfa\xd7\xa0v\x0cM\xbc\xec\x00v' … b'\xa0o\x02\x9cs\x85=\xdb\xce*\x1eEe\xa8\xac2N-\xb6\xe7\xdf\x99K\xc1\x05]\xbb\xccVh\xc3\x12\x08\x10\x02(\xc2\x98_\xa0y&\x88\xcb=\x9b\xf2z\x99\xfc\xe6\x036\xd4Am=x4!q\xfcK\xbe\xc8\xf3\xa2\xa1\xfadW\xc04\xcf\xbb\x9d\xbf,\x94\xbc\x95\xe8\xf0\xef\xd9\xef\x97r\x19\xe5\x02\x92-63\xa5\xfe%,\x1eC_Ig\xc2\xee\x02\xa7@\xc8\xde\xb9\x10\xdb1\xf0\x98!\xde\xce\xf3\x82\xa2f\x96l\xb9\xa1\x9f}\xf5\xfd\xb1\xdbTqo,\x94\xcb\xf6lK\xe2\x06df\xd1rR\xce\xe5ZL\x13\xa2\x83\x84\xe6*w\x83\xd0\x08\xff\xed\x05\xd9\xf84\xe3=\xa0\xd5,O\xf6\ryD\xd4X\x92\x83+}~S|Qk\xd3\x92\xe7\x8a\x1e\xc2\xef\xd8\xb9,\xc2\x9b\xc2\x17\xc9\xc6w\xc8\xe1\r\x8a\xfby\xe2r\xa3UEl\xc6\xd7\xd5d'

Length: 248 bytes (1984 bits)
Information entropy: 7.06 bits (average bits per symbol)
Information content: 1752.10 bits

Cookie classification: same-origin session


                idsrv.xsrf

Type: HTTP Cookie
Domain: my.asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and is sent over TLS but is not protected with Secure flag, which means if the page is loaded over plain HTTP or any of the pages loads mixed content the cookie may be leaked » More...
sameSite This flag prevents the cookie from being automatically sent by browser at specific cross-site requests, protecting from a range of attacks against authentication and authorization (for example CSRF) » More...
httpOnly This cookie is not readable by client-side JavaScript code » More...
Sample value:
```
W_95bVfhvjPhVLGSzeYJ5Vb0A5AqZAZHv4q-IBEMmB5ZRMcLNQj8eYNl1Fhq2QREecnFXjO_0Lwb9Gy0hFn95qBRsnc
```
- Length: 91 bytes (728 bits)
- Information entropy: 5.30 bits (average bits per symbol)
- Information content: 482.03 bits

Cookie classification: same-origin session


                SignInMessage.0afcfd7d4e9fc2d0c2d6420caefd8344

Type: HTTP Cookie
Domain: my.asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and is sent over TLS but is not protected with Secure flag, which means if the page is loaded over plain HTTP or any of the pages loads mixed content the cookie may be leaked » More...
httpOnly This cookie is not readable by client-side JavaScript code » More...

Sample value:

Z-VGEpereGtIteToF42KpWONyn59bglvJmZMQxOlbfDlTVgD5DpapQWff-Sr7Ba5jf2tgZ0X9KIsNJR8sRM8cT7x4zCFmKQF3e7fiqsqjolrUiyzv14XTIDiLZDwQWWk5o0-XnCgeeWpLedlnbuI7Ys3ujO3HiQMQfSJifIxV_fSaIbLPQmII3Otk5s0Hl9nZ8b5eeh-SPMsmk_NiHvQ3mQsjUhhaJxDXrVsbXTtrTpwnDjywkuLF9fcMDOGrJe3NteXchoODUUAvgD9nSywOquK526fSc6hmhBqfhOg_-GHCv1PqGk4f7hsOWBmGhUObMZJpmZmr86VQhCOrIUAKeU5i9_F-KDIfUOmqEokVsBfod4vt4y_ISTZ8dlxSmiXFU_4_MtP0N4KhMeNRzYl47R3dHneb7n-yzkcQAFLtp4_R8C7kx0DlEz68exEjaWzNK69SbTljD3Lnm1zHEIwQo4ja3A25iRAq_D_VYI4TEakkWut3NE0DYC2An4SP1dzZqFyZMj3LFJ1juUlXQdztUoPmxHMcCIuyuij9pVnB9GzFi9QivlNpPf7yWK3qc4b3ddqxo3ZO38C_dvRW2bEUcwcW92lc7AwLB5vFRLwv4WUFp4FFsVWqk73GB3Zee_lYsMLHG7UqfF5yEkuD4Mi57W4bc-myRyZjBJ12Wfy16wQv8MMiF_l8vCRzINmj-a6m1KVM__mkMd9mQQF9BXBpV6eIj74jKrZvUT-FoaVAH89vOG-01Fz7CxLvvD2VWBZXOsja6VqJ6bYQQsqGvE46OJCi-uTYDvjQXtO_0fdHQxLBWZlXkkRwLlRsw4RaTnMOUM17XirZjEd592ZzOcTASDJPD_ay75FRucXBB1GhhuJsC9dqqQ866Ah0bC1nv0TWY-7TurJmwLjhSAFY8K4gy1HZLSmeDsr_4CVG_LtG88FEkqCRoaN3kBMLhJsLn-URVvkxOKZx9ek6epkO206Al08o06YvCjtKpL1VJEzBI_wLwJAVvg0XRkdzRijzh8m6RRihGnnTBXEJ5nfyrwXNFShhzV-PuYe02cKivme3tcEpkGJ

This might be a Base64-encoded cookie. Decoded value:

b'\x18p\xaf\xd4\xfa\x86\x93\x87\xfb\x86\xc3\x96\x06a\xa1P\xe6\xccd\x9affj\xfc\xe9T!\x08\xea\xc8P\x02\x9eS\x98\xbd' … b'U\x828LF\xa4\x91k\xad\xdc\xd14\r\x80\xb6\x02~\x12?Wsf\xa1rd\xc8\xf7,Ru\x8e\xe5%]\x07s\xb5J\x0f\x9b\x11\xccp".\xca\xe8\xa3\xf6\x95g\x07\xd1\xb3\x16/P\x8a\xf9M\xa4\xf7\xfb\xc9b\xb7\xa9\xce\x1b\xdd\xd7j\xc6\x8d\xd9;\x7f\x02' … b'\x9aC\x1d\xf6d\x10\x17\xd0W\x06\x95zx\x88\xfb\xe22\xabf\xf5\x13' … b'\xe0%F' … b'.\xd1\xbc\xf0Q$\xa8$hh\xdd\xe4\x04\xc2\xe1&\xc2\xe7' … b'\xc0\xbc\t\x01[\xe0\xd1tdw4b\x8f8|\x9b\xa4Q\x8a\x11\xa7\x9d0W\x10\x9eg\x7f*\xf0\\\xd1R\x86\x1c\xd5' … b'>\xe6\x1e\xd3g\n\x8a\xf9\x9e\xde\xd7\x04\xa6A\x89'

Length: 207 bytes (1656 bits)
Information entropy: 7.02 bits (average bits per symbol)
Information content: 1452.15 bits

Cookie classification: same-origin session


                asos-lan999

Type: HTTP Cookie
Domain: my.asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and is sent over TLS but is not protected with Secure flag, which means if the page is loaded over plain HTTP or any of the pages loads mixed content the cookie may be leaked » More...
sameSite This flag prevents the cookie from being automatically sent by browser at specific cross-site requests, protecting from a range of attacks against authentication and authorization (for example CSRF) » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
en-GB
```
- Length: 5 bytes (40 bits)
- Information entropy: 2.32 bits (average bits per symbol)
- Information content: 11.61 bits

Cookie classification: same-origin session


                userSession.sig

Type: HTTP Cookie
Domain: my.asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and is sent over TLS but is not protected with Secure flag, which means if the page is loaded over plain HTTP or any of the pages loads mixed content the cookie may be leaked » More...
httpOnly This cookie is not readable by client-side JavaScript code » More...
Sample value:
```
rPss5uiEZDA4rdnGqhVeArFH2Fc
```
- Length: 27 bytes (216 bits)
- Information entropy: 4.36 bits (average bits per symbol)
- Information content: 117.63 bits

Cookie classification: same-origin session


                userSession

Type: HTTP Cookie
Domain: my.asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and is sent over TLS but is not protected with Secure flag, which means if the page is loaded over plain HTTP or any of the pages loads mixed content the cookie may be leaked » More...
httpOnly This cookie is not readable by client-side JavaScript code » More...

Sample value:

eyJvaWRjOm15LmFzb3MuY29tIjp7Im5vbmNlIjoiMTlwa0hlYlNBdmNUZmU1Sjh3a3U0aWV5YklFNXk0MHREZmVWaUxPUi1hVSIsInN0YXRlIjoieGZYZVNwa0J1aXhCTVBMeUtSbzJBNEVmZ2JaQUE3Y2Z6aGF2Q2VXZmVROCIsInJlc3BvbnNlX3R5cGUiOiJpZF90b2tlbiB0b2tlbiJ9fQ==

This might be a Base64-encoded cookie. Decoded value:

b'{"oidc:my.asos.com":{"nonce":"19pkHebSAvcTfe5J8wku4ieybIE5y40tDfeViLOR-aU","state":"xfXeSpkBuixBMPLyKRo2A4EfgbZAA7cfzhavCeWfeQ8","response_type":"id_token token"}}'

Length: 163 bytes (1304 bits)
Information entropy: 5.44 bits (average bits per symbol)
Information content: 887.44 bits

Cookie classification: same-origin session


                storeCode

Type: HTTP Cookie
Domain: my.asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and correctly uses the Secure flag to prevent session identifier leaks through plaintext channels » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
COM
```
- Length: 3 bytes (24 bits)
- Information entropy: 1.58 bits (average bits per symbol)
- Information content: 4.75 bits

Cookie classification: same-origin session


                keyStoreDataversion

Type: HTTP Cookie
Domain: my.asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and correctly uses the Secure flag to prevent session identifier leaks through plaintext channels » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
j42uv2x-26
```
- Length: 10 bytes (80 bits)
- Information entropy: 2.85 bits (average bits per symbol)
- Information content: 28.46 bits

Cookie classification: same-origin session


                asos-cou998

Type: HTTP Cookie
Domain: my.asos.com
This cookie expires in 364 days
Secure The cookie sets the Secure flag to prevent its leaking if any of the pages loads mixed content » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
GB
```
- Length: 2 bytes (16 bits)
- Information entropy: 1.00 bits (average bits per symbol)
- Information content: 2.00 bits

Cookie classification: same-origin persistent


                bm_sz

Type: HTTP Cookie
Domain: asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and correctly uses the Secure flag to prevent session identifier leaks through plaintext channels » More...
httpOnly This cookie is not readable by client-side JavaScript code » More...

Sample value:

6A2560DB06E9E3D91390B0A40353C932~YAAQBkYUArsiNQ9zAQAApM1HFQghzNeoU6VkGhco97pHwzC/CVOYwGWKecEvnYctGB5TEsLe8UoQpmjsC9y0mt+Xh+J7QcYrXLTSI5EWew3YllfuWFdDD6CocYIu5kSieUnYi36POsblueUWaMg495bEW4TZZtkx16QXrAgEAzmiAd79lwDgekN2k7K+wA==

This might be a Base64-encoded cookie. Decoded value:

b'\xe8\r\xb9\xeb@\xc1\xd3\xa1=\x13p\xfd\xd7\x7ft\x07@8\xd3~w\x0b\xdd\xf6' … b'`\x00\x10\x06F\x14\x02\xbb"5\x0fs\x01\x00\x00\xa4\xcdG\x15\x08!\xcc\xd7\xa8S\xa5d\x1a\x17(\xf7\xbaG\xc30\xbf\tS\x98\xc0e\x8ay\xc1/\x9d\x87-\x18\x1eS\x12\xc2\xde\xf1J\x10\xa6h\xec\x0b\xdc\xb4\x9a\xdf\x97\x87\xe2{A\xc6+\\\xb4\xd2#\x91\x16{\r\xd8\x96W\xeeXWC\x0f\xa0\xa8q\x82.\xe6D\xa2yI\xd8\x8b~\x8f:\xc6\xe5\xb9\xe5\x16h\xc88\xf7\x96\xc4[\x84\xd9f\xd91\xd7\xa4\x17\xac\x08\x04\x039\xa2\x01\xde\xfd\x97\x00\xe0zCv\x93\xb2\xbe\xc0'

Length: 166 bytes (1328 bits)
Information entropy: 6.85 bits (average bits per symbol)
Information content: 1136.75 bits

Cookie classification: same-origin session


                asos-du123

Type: HTTP Cookie
Domain: my.asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and is sent over TLS but is not protected with Secure flag, which means if the page is loaded over plain HTTP or any of the pages loads mixed content the cookie may be leaked » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
https://my.asos.com/my-account?country=GB
```
This might be a Base64-encoded cookie. Decoded value:
```
b'\xff\xf9\xb2' … b'j\xca,' … b'r\x8b\xa7\xb6\xbc'
```
- Length: 11 bytes (88 bits)
- Information entropy: 3.46 bits (average bits per symbol)
- Information content: 38.05 bits

Cookie classification: same-origin session


                asos-sto997

Type: HTTP Cookie
Domain: my.asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and is sent over TLS but is not protected with Secure flag, which means if the page is loaded over plain HTTP or any of the pages loads mixed content the cookie may be leaked » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
COM
```
- Length: 3 bytes (24 bits)
- Information entropy: 1.58 bits (average bits per symbol)
- Information content: 4.75 bits

Cookie classification: same-origin session


                asos-ts121

Type: HTTP Cookie
Domain: my.asos.com
The cookie is only valid during current browser session and it will be deleted when you close browser
Secure The cookie looks like a session cookie and is sent over TLS but is not protected with Secure flag, which means if the page is loaded over plain HTTP or any of the pages loads mixed content the cookie may be leaked » More...
sameSite This flag prevents the cookie from being automatically sent by browser at specific cross-site requests, protecting from a range of attacks against authentication and authorization (for example CSRF) » More...
httpOnly This cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It's recommended that cookies storing authentication-related session token are protected by the flag » More...
Sample value:
```
2a4a6cb6098f4be489f60c7f8cd5ac4b
```
This seems to be a UUID (GUID), version: 4
This cookie seems to be a hexadecimal-encoded data. Attempted decoded value:
```
b'*Jl\xb6\t\x8fK\xe4\x89\xf6\x0c\x7f\x8c\xd5\xacK'
```
This seems to be a MD5 hex-encoded cookie
- Length: 16 bytes (128 bits)
- Information entropy: 3.88 bits (average bits per symbol)
- Information content: 62.00 bits

Cookie classification: same-origin session

LocalStorage objects

HTML5 LocalStorage is client-side storage introduced by HTML5 and supported by all major browsers. Data stored there is not sent automatically by the browser (unlike HTTP cookies) but is accessible to JavaScript code permanently, until deleted by the application or cleaned manually by the user. These object can be thus compared to first-party persistent cookies from privacy point of view.


                _boomr_akamaiXhrRetry

Type: HTML5 LocalStorage cookie
Size: 36 bytes

Cookie classification: first-party persistent

SessionStorage objects

HTML5 SessionStorage is client-side storage introduced by HTML5 and supported by all major browsers. Data stored there is not sent automatically by the browser (unlike HTTP cookies) but is accessible to JavaScript code during the browser session only, so until the browser window or tab is closed. These object can be thus compared to first-party session cookies from privacy point of view.


                AI_buffer

Type: HTML5 SessionStorage cookie
Size: 2 bytes

Cookie classification: first-party session


                AI_sentBuffer

Type: HTML5 SessionStorage cookie
Size: 1696 bytes

Cookie classification: first-party session

Advanced trackers

Advanced user tracking and fingerprinting techniques are used by websites to bypass privacy protection in web browsers and increase tracking persistence.

GIF_1x1

b'GIF8' … b'\x01\x00\x01\x00'

GIF_1x1

b'GIF8' … b'\x01\x00\x01\x00'

HTTP security-related headers assessment

Security score

-2

Security-related HTTP headers

```
Location: https://my.asos.com/my-account
```
The HTTP Location header is being returned by a server to redirect the web browser to a new URL of the requested resource. The URL may be relative (/index.html) or absolute (https://example.com).
Read more...
```
Report-To: { "group": "default", "max-age": 604800, "endpoints": [ { "url": "https://report.csp.cyberint.io/report" } ] }
```
The header defines a generic reporting framework which allows web developers to associate a set of named reporting endpoints with an origin. Various platform features (like Content Security Policy, Network Error Reporting, and others) may use these endpoints to deliver feature-specific reports in a consistent manner.
Read more...
```
P3P: CP="ASOS does not have a P3P policy"
```
Largely abandoned format for declaring website's privacy policy in machine-readable format. The only reason for many websites to use the header was that old versions of Microsoft Internet Explorer disallowed third-party cookies on websites missing P3P.
Read more...

P3P is a mostly abandoned standard for website privacy policy declaration that has little use today. Please consider switching to DoNotTrack standard.
0
Transport Layer Security (TLS) is enabled
+2
X-Frame-Options header is missing
-2
X-XSS-Protection header is missing
-1
X-Content-Type-Options header is missing
-1

Content Security Policy

```
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://resources.asosservices.com/res/analytics/identity.js https://connect.facebook.net https://bat.bing.com https://asos.sitelabweb.com https://www.google.com https://s2.go-mpulse.net https://www.google-analytics.com https://ci.asosservices.com https://cdns.gigya.com https://ajax.googleapis.com https://static.securedtouch.com https://www.gstatic.com https://az416426.vo.msecnd.net https://www.googletagmanager.com https://assets.asosservices.com https://social.asos.com  https://colres.sitelabweb.com/referrer; style-src 'self' 'unsafe-inline' https://www.gstatic.com; img-src 'self' data: https://metrics.asos.com https://images.asos-media.com https://cm.everesttech.net https://dpm.demdex.net https://asos.demdex.net https://cdn.securedtouch.com https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.facebook.com https://cx.atdmt.com https://www.googletagmanager.com  https://seal.websecurity.norton.com https://colrep.sitelabweb.com; font-src https://assets.asosservices.com; frame-src https://asos.demdex.net https://wkxppshj-qx.global.ssl.fastly.net https://hub.securedtouch.com https://s.thebrighttag.com https://cdns.eu1.gigya.com https://servedby.flashtalking.com https://www.google.com; connect-src 'self' https://*.akamaihd.net https://*.akstat.io/ https://metrics.asos.com https://c.go-mpulse.net https://dpm.demdex.net https://asoscomltd.tt.omtrdc.net https://asos.securedtouch.com https://dc.services.visualstudio.com https://cdns.gigya.com; report-uri https://report.csp.cyberint.io/report; report-to default
```
- Policy delivery method: Content-Security-Policy-Report-Only
- Enforcement: False
  
  The header is not in enforcement mode and it provides no actual protection to the users. Please consider switching the enforcement mode by using Content-Security-Policy header.
- No base-uri allows attackers to inject base tags which override the base URI to an attacker-controlled origin. Set to 'none' unless you need to handle tricky relative URLs scheme
- Consider adding block-all-mixed-content directive if your website is only accessible over TLS and you are certain it doesn not have any legacy plaintext resources. Otherwise you may add adding upgrade-insecure-requests directive if your website may still have some legacy plaintext HTTP resources and you want them to be still available rather than blocked
- Policy that has script-src but not object-src (or default-src: 'none' allows script execution by injecting plugin resources. Please read our CSP guidance for more details for more details
- You should definitely try using 'strict-dynamic' to eliminate those long lists of trusted third-party scripts
- Consider using script-src 'report-sample' as it significantly helps debugging CSP reports. See specification
- Origin script-src 'unsafe-inline' allows bypassing of CSP and execution of inlined untrusted scripts. Use 'nonce-' or 'sha256-' instead
- Origin script-src 'unsafe-eval' allows bypassing of CSP and execution of inlined untrusted scripts. Use 'nonce-' or 'sha256-' instead
- Origin script-src https://www.google.com is known to host JSONP which can be used to bypass CSP and execute untrusted scripts
- Origin script-src https://www.google-analytics.com is known to host JSONP which can be used to bypass CSP and execute untrusted scripts
- Origin script-src https://ajax.googleapis.com is known to host JSONP which can be used to bypass CSP and execute untrusted scripts
- Origin script-src https://www.gstatic.com is known to host JSONP which can be used to bypass CSP and execute untrusted scripts
- Origin style-src 'unsafe-inline' allows bypassing of CSP and execution of inlined untrusted scripts. Use 'nonce-' or 'sha256-' instead
```
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://resources.asosservices.com/res/analytics/identity.js https://connect.facebook.net https://bat.bing.com https://asos.sitelabweb.com https://www.google.com https://s2.go-mpulse.net https://www.google-analytics.com https://ci.asosservices.com https://cdns.gigya.com https://ajax.googleapis.com https://static.securedtouch.com https://www.gstatic.com https://az416426.vo.msecnd.net https://www.googletagmanager.com https://assets.asosservices.com https://social.asos.com  https://colres.sitelabweb.com/referrer; style-src 'self' 'unsafe-inline' https://www.gstatic.com; img-src 'self' data: https://metrics.asos.com https://images.asos-media.com https://cm.everesttech.net https://dpm.demdex.net https://asos.demdex.net https://cdn.securedtouch.com https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.facebook.com https://cx.atdmt.com https://www.googletagmanager.com  https://seal.websecurity.norton.com https://colrep.sitelabweb.com; font-src https://assets.asosservices.com; frame-src https://asos.demdex.net https://wkxppshj-qx.global.ssl.fastly.net https://hub.securedtouch.com https://s.thebrighttag.com https://cdns.eu1.gigya.com https://servedby.flashtalking.com https://www.google.com; connect-src 'self' https://*.akamaihd.net https://*.akstat.io/ https://metrics.asos.com https://c.go-mpulse.net https://dpm.demdex.net https://asoscomltd.tt.omtrdc.net https://asos.securedtouch.com https://dc.services.visualstudio.com https://cdns.gigya.com; report-uri https://report.csp.cyberint.io/report; report-to default
```
- Policy delivery method: Content-Security-Policy-Report-Only
- Enforcement: False
  
  The header is not in enforcement mode and it provides no actual protection to the users. Please consider switching the enforcement mode by using Content-Security-Policy header.
- No base-uri allows attackers to inject base tags which override the base URI to an attacker-controlled origin. Set to 'none' unless you need to handle tricky relative URLs scheme
- Consider adding block-all-mixed-content directive if your website is only accessible over TLS and you are certain it doesn not have any legacy plaintext resources. Otherwise you may add adding upgrade-insecure-requests directive if your website may still have some legacy plaintext HTTP resources and you want them to be still available rather than blocked
- Policy that has script-src but not object-src (or default-src: 'none' allows script execution by injecting plugin resources. Please read our CSP guidance for more details for more details
- You should definitely try using 'strict-dynamic' to eliminate those long lists of trusted third-party scripts
- Consider using script-src 'report-sample' as it significantly helps debugging CSP reports. See specification
- Origin script-src 'unsafe-inline' allows bypassing of CSP and execution of inlined untrusted scripts. Use 'nonce-' or 'sha256-' instead
- Origin script-src 'unsafe-eval' allows bypassing of CSP and execution of inlined untrusted scripts. Use 'nonce-' or 'sha256-' instead
- Origin script-src https://www.google.com is known to host JSONP which can be used to bypass CSP and execute untrusted scripts
- Origin script-src https://www.google-analytics.com is known to host JSONP which can be used to bypass CSP and execute untrusted scripts
- Origin script-src https://ajax.googleapis.com is known to host JSONP which can be used to bypass CSP and execute untrusted scripts
- Origin script-src https://www.gstatic.com is known to host JSONP which can be used to bypass CSP and execute untrusted scripts
- Origin style-src 'unsafe-inline' allows bypassing of CSP and execution of inlined untrusted scripts. Use 'nonce-' or 'sha256-' instead

Want second opinion? Try Google CSP Evaluator.

Publisher identifiers

The website uses the following advertisement publisher ids:

UA-1005942-121 (www.google-analytics.com)

Sub-resources

Most web pages load a number of sub-resources such as images, style sheets (CSS), JavaScript files, web fonts, audio or video files and other web pages in frames. Each of these sub-resources may be loaded from the same server (first-party resource) or servers belonging to other parties (third-party resources). In the latter case, the third-party will see a request coming from your browser with the information on the originating page and it can set its own cookies, both of which are frequently used for user tracking. Note that the cookies set by these sub-resources are already recorded in our cookie statistics for this page.

The page employes Sub-Resource Integrity to prevent breach if a third-party CDN is compromised.

Not all external scripts are covered by SRI. The page includes 8 external scripts and 1 are protected by SRI

Not all external CSS files are covered by SRI. The page includes 3 external scripts and 1 are protected by SRI

Symbols

Resource securely loaded over TLS
Resource insecurely loaded over plaintext HTTP.
Mixed content warning. This resource is loaded over plaintext HTTP on TLS page will be blocked by most modern browser. Read more...
A third-party resource. It may perform its own tracking on your requests and receive partial information about your activities on the original website
Resource with reputation warnings
Blacklisted domain
Suspicious pattern detected

Web Cookies Scanner

Cookie and Security Scan Report

https://my.asos.com/

Cookies and Privacy Attributes

LocalStorage objects

SessionStorage objects

Advanced trackers

HTTP security-related headers assessment

Security-related HTTP headers

Content Security Policy

Publisher identifiers

Sub-resources

Sub-resources

Symbols