Find out in-depth information about the cookies we use across our sites.
Cookie control
| Name | Purpose | Expiry |
|---|---|---|
| uk.gov.ros.cookies* | These cookies remember your choices about which cookies we can use. | 1 year |
Authentication
| Name | Purpose | Expiry |
|---|---|---|
|
SQ_SYSTEM_SESSION SESSION JSESSIONID* PYSESSION* ros_* authenticated sessionId |
Used on our sites where you log in with a username and password. They remember who you are for the duration of your visit. They’ll be deleted when you log out and expire when you close your browser. | Session |
Load Balancing
| Name | Purpose | Expiry |
|---|---|---|
| OCPLB* | Help our services balance traffic between servers to improve performance. In some cases they enable essential features such as file uploads and authentication. | Session |
| AWSALB* | Help our services balance traffic between servers to improve performance. In some cases they enable essential features such as file uploads and authentication. | 1 week |
Imperva web application firewall
Some of our sites use the Imperva Web Application Firewall, which blocks malicious activity. The cookies allow Imperva to know if you have visited our sites before and passed bot detection tests. They do not collect or store any personal information so these cookies cannot easily be used to identify you.
| Name | Purpose | Expiry |
|---|---|---|
| visid_incap* | Used to relate sessions to a specific visitor’s device. | 1 year |
| incap* | Used to relate page views to a particular visit. | Session |
| nlbi* | Used to direct website traffic load to servers. | Session |
| ___utm* | Used to filter out malicious requests. | TBC |
Security
| Name | Purpose | Expiry |
|---|---|---|
| XSRF-TOKEN | Used by some RoS services to keep your account secure by preventing malicious sites you may visit from accessing your data. | Session |
Stripe payment
| Name | Purpose | Expiry |
|---|---|---|
| stripe_customer_id | 24 hours | |
| stripe_invoice_id | 24 hours | |
| __stripe_mid | 30 minutes | |
| __stripe_sid | 30 minutes | |
| m (Stripe) | 2 years |
Google Analytics
We use Google Analytics software to understand how people use our sites. We do this to help make sure the site is meeting the needs of its users and to help us make improvements.
We do not collect or store your personal information (for example your name or address) so this information cannot be used to identify who you are.
We do not allow Google to use or share our analytics data.
Google Analytics stores information about:
- the pages you visit
- how long you spend on each page
- how you arrived at the site
- what you click on while you visit the site
- the device and browser you use
| Name | Purpose | Expiry |
|---|---|---|
| _ga | Contains a unique and anonymous ID, which gives us data about how you use our sites. | 2 years |
| _ga_* | Used to collect data on the number of times you have visited a site, as well as dates of your first and most recent visit. | 2 years |
| _gid | Helps us count how many people visit RoS sites by telling us if you’ve visited before. | 24 hours |
| _gat_UA-* | Used to reduce the number of requests to Google. | 1 minute |
Hotjar
Hotjar is used to better understand user behaviour as they interact with our sites such as user journey recording and feedback widgets.
Features set by Hotjar
We use Hotjar to set the following features:
- feedback widget
- screen recording
- surveys
- feedback
- heatmap
| Name | Purpose | Expires |
|---|---|---|
| _hjAbsoluteSessionInProgress |
This cookie is used to count how many times different users visit the site. It assigns the users an ID, so the user does not get registered twice. This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie. | 30 minutes |
| _hjSessionUser_* | This cookie is set when a user first lands on a page with the Hotjar script. It's used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID. | 1 year |
| _hjIncludedInSessionSample_* | This cookie lets Hotjar know whether your current visit is included in data sampling. | TBC |
| _hjSession_* | This cookie holds the current session data. This makes sure that subsequent requests within the session window will be attributed to the same Hotjar session. It expires after 30 minutes. | 30 minutes |
| _hjFirstSeen | Tells Hotjar if this is the first time you have visited the site. | Session |