Initiated requests and included cookies

Our framework analyses which mechanisms can be leveraged to initiate cross-site requests and which cookies are included in this requests. This generates a lot of data, of which we want to show you everything. However, to preserve a clear overview, we use illustrations for the different requests that are initiated. On this page, we provide a detailed explanation of these illustrations.

Cookies

We use five different cookie configurations to evaluate browser instances. Each of these configurations is based on values assigned to the cookie attributes. For each configuration, we show the Set-Cookie header that was used to create the cookie and explain the traits of the cookie in the table below. Each cookie was given an insignificant timestamp.
Cookie name Set-Cookie header Info
generic Set-Cookie: generic=1; Expires=Wed, 30 May 2019 07:28:00 GMT This is a cookie with default values for all attributes that are not specified in the Set-Cookie header.
httpOnly Set-cookie: httpOnly=1; Expires=Wed, 30 May 2019 07:28:00 GMT; HttpOnly For this cookie, the HttpOnly flag has been set. As a result this cookie cannot be accessed through a client-side script.
secure Set-cookie: secure=1; Expires=Wed, 30 May 2019 07:28:00 GMT; Secure For this cookie, the Secure flag has been set. As a result this cookie can only be sent over encrypted connections.
lax Set-Cookie: lax=1; Expires=Wed, 30 May 2019 07:28:00 GMT; SameSite=lax This is a same-site cookie for which the SameSite attribute has been set to lax. Supporting browsers can only include this cookie in cross-site requests if this requests is top-leven and a GET request, or if it was initiated through prerender functionality.
strict Set-Cookie: strict=1; Expires=Wed, 30 May 2019 07:28:00 GMT; SameSite=strict This is a same-site cookie for which the SameSite attribute has been set to strict. Supporting browsers can never include this cookie in cross-site requests.

Depiction of initiated requests and included cookies

The datatables for each experiment use images to depict whether a cross-site request has been and which cookies are included. Here, we explain what those images mean.
Image Meaning
A request has been sent including the indicated cookies.
Only a request has been set, no cookies included.