Web Cookies

Web cookies are small pieces of data passed from the server to the client during web browsing. These values are associated with the domain being viewed and can be used to keep track of state or other information the server may use. Cookies can be encrypted with a secure flag and are restricted to specific domains to ensure a level of security.

What to Look For


  • Named services or additional indicators that could be derived from the cookie name or path associated with the cookie
  • Number of results, low or high, from pivoting on the cookie name or path
  • Time period of when the cookie was observed being associated with the clients
  • Whether or not cookies are associated with the indicator being searched

Questions to Ask


  1. Does the cookie name appear unique?
  2. Does the cookie path match the value of the indicator being viewed?
  3. Is there a low frequency of shared items based on the cookie name?
  4. Does the cookie name reveal any additional infrastructure, services, or indicators?