Product Cookies
Find information on cookie definitions of those Egress Software implements, and acceptance or denial of these mechanisms.
What is a cookie?
A cookie is a small text file that contains a small amount of information and is downloaded to your device when you log into and use our products and services.
We use them for strictly necessary purposes. This is why our cookie banners do not offer options for consent.
What if you do not want to accept the cookies that we use?
Given the purpose of the cookies set out below is strictly necessary, if you choose to block or restrict the cookies set by our products and services, you will not be able to use the service or they will not function normally.
What cookies do we use?
The following are all first party cookies, set by us.
Protect (reader.egress.com) Web Reader
|
Cookie |
Duration |
Description |
Impact if blocked or rejected |
|---|---|---|---|
|
ASP.NET_SessionID |
Expires on sign out or closing browser |
To associate user activity with a particular logged in user |
Product and service will not work at all (you cannot sign in) |
|
eoc2<guid> |
30 days |
Allows a particular browser to access message history |
No message history will be displayed |
|
waoptions |
365 days |
Contains various persistent web access settings, including a unique reference that identifies the recipient of secure emails and their browser |
No significant effect but, for example,: (i) the intro page will be shown to you on each visit; (ii) the cookie banner will always show up; and (iii) a recipient rejecting it will need to authenticate through web-reader each time to access a secure email’s Content |
Defend Admin Portal (including HRM)
|
Cookie |
Duration |
Description |
Impact if blocked or rejected |
|---|---|---|---|
|
AWSALB |
7 days |
AWS ELB application load balancer |
Performance degradation or service will not be available |
|
AnnouncementCookie |
Session |
Captures whether announcements have been read or should appear to user on logon |
Users will see what’s new notifications upon logon |
|
AWSALBCORS |
7 days |
This cookie is managed by AWS and is used for load balancing. AspNetCore.Cookies |
Performance degradation or service will not be available |
|
.AspNetCore.Cookies |
7 hours |
To keep a logged on session open |
Unable to login |
Secure Workspace
|
Cookie |
Duration |
Description |
Impact if blocked or rejected |
|---|---|---|---|
|
mfaModal Displayed |
10 years |
Remember if the user has read initial information presented for MFA |
MFA info will show every time |
|
session |
Session |
User identification between requests |
Product and service will not work at all |
|
lastFileinboxView |
360 days |
Remember when the user last checked the file inbox to decide on notifications |
User will be notified about all historical file inbox items |
|
lastLoginServer |
31 days |
Remember the authentication server used, to prioritise at top of selection list |
User will always see default ordering of login servers |
|
qs_id |
Session |
Allows access to anonymous quickshare links that are protected by policy |
Access will be denied |
Secure Webforms
|
Cookie |
Duration |
Description |
Impact if blocked or rejected |
|---|---|---|---|
|
.AspNetCore.Session |
Session |
https://learn.microsoft.com/en-us/aspnet/core/fundamentals/app-state?view=aspnetcore-6.0 see the 'Session Options' section. It also prevents certain robots trying to forge reqests to us see https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5391 |
The form will not function. |
|
.EgressSecureForms.Authentication |
Session |
if the form uses makes the user log into ESI / SDX first this cookie is there to tell the product they are logged in / authenticated. We use this to temporarily save data as a customer fill in the form usually on big forms that take days to fill out |
Incomplete forms will have to start over from the beginning. |
|
.EgressSecureForms.Culture |
Session |
Tracks what language and locale the users' browser or computer is using which can help default the language the form uses when a form that offers itself in multiple languages |
User locales and language settings will not be applied to the session |
Portal Analytics (including HRM)
|
Cookie |
Duration |
Description |
Impact if blocked or rejected |
|---|---|---|---|
|
tnpSession |
4 hours |
Contains user’s session ID. Set and removed each time the user logs in/logs out |
The user will not have a valid session and therefore will not be able to use the site |
|
acceptedDataPrivacyPolicy– [userId] |
91 days |
Checks whether the user has accepted the data privacy warning |
The user will have to accept the data privacy notice each time they log-in |
|
acceptedCookieUsage-[userId] |
91 days |
Checks whether the user has clicked “accept” on the cookie banner |
The cookie notice will appear each time the user uses the site |
|
.AspNetCore.Cookies.UK |
Session |
Delivers the user menu |
The user menu will present an error and not be able to use the service. |
Respond*
|
Cookie |
Duration |
Description |
Impact if blocked or rejected |
|---|---|---|---|
|
ASP.NET_SessionID |
Expires on sign out or closing browser |
To associate user activity with a particular logged in user |
Product and service will not work at all (you cannot sign in) |
|
ASP.NET_SessionID |
365 days |
Remember the default state of user interface components |
User interfaces will revert to the default settings |
* Respond is provided for a customer’s internal use only and withdrawn from sale.
Captcha
We offer our customers two options when we develop a Secure Webform for them. They can choose to deploy either Google reCAPTCHA or our captcha tool.
Google reCAPTCHA
Google’s reCAPTCHA helps protect against cyber spam and abuse. Google reCAPTCHA deploys a token to your device which sends information to the Google API about your hardware and software information (e.g. device and application data and the results of integrity checks) and sending that data to Google for analysis. This data may include other information about the cookies placed by Google over the last 6 months, how many mouse clicks you made on the screen (or touches if on a touch device), the CSS information for that page, the date, the browser language, plug-ins installed on your browser and Javascript objects. This information will be used by Google for improving the reCAPTCHA tool and for general security purposes.
Our systems simply receive a yes/no type answer from Google before proceeding or rejecting your submission. No information about you is collected by us.
Our own captcha tool
If our own captcha system is deployed then it simply checks whether the details entered match and then our systems either proceed or reject your submission. No information about you is collected by us.
Do we use anything similar to a cookie?
Yes, our desktop plug-ins and mobile apps will recognise you and your device in order to ensure that your plug-in, device and app are able to be correctly authenticated by our systems. These provide essential operations in order to enable you to use these free-to-download tools. Our systems do not obtain any other information about you from this functionality.
When was this policy last updated?
24 April 2023
Added Webforms and Defend cookie descriptions