LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the three cookie types by storage mechanism: standard HTTP cookies, Flash cookies (LSO), and Perma-Cookies?

Standard HTTP cookies are normal browser-stored text files; Flash cookies (LSOs) are harder to delete and cross-domain; Perma-Cookies are injected by ISPs into HTTP headers and can't be removed by the user.

Taxonomy of three cookie stores — standard HTTP (browser), Flash LSO (plugin), Perma-cookie (ISP).

* Cookie types by where they are stored. *

Browser requests a page, server returns it plus a cookie, browser returns the cookie next request.

* How a standard HTTP cookie is set and returned. — Tizio, CC BY-SA 3.0, via Wikimedia Commons. *

Type Stored by Key property
Standard HTTP cookie Web server, in the browser Auto-sent on every request; enables login, carts, personalization
Flash cookie (LSO) Adobe Flash Player Harder to delete, usable cross-domain
Perma-Cookie (ISP-level) Internet Service Provider ISP injects a unique identifier into the HTTP header

The Perma-Cookie is the scariest: because the ISP adds the identifier in transit, it sits outside the browser entirely — clearing cookies or going incognito does nothing. The infamous Verizon "Supercookie" (2012–2015) did exactly this, leading to large fines for misuse.

Tip: Check cookies in DevTools (F12 > Application > Storage > Cookies) and inspect attributes like HttpOnly, Secure, and SameSite.

Go deeper:

From Quiz: PRIVACY / Web Tracking | Updated: Jul 14, 2026