Cookies in use
- A secure session cookie keeps your authenticated session active.
- A protected username cookie is used by the application to resolve the signed-in user.
- Security tokens may be stored in the session for CSRF, MFA and WebAuthn flows.
Privacy, Cookies and Security
International Site Inspector uses cookies only where they are needed to keep the application secure and usable. There are no advertising, profiling or analytics cookies in this self-hosted environment. Account security features include MFA, authenticator apps and FIDO2-compatible security keys.
Purpose
These cookies are necessary for login, MFA, account settings, interactive sessions and task submission. They are not used to track you across websites.
Retention
Sessions expire automatically and can be ended immediately by logging out. Interactive browser sessions are short-lived and are cleaned up after their configured lifetime.
Security
Cookies are sent over HTTPS, marked HttpOnly where applicable and scoped with SameSite=Lax to reduce unwanted cross-site use.
MFA and WebAuthn/FIDO2 security keys
Accounts can be protected with multi-factor authentication. The application supports authenticator-app verification and browser-supported WebAuthn/FIDO2 security keys.
Security-key registration and verification use browser-supported WebAuthn challenges. Recovery codes can be used as a fallback when an enrolled MFA method is unavailable.