ESTSAUTH |
Common |
Contains user's session information to facilitate SSO. Transient. |
ESTSAUTHPERSISTENT |
Common |
Contains user's session information to facilitate SSO. Persistent. |
ESTSAUTHLIGHT |
Common |
Contains Session GUID Information. Lite session state cookie used exclusively by client-side JavaScript in order to facilitate OIDC sign-out. Security feature. |
SignInStateCookie |
Common |
Contains list of services accessed to facilitate sign-out. No user information. Security feature. |
CCState |
Common |
Contains session information state to be used between Microsoft Entra ID and the Microsoft Entra Backup Authentication Service. |
buid |
Common |
Tracks browser related information. Used for service telemetry and protection mechanisms. |
fpc |
Common |
Tracks browser related information. Used for tracking requests and throttling. |
esctx |
Common |
Session context cookie information. For CSRF protection. Binds a request to a specific browser instance so the request can't be replayed outside the browser. No user information. |
ch |
Common |
ProofOfPossessionCookie. Stores the Proof of Possession cookie hash to the user agent. |
ESTSSC |
Common |
Legacy cookie containing session count information no longer used. |
ESTSSSOTILES |
Common |
Tracks session sign-out. When present and not expired, with value "ESTSSSOTILES=1", it will interrupt SSO, for specific SSO authentication model, and will present tiles for user account selection. |
AADSSOTILES |
Common |
Tracks session sign-out. Similar to ESTSSSOTILES but for other specific SSO authentication model. |
ESTSUSERLIST |
Common |
Tracks Browser SSO user's list. |
SSOCOOKIEPULLED |
Common |
Prevents looping on specific scenarios. No user information. |
cltm |
Common |
For telemetry purposes. Tracks AppVersion, ClientFlight and Network type. |
brcap |
Common |
Client-side cookie (set by JavaScript) to validate client/web browser's touch capabilities. |
clrc |
Common |
Client-side cookie (set by JavaScript) to control local cached sessions on the client. |
CkTst |
Common |
Client-side cookie (set by JavaScript). No longer in active use. |
wlidperf |
Common |
Client-side cookie (set by JavaScript) that tracks local time for performance purposes. |
x-ms-gateway-slice |
Common |
Microsoft Entra Gateway cookie used for tracking and load balance purposes. |
stsservicecookie |
Common |
Microsoft Entra Gateway cookie also used for tracking purposes. |
x-ms-refreshtokencredential |
Specific |
Available when Primary Refresh Token (PRT) is in use. |
estsStateTransient |
Specific |
Applicable to new session information model only. Transient. |
estsStatePersistent |
Specific |
Same as estsStateTransient, but persistent. |
ESTSNCLOGIN |
Specific |
National Cloud Login related Cookie. |
UsGovTraffic |
Specific |
US Gov Cloud Traffic Cookie. |
ESTSWCTXFLOWTOKEN |
Specific |
Saves flowToken information when redirecting to ADFS. |
CcsNtv |
Specific |
To control when Microsoft Entra Gateway will send requests to Microsoft Entra Backup Authentication Service. Native flows. |
CcsWeb |
Specific |
To control when Microsoft Entra Gateway will send requests to Microsoft Entra Backup Authentication Service. Web flows. |
Ccs* |
Specific |
Cookies with prefix Ccs*, have the same purpose as the ones without prefix, but only apply when Microsoft Entra Backup Authentication Service is in use. |
threxp |
Specific |
Used for throttling control. |
rrc |
Specific |
Cookie used to identify a recent B2B invitation redemption. |
debug |
Specific |
Cookie used to track if user's browser session is enabled for DebugMode. |
MSFPC |
Specific |
This cookie is not specific to any ESTS flow, but is sometimes present. It applies to all Microsoft Sites (when accepted by users). Identifies unique web browsers visiting Microsoft sites. It's used for advertising, site analytics, and other operational purposes. |