Move Cookie Repo to Site Policy (#56252)

Co-authored-by: Kayla Reiman <[email protected]>
Co-authored-by: Joe Clark <[email protected]>
Co-authored-by: Kevin Heis <[email protected]>

Author: 4 people

content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md

@@ -74,7 +74,7 @@ If you need to use multiple accounts on {% data variables.location.product_locat
 
 ### Session cookies
 
-{% data variables.product.company_short %} uses cookies to provide services and increase security. {% ifversion fpt or ghec %}You can review details about {% data variables.product.company_short %}'s cookies in the [privacy/cookies repository](https://github.com/privacy/cookies).{% endif %}
+{% data variables.product.company_short %} uses cookies to provide services and increase security. {% ifversion fpt or ghec %}You can review details about {% data variables.product.company_short %}'s cookies in [AUTOTITLE](/free-pro-team@latest/site-policy/privacy-policies/github-cookies).{% endif %}
 
 * The gist.{% ifversion fpt or ghec %}github.com{% elsif ghes %}HOSTNAME domain{% endif %} and {% ifversion fpt or ghec %}github.com domains{% elsif ghes %}base domain for your instance{% endif %} use separate cookies.
 * {% data variables.product.github %} typically marks a user session for deletion after two weeks of inactivity.

content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-mandatory-two-factor-authentication.md

@@ -53,7 +53,7 @@ Currently, we don't support passkeys or security keys as primary 2FA methods sin
 * [About email verification and mandatory 2FA](#about-email-verification-and-mandatory-2fa)
 
 > [!NOTE]
-> We recommend retaining cookies on {% data variables.product.prodname_dotcom_the_website %}. If you set your browser to wipe your cookies every day, you'll never have a verified device for account recovery purposes, as the [`_device_id` cookie](https://github.com/privacy/cookies) is used to securely prove you've used that device previously. For more information, see [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials#authenticating-with-a-verified-device-ssh-token-or-personal-access-token).
+> We recommend retaining cookies on {% data variables.product.prodname_dotcom_the_website %}. If you set your browser to wipe your cookies every day, you'll never have a verified device for account recovery purposes, as the [`_device_id` cookie](/free-pro-team@latest/site-policy/privacy-policies/github-cookies) is used to securely prove you've used that device previously. For more information, see [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials#authenticating-with-a-verified-device-ssh-token-or-personal-access-token).
 
 ### About TOTP apps and mandatory 2FA
 

content/site-policy/privacy-policies/github-cookies.md

@@ -10,8 +10,108 @@ topics:
   - Legal
 ---
 
-GitHub uses cookies to provide and secure our websites, as well as to analyze the usage of our websites, in order to offer you a great user experience. Please take a look at our [Privacy Statement](/site-policy/privacy-policies/github-privacy-statement#our-use-of-cookies-and-tracking) if you’d like more information about cookies, and on how and why we use them.
 
-You can view the current list of cookies on GitHub, and sign up to receive cookie list updates, at [https://github.com/privacy/cookies](https://github.com/privacy/cookies).
+# Cookies
 
-If you have questions or concerns about a new subprocessor, please contact us via {% data variables.contact.contact_privacy %}.
+GitHub provides a great deal of transparency regarding how we use your data, how we collect your data, and with whom we share your data. To that end, we provide this page which details how we use cookies.
+
+GitHub uses cookies to provide and secure our websites, as well as to analyze the usage of our websites, in order to offer you a great user experience. Please take a look at our [Privacy Statement](/github/site-policy/github-privacy-statement#our-use-of-cookies-and-tracking-technologies) if you’d like more information about cookies, and on how and why we use them and cookie-related personal data. You can change your preference about non-essential cookies at any time by following [these instructions](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-your-cookie-preferences-for-githubs-enterprise-marketing-pages).
+
+Since the number and names of cookies may change, the table below may be updated from time to time. To receive notifications of updates to this list, please follow the instructions provided in [About notifications](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/about-notifications).
+
+Provider of Cookie | Cookie Name | Description | Expiration*
+-----------------|-------------|-------------|------------
+GitHub | `app_manifest_token` | This cookie is used during the App Manifest flow to maintain the state of the flow during the redirect to fetch a user session. | Five minutes
+GitHub | `color_mode` | This cookie is used to indicate the user selected theme preference. | Session
+GitHub | `_device_id` | This cookie is used to track recognized devices for security purposes. | One year
+GitHub | `dotcom_user` | This cookie is used to signal to us that the user is already logged in. | One year
+GitHub | `enterprise_trial_redirect_to` | This cookie is used to complete a redirect for trial users | 5 minutes
+GitHub | `fileTreeExpanded` | Used to indicate whether the file tree on the code view was last expanded or collapsed | 30 days
+GitHub | `ghcc` | This cookie validates user's choice about cookies | 180 Days
+GitHub | `_gh_ent` | This cookie is used for temporary application and framework state between pages like what step the customer is on in a multiple step form. | Two weeks
+GitHub | `_gh_sess` | This cookie is used for temporary application and framework state between pages like what step the user is on in a multiple step form. | Session
+GitHub | `gist_oauth_csrf` | This cookie is set by Gist to ensure the user that started the oauth flow is the same user that completes it. | Deleted when oauth state is validated
+GitHub | `gist_user_session` | This cookie is used by Gist when running on a separate host. | Two weeks
+GitHub | `has_recent_activity` | This cookie is used to prevent showing the security interstitial to users that have visited the app recently. | One hour
+GitHub | `__Host-gist_user_session_same_site` | This cookie is set to ensure that browsers that support SameSite cookies can check to see if a request originates from GitHub. | Two weeks
+GitHub | `__Host-user_session_same_site` | This cookie is set to ensure that browsers that support SameSite cookies can check to see if a request originates from GitHub. | Two weeks
+GitHub | `logged_in` | This cookie is used to signal to us that the user is already logged in. | One year
+GitHub | `marketplace_repository_ids` | This cookie is used for the marketplace installation flow. | One hour
+GitHub | `marketplace_suggested_target_id` | This cookie is used for the marketplace installation flow. | One hour
+GitHub | `_octo` | This cookie is used for session management including caching of dynamic content, conditional feature access, support request metadata, and first party analytics. | One year
+GitHub | `org_transform_notice` | This cookie is used to provide notice during organization transforms. | One hour
+GitHub | `private_mode_user_session` | This cookie is used for Enterprise authentication requests. | Two weeks
+GitHub | `saml_csrf_token` | This cookie is set by SAML auth path method to associate a token with the client. | Until user closes browser or completes authentication request
+GitHub | `saml_csrf_token_legacy` | This cookie is set by SAML auth path method to associate a token with the client. | Until user closes browser or completes authentication request
+GitHub | `saml_return_to` | This cookie is set by the SAML auth path method to maintain state during the SAML authentication loop. | Until user closes browser or completes authentication request
+GitHub | `saml_return_to_legacy` | This cookie is set by the SAML auth path method to maintain state during the SAML authentication loop. | Until user closes browser or completes authentication request
+GitHub | `show_cookie_banner` | Set based on the client’s region and used to determine if a cookie consent banner should be shown | Session
+GitHub | `tz` | This cookie allows us to customize timestamps to your time zone. | Session
+GitHub | `user_session` | This cookie is used to log you in. | Two weeks
+[Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `ai_session` | Application Insights session ID | One year
+[Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `ai_user` | Application Insights user ID | 30 minutes
+[Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `ANONCHK` | This Microsoft Clarity cookie monitors website performance | One year
+[Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `isFirstSession` | This cookie is used when user opts-in to saving information | Session
+[Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `MSO` | This cookie identifies a session | One year
+[Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `MC1` | This cookie is used for advertising, site analytics, and other operational purposes | One year
+[Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `MR` | This cookie checks whether to extend the lifetime of the MUID cookie | One year
+[Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `MSFPC` | This cookie is used for advertising, site analytics, and other operational purposes | One year
+[Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `MUID` | This cookie stores Bing’s visitor ID. This cookie is used for advertising, site analytics, and other operational purposes | 13 months
+[Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `SM` | This cookie is used in synchronizing the MUID across Microsoft domains. | Session
+[Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `_uetsid` | This cookie is used for analytics to store and track visits across sites | One year
+[Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `_uetvid` | This cookie is used by Bing Ads to store and track visits across websites | 13 months
+[Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `X-FD-FEATURES` | This cookie is used for tracking analytics and evenly spreading load on the website | One year
+[Microsoft](https://privacy.microsoft.com/en-us/privacystatement) | `X-FD-Time` | This cookie is used for tracking analytics and evenly spreading load on website | One year
+[Adobe](https://www.adobe.com/privacy/policy.html) | `aam_uuid` | This cookie is an audience manager | 13 months
+[Adobe](https://www.adobe.com/privacy/policy.html) | `mboxEdgeCluster` | This cookie is used by Adobe Target load balancer. Adobe Target is used to determine which targeted content to display to visitor | 13 months
+[Adobe](https://www.adobe.com/privacy/policy.html) | `AMCV_EA76ADE95776D2EC7F000101%40AdobeOrg` | Adobe cookie used to track and analyze user activities on the website | 13 months
+[Adobe](https://www.adobe.com/privacy/policy.html) | `AMCVS_EA76ADE95776D2EC7F000101%40AdobeOrg` | Adobe cookie used to track and analyze user activities on the website | Session
+[Adobe](https://www.adobe.com/privacy/policy.html) | `at_check` | Adobe Target to support conversion tracking for new product customers | Session
+[Adobe](https://www.adobe.com/privacy/policy.html) | `mbox` | Adobe Target to store session ID | 13 months
+[Contentsquare](https://go.contentsquare.com/en/tracking-tag-cookies) | `_cs_c` | Consent state: digit between 0 and 3. Used for capturing analytics on web pages | 13 months
+[Contentsquare](https://go.contentsquare.com/en/tracking-tag-cookies) | `_cs_cvars` | This cookie is used to capture analytics on the web page | Session
+[Contentsquare](https://go.contentsquare.com/en/tracking-tag-cookies) | `_cs_id` | Contains: user ID, timestamp (in seconds) of user creation, number of visits for this user | 13 months
+[Contentsquare](https://go.contentsquare.com/en/tracking-tag-cookies) | `_cs_s` | Number of page views for the current session, and the recording state | One year
+[Contentsquare](https://go.contentsquare.com/en/tracking-tag-cookies) | `__CT_Data` | This cookie is used to count the number of a guest’s pageviews or visits | One year
+[Contentsquare](https://go.contentsquare.com/en/tracking-tag-cookies) | `_CT_RS_` | This cookie is used to capture analytics on the web page | One year
+[Contentsquare](https://go.contentsquare.com/en/tracking-tag-cookies) | `WRUID` | This cookie is used for analytics | One year
+[Facebook](https://www.facebook.com/policies/cookies/) | `_fbc` | This cookie is used to personalize content (including ads), measure ads, produce analytics, and provide a safer experience. | 90 Days
+[Facebook](https://www.facebook.com/policies/cookies/) | `_fbp` | This cookie is used to personalize content (including ads), measure ads, produce analytics, and provide a safer experience. | 90 Days
+[Facebook](https://www.facebook.com/policies/cookies/) | `fr` | This cookie is used as the primary advertising cookie used to deliver, measure, and improve the relevancy of ads. | 90 Days
+[Facebook](https://www.facebook.com/policies/cookies/) | `wd` | This cookie is used to deliver an optimal experience for your device’s screen. | 7 Days
+[Facebook](https://www.facebook.com/policies/cookies/) | `oo` | This cookie is an opt out cookie set by a user visiting Digital Advertising Alliance and choosing to opt out. | 5 years
+[Fullstory](https://help.fullstory.com/hc/en-us/articles/360020623394-GDPR-FAQs) | `fs_uid` | This cookie is used to track interactions with a page | One year
+[Google](https://policies.google.com/privacy) | `_gcl_au` | This cookie is used by Google AdSense for experimenting with advertisement efficiency across websites using their services. | 90 Days
+[Google](https://policies.google.com/privacy) | `id` | This cookie is used to build a profile of the website visitor's interests and show relevant ads on other sites. | "OPT_OUT: fixed expiration (year 2030/11/09); non-OPT_OUT: 13 months EEA UK 24 months elsewhere"
+[Google](https://policies.google.com/privacy) | `IDE` | This cookie is used to build a profile of the website visitor's interests and show relevant ads on other sites. | "13 months EEA UK; 24 months elsewhere"
+[Google](https://policies.google.com/privacy) | `lsid` | This cookie is used to provide information about how the end user uses the website and any advertising that the end user may have seen before visiting the website. | 90 Days
+[Google](https://policies.google.com/privacy) | `NID` | This cookie is used to build a profile of the website visitor's interests and show relevant ads on other sites. | 90 Days
+[Google](https://policies.google.com/privacy) | `PREF` | This cookie is used to build a profile of the website visitor's interests and show relevant ads on other sites. | 90 Days
+[Google](https://policies.google.com/privacy) | `SSID` | This cookie is used to provide information about how the end user uses the website and any advertising that the end user may have seen before visiting the website. | 90 Days
+[Google](https://policies.google.com/privacy) | `SAPISID` | This cookie is used to build a profile of the website visitor's interests and show relevant ads on other sites. | 90 Days
+[Google](https://policies.google.com/privacy) | `test_cookie` | This cookie is used to determine if the website visitor's browser supports cookies. | 90 Days
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `bcookie` | This cookie is a browser identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform. | One year
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | bscookie | This cookie is used for remembering that a logged in user is verified by two factor authentication. | One year
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `u` | This cookie is used to provide a platform to enable advertisers to track users across multiple devices. | 3 months
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `UserMatchHistory` | This cookie is used to track visitors so that more relevant ads can be presented based on the visitor's preferences. | One month
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `JSESSIONID` | This cookie is used for Cross Site Request Forgery (CSRF) protection. | Session
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `lang` | This cookie is used to remember a user's language setting to ensure LinkedIn.com displays in the language selected by the user in their settings. | Session
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `lidc` | This cookie is used to faciliatate data center selection | 24 hours
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `sdsc` | This cookie is used for database routing to ensure consistency across all databases when a change is made and to ensure that user-inputted content is immediately available to the submitting user upon submission. | Session
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `li_gc` | This cookie is used to store consent of visitors regarding the use of cookies for non-essential purposes. | 6 months
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `li_mc` | This cookie is used as a temporary cache to avoid database lookups for a member's consent for use of non-essential cookies and used for having consent information on the client side to enforce consent on the client side. | 6 months
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `AnalyticsSyncHistory` | This cookie is used to store information about the time a sync took place with the lms_analytics cookie. | 30 Days
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `lms_ads` | This cookie is used to identify LinkedIn Members off LinkedIn for advertising. | 30 Days
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `lms_analytics` | This cookie is used to identify LinkedIn Members off LinkedIn for analytics. | 30 Days
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `li_fat_id` | This cookie is used for conversion tracking, retargeting, analytics. | 30 Days
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `li_sugr` | This cookie is used to make a probabilistic match of a user's identity. | 90 Days
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `U` | This cookie is used as a browser identifier. | 3 months
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | BizographicsOptOutBizographicsOptOut | This cookie is used to determine opt-out status for non-members. | 10 years
+[LinkedIn](https://www.linkedin.com/legal/privacy-policy) | `li_giant` | This cookie is used for conversion tracking. | 7 Days | https://www.linkedin.com/legal/privacy-policy
+[Quantcast](https://www.quantcast.com/privacy/) | `cref` | This cookie is used for Market and Audience Segmentation and Targeted advertising services. | 13 months
+[Quantcast](https://www.quantcast.com/privacy/) | `d` | This cookie is used for Market and Audience Segmentation and Targeted advertising services. | 3 months
+[Quantcast](https://www.quantcast.com/privacy/) | `mc` | This cookie is used to track anonymous information about how website visitors use the site. | 13 months
+[Yahoo](https://policies.yahoo.com/us/en/yahoo/privacy/index.htm?redirect=no) | `A3` | This cookie is used for search and advertising. | One year
+[Yahoo](https://policies.yahoo.com/us/en/yahoo/privacy/index.htm?redirect=no) | `b` | This cookie collects anonymous data related to the visitor's website visits, such as the number of visits, average time spent on the website and what pages have been loaded. The registered data is used to categorize the users' interest and demographical profiles with the purpose of customizing the website content depending on the visitor. | One year
+
+(*) The expiration dates for the cookies listed above generally apply on a rolling basis.