Cookie Handling
Overview
Extole drops a minimum number of cookies as part of the handling of the referral program. Cookies are designed to be specific to your program and your site and are not used in any cross-site capacity.
Make Sure Your Cookies Are Yours
Your Extole program should be run from your program domain to ensure any cookie created by the Extole program is specific to YOUR domain. This means you "core.js" file, used to operate your referral program, should be under your branded domain and look similar to:
<script type="text/javascript" src="https://refer.brand.com/core.js" async></script>
If your core script is loading from "tags.extole.com" or "origin.extole.io" it should be updated to be under your branded domain. This will prevent any cookies generated from the Extole Corporate website to include in your referral program.
Consumer Referral Cookies
The following cookies are used by the referral program when a consumer interacts
| Website URL | Cookie Name | Cookie Purpose | Cookie Duration | Category |
|---|---|---|---|---|
| refer.brand.com | access_token | Remember an Advocate/Friend | 1 year | Essential |
| www.brand.com | extole_access_token | Remember an Advocate/Friend | 1 year | Essential |
| refer.brand.com | xtl_bid | Browser Identifier used for Fraud Prevention | 1 year | Fraud |
My Extole (Admin) Cookies
The following cookies are used by the My Extole as part of the platform.
| Website URL | Cookie Name | Cookie Purpose | Cookie Duration | Category |
|---|---|---|---|---|
| my.extole.com | access_token | Session token for the My Extole user | 4 hours | Essential |
| my.extole.com | feature_toggle | Preference cookie for feature toggles | 1 year | Preference |
Chrome Cookie Handling
You may have seen announcements about Google Chrome’s changes to handling cookies in February 2020. Google Chrome’s changes will not affect Extole-powered programs, and there is no action required on your behalf.
Google Chrome’s changes are targeted towards third-party, cross-domain tracking cookies and insecure cookies. An Extole program for Brand. Inc. at brand.com that is run inside a branded domain using a CNAME would run under refer.brand.com. All cookies associated with that program are first-party cookies, are not affected by this change, and cannot be used for cross-site tracking. By using Extole's best practice, privacy is protected since these cookies do not follow a user to different domains are cannot be used for cross domain tracking.
An Extole program for Brand. Inc. at brand.com that is not run inside a branded domain using a CNAME would run under brand.extole.io or share.brand-referrals.com. All cookies associated with that program are third-party, cross-domain cookies. We have updated these cookies to use the setting SameSite=None, and the attribute Secure, so these cookies are not affected by this change either.
Safari Intelligent Tracking Prevention (ITP)
Safari on macOS, iOS, and iPad OS continues to offer industry leading privacy protection from cross domain ad tracking. Tracking prevention is targeted towards third-party, cross-domain tracking cookies. An Extole program for Brand. Inc. at brand.com that is run inside a branded domain using a CNAME would run under refer.brand.com. All cookies associated with that program are first-party cookies, are not affected by this change, and cannot be used for cross-site tracking. By using Extole's best practice, privacy is protected since these cookies do not follow a user to different domains are cannot be used for cross domain tracking.
Updated over 1 year ago