{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,8]],"date-time":"2026-07-08T16:26:01Z","timestamp":1783527961414,"version":"3.55.0"},"reference-count":59,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2025,1,10]],"date-time":"2025-01-10T00:00:00Z","timestamp":1736467200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Korea Internet & Security Agency","award":["1781000003"],"award-info":[{"award-number":["1781000003"]}]},{"name":"Institute of Information & communications Technology Planning & Evaluation","award":["RS-2024-00439819, RS-2024-00459638, RS-2024-00451909, RS-2022-II221199, and RS-2024-00438686"],"award-info":[{"award-number":["RS-2024-00439819, RS-2024-00459638, RS-2024-00451909, RS-2022-II221199, and RS-2024-00438686"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Web"],"published-print":{"date-parts":[[2025,2,28]]},"abstract":"<jats:p>Despite stringent data protection regulations, such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other country-specific laws, numerous websites continue to use cookies to track user activities, raising significant privacy concerns. This study aims to investigate the compliance of e-commerce websites with these regulations from a cookie perspective and explore potential variations in cookie policies across different countries. We conducted a comprehensive analysis of 360 popular e-commerce websites (44,323 cookies) across multiple countries, examining cookie attributes and their potential links to privacy and security breaches. Our findings revealed that 73% of third-party cookies function as tracker cookies, with around 40% breaching lifecycle regulations. Additionally, 85% are vulnerable to potential cross-site scripting (XSS) attacks, while only 349 out of 44,323 adhere to robust measures aimed at combating cross-site request forgery (CSRF) attacks. We also discovered instances of masquerading cookies, where third-party cookies disguise themselves as first-party cookies, enabling unauthorized user tracking without consent. To the best of our knowledge, this study is the first to comprehensively analyze the compliance of e-commerce websites with the GDPR, CCPA, and country-specific regulations concerning cookie policies across different jurisdictions. Our findings highlight the urgent need for uniform and consistent cookie policies across websites and jurisdictions, as well as robust enforcement mechanisms and increased transparency to ensure compliance with data protection regulations. This research contributes to the ongoing discourse on privacy protection and underscores the importance of addressing the challenges posed by insecure cookie practices in the e-commerce sector.<\/jats:p>","DOI":"10.1145\/3708515","type":"journal-article","created":{"date-parts":[[2024,12,17]],"date-time":"2024-12-17T11:24:15Z","timestamp":1734434655000},"page":"1-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["Crumbled Cookies: Exploring E-commerce Websites\u2019 Cookie Policies with Data Protection Regulations"],"prefix":"10.1145","volume":"19","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6225-3669","authenticated-orcid":false,"given":"Nivedita","family":"Singh","sequence":"first","affiliation":[{"name":"Department of Software, Sungkyunkwan University - Natural Sciences Campus, Suwon, Korea (the Republic of)"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-4924-4896","authenticated-orcid":false,"given":"Yejin","family":"Do","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Sungkyunkwan University - Suwon Campus, Suwon, Korea (the Republic of)"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-6790-6488","authenticated-orcid":false,"given":"Yongsang","family":"Yu","sequence":"additional","affiliation":[{"name":"Department of Semiconductor and Display Engineering, Sungkyunkwan University - Suwon Campus, Suwon, Korea (the Republic of)"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-7613-0428","authenticated-orcid":false,"given":"Imane","family":"Fouad","sequence":"additional","affiliation":[{"name":"Inria, Univ. Lille, CNRS, UMR CRIStAL, Lille, France"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1587-0677","authenticated-orcid":false,"given":"Jungrae","family":"Kim","sequence":"additional","affiliation":[{"name":"Department of Semiconductor Systems Engineering, Sungkyunkwan University - Suwon Campus, Suwon, Korea (the Republic of)"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1605-3866","authenticated-orcid":false,"given":"Hyoungshick","family":"Kim","sequence":"additional","affiliation":[{"name":"Department of Software, Sungkyunkwan University - Natural Sciences Campus, Suwon, Korea (the Republic of)"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2025,1,10]]},"reference":[{"key":"e_1_3_4_2_2","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2018-0033"},{"key":"e_1_3_4_3_2","unstructured":"Bird&Bird. 2023. Global Cookie Review 2023. Retrieved from https:\/\/www.twobirds.com\/-\/media\/new-website-content\/pdfs\/insights\/2022\/global\/bird-bird-global-cookies-review-winter-2022-final.pdf"},{"key":"e_1_3_4_4_2","unstructured":"Dino Bollinger. 2021. Analyzing Cookies Compliance with the GDPR. Master\u2019s thesis. ETH Zurich."},{"key":"e_1_3_4_5_2","first-page":"2893","volume-title":"31st USENIX Security Symposium (USENIX Security\u201922)","author":"Bollinger Dino","year":"2022","unstructured":"Dino Bollinger, Karel Kubicek, Carlos Cotrini, and David Basin. 2022. Automating cookie consent and GDPR violation detection. In 31st USENIX Security Symposium (USENIX Security\u201922). 2893\u20132910."},{"key":"e_1_3_4_6_2","unstructured":"Rick Buck. 2021. Brazil\u2019s Data Privacy Law. Retrieved from https:\/\/wirewheel.io\/blog\/lgpd-brazil-data-privacy-law-guide\/"},{"key":"e_1_3_4_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/2872427.2882991"},{"issue":"7","key":"e_1_3_4_8_2","doi-asserted-by":"crossref","first-page":"277","DOI":"10.1177\/0263276417736367","article-title":"Cookies\u2013more than meets the eye","volume":"34","author":"Carmi Elinor","year":"2017","unstructured":"Elinor Carmi. 2017. Cookies\u2013more than meets the eye. Theor., Cult. Societ. 34, 7\u20138 (2017), 277\u2013281.","journal-title":"Theor., Cult. Societ."},{"key":"e_1_3_4_9_2","first-page":"49","volume-title":"IEEE European Symposium on Security and Privacy Workshops (EuroS&PW\u201921)","author":"Compagna Luca","year":"2021","unstructured":"Luca Compagna, Hugo Jonker, Johannes Krochewski, Benjamin Krumnow, and Merve Sahin. 2021. A preliminary study on the adoption and effectiveness of SameSite cookies as a CSRF defence. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW\u201921). IEEE, 49\u201359."},{"key":"e_1_3_4_10_2","first-page":"443","volume-title":"12th International Conference on Machine Learning and Computing","author":"Cui Yanpeng","year":"2020","unstructured":"Yanpeng Cui, Junjie Cui, and Jianwei Hu. 2020. A survey on XSS attack detection and prevention in web applications. In 12th International Conference on Machine Learning and Computing. 443\u2013449."},{"key":"e_1_3_4_11_2","doi-asserted-by":"crossref","first-page":"258","DOI":"10.1007\/978-3-030-15986-3_17","volume-title":"20th International Conference on Passive and Active Measurement (PAM\u201919)","author":"Dabrowski Adrian","year":"2019","unstructured":"Adrian Dabrowski, Georg Merzdovnik, Johanna Ullrich, Gerald Sendera, and Edgar Weippl. 2019. Measuring cookies and web privacy in a post-GDPR world. In 20th International Conference on Passive and Active Measurement (PAM\u201919). Springer, 258\u2013270."},{"key":"e_1_3_4_12_2","unstructured":"Daily Dashboard. 2022. French Council of State upholds Amazon\u2019s 35M euro cookie fine. Retrieved from https:\/\/iapp.org\/news\/a\/french-council-of-state-upholds-amazons-35m-euro-eprivacy-fine\/"},{"key":"e_1_3_4_13_2","unstructured":"Github disconnectme. 2023. disconnectme\/disconnect-tracking-protection. Retrieved 12 October 2023 from https:\/\/github.com\/disconnectme\/disconnect-tracking-protection\/blob\/master\/services.json"},{"key":"e_1_3_4_14_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.dcan.2021.10.004"},{"key":"e_1_3_4_15_2","doi-asserted-by":"crossref","unstructured":"Ian Fette and Alexey Melnikov. 2011. Rfc 6455: The websocket protocol.","DOI":"10.17487\/rfc6455"},{"key":"e_1_3_4_16_2","unstructured":"GDPR. 2022. ePrivacy Directive and GDPR impact cookie law\u20142022. Retrieved from https:\/\/www.gdpreu.org\/eprivacy-directive-and-gdpr-impact-cookie-law\/"},{"key":"e_1_3_4_17_2","unstructured":"Jo\u00e3o Manuel Gomes. 2020. Secure HttpOnly SameSite HTTP Cookies Attributes and Set-cookie Explained. Retrieved from https:\/\/medium.com\/swlh\/secure-httponly-samesite-http-cookies-attributes-and-set-cookie-explained-fc3c753dfeb6"},{"key":"e_1_3_4_18_2","unstructured":"M. West Google. 2020. Incrementally Better Cookies draft-west-cookie-incrementalism-01. Retrieved from https:\/\/datatracker.ietf.org\/doc\/html\/draft-west-cookie-incrementalism-01"},{"key":"e_1_3_4_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/3394231.3397897"},{"key":"e_1_3_4_20_2","unstructured":"California Legislative Information. 2018. California Consumer Privacy Act (CCPA) 2017\u20132018. Retrieved from https:\/\/leginfo.legislature.ca.gov\/faces\/billTextClient.xhtml?bill_id=201720180SB1121"},{"key":"e_1_3_4_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/3555352"},{"key":"e_1_3_4_22_2","doi-asserted-by":"publisher","unstructured":"Garrett Johnson. 2022. Economic research on privacy regulation: Lessons from the GDPR and beyond. DOI:10.3386\/w30705. Issue Date- December 2022.","DOI":"10.3386\/w30705"},{"key":"e_1_3_4_23_2","article-title":"Towards automatic comparison of data privacy documents: A preliminary experiment on GDPR-like laws","author":"Kawintiranon Kornraphop","year":"2021","unstructured":"Kornraphop Kawintiranon and Yaguang Liu. 2021. Towards automatic comparison of data privacy documents: A preliminary experiment on GDPR-like laws. arXiv preprint arXiv:2105.10117 (2021).","journal-title":"arXiv preprint arXiv:2105.10117"},{"key":"e_1_3_4_24_2","volume-title":"45th IEEE Symposium on Security and Privacy","author":"Khodayari Soheil","year":"2024","unstructured":"Soheil Khodayari, Thomas Barber, and Giancarlo Pellegrino. 2024. The great request robbery: An empirical study of client-side request hijacking vulnerabilities on the web. In 45th IEEE Symposium on Security and Privacy."},{"key":"e_1_3_4_25_2","first-page":"1590","volume-title":"IEEE Symposium on Security and Privacy (SP\u201922)","author":"Khodayari Soheil","year":"2022","unstructured":"Soheil Khodayari and Giancarlo Pellegrino. 2022. The state of the sameSite: Studying the usage, effectiveness, and adequacy of sameSite cookies. In IEEE Symposium on Security and Privacy (SP\u201922). IEEE, 1590\u20131607."},{"key":"e_1_3_4_26_2","doi-asserted-by":"publisher","DOI":"10.1145\/3627106.3627184"},{"key":"e_1_3_4_27_2","unstructured":"Ground Labs. 2020. New Australia Data Protection Law: Consumer Data Right (CDR). Retrieved from https:\/\/www.groundlabs.com\/blog\/australia-data-protection\/"},{"key":"e_1_3_4_28_2","first-page":"345","volume-title":"10th International Conference on Cyber Conflict (CyCon\u201918)","author":"Lavrenovs Arturs","year":"2018","unstructured":"Arturs Lavrenovs and F. Jes\u00fas Rubio Mel\u00f3n. 2018. HTTP security headers analysis of top one million websites. In 10th International Conference on Cyber Conflict (CyCon\u201918). IEEE, 345\u2013370."},{"key":"e_1_3_4_29_2","unstructured":"New Zealand Legislation. 2020. Privacy Act 2020. Retrieved from https:\/\/www.legislation.govt.nz\/act\/public\/2020\/0031\/latest\/LMS23223.html"},{"key":"e_1_3_4_30_2","unstructured":"Sebastian Lekies. 2023. Client-side Cross-site Scripting: Exploitation Detection Mitigation and Prevention. Ph.D. Dissertation. Technische Universit\u00e4t Braunschweig."},{"key":"e_1_3_4_31_2","doi-asserted-by":"crossref","first-page":"370","DOI":"10.1145\/3471621.3471846","volume-title":"24th International Symposium on Research in Attacks, Intrusions and Defenses","author":"Likaj Xhelal","year":"2021","unstructured":"Xhelal Likaj, Soheil Khodayari, and Giancarlo Pellegrino. 2021. Where we stand (or fall): An analysis of CSRF defenses in web frameworks. In 24th International Symposium on Research in Attacks, Intrusions and Defenses. 370\u2013385."},{"issue":"2","key":"e_1_3_4_32_2","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1108\/RSR-03-2021-0009","article-title":"Privacy concerns and the prevalence of third-party tracking cookies on ARL library homepages","volume":"49","author":"Marino Bill","year":"2021","unstructured":"Bill Marino. 2021. Privacy concerns and the prevalence of third-party tracking cookies on ARL library homepages. Refer. Serv. Rev. 49, 2 (2021), 115\u2013131.","journal-title":"Refer. Serv. Rev."},{"key":"e_1_3_4_33_2","unstructured":"Government of India Ministry of Electronics & Information Technology. 2022. Draft Digital Personal Data Protection Bill 2022. Retrieved from https:\/\/www.meity.gov.in\/content\/digital-personal-data-protection-bill-2022"},{"key":"e_1_3_4_34_2","unstructured":"Conor Murray. 2023. U.S. Data Privacy Protection Laws: A Comprehensive Guide. Retrieved from https:\/\/www.forbes.com\/sites\/conormurray\/2023\/04\/21\/us-data-privacy-protection-laws-a-comprehensive-guide\/?sh=4357c1ef5f92"},{"key":"e_1_3_4_35_2","first-page":"391","volume-title":"ACM Asia Conference on Computer and Communications Security","author":"Musch Marius","year":"2019","unstructured":"Marius Musch, Marius Steffens, Sebastian Roth, Ben Stock, and Martin Johns. 2019. ScriptProtect: Mitigating unsafe third-party JavaScript practices. In ACM Asia Conference on Computer and Communications Security. 391\u2013402."},{"issue":"1","key":"e_1_3_4_36_2","doi-asserted-by":"crossref","first-page":"22","DOI":"10.5334\/tilr.311","article-title":"Curtailing the cookie monster through data protection by default","volume":"27","author":"Naithani Paarth","year":"2022","unstructured":"Paarth Naithani. 2022. Curtailing the cookie monster through data protection by default. Tilburg Law Rev. 27, 1 (2022), 22\u201336.","journal-title":"Tilburg Law Rev."},{"key":"e_1_3_4_37_2","unstructured":"BBC News. 2021. Privacy group targets website \u201ccookie terror.\u201d Retrieved from https:\/\/www.bbc.com\/news\/technology-57306802"},{"key":"e_1_3_4_38_2","unstructured":"Tomasz Andrzej Nidecki. 2020. The HttpOnly Flag \u2013 Protecting Cookies against XSS. Retrieved from https:\/\/www.acunetix.com\/blog\/web-security-zone\/httponly-flag-protecting-cookies\/"},{"key":"e_1_3_4_39_2","unstructured":"Personal Information Protection Act (Republic of Korea). 2023. Amendment to PIPA (2023). Retrieved from http:\/\/koreanlii.or.kr\/w\/index.php\/2023_Amendment_to_PIPA"},{"key":"e_1_3_4_40_2","unstructured":"Directive on privacy and electronic communications. 2002. Directive on privacy and electronic communications. Retrieved from https:\/\/eur-lex.europa.eu\/legal-content\/EN\/ALL\/?uri=CELEX:32002L0058"},{"key":"e_1_3_4_41_2","first-page":"2144","volume-title":"the ACM Web Conference","author":"Pagey Rohan","year":"2023","unstructured":"Rohan Pagey, Mohammad Mannan, and Amr Youssef. 2023. All your shops are belong to us: Security weaknesses in e-commerce platforms. In the ACM Web Conference. 2144\u20132154."},{"key":"e_1_3_4_42_2","first-page":"2130","volume-title":"the Web Conference","author":"Papadogiannakis Emmanouil","year":"2021","unstructured":"Emmanouil Papadogiannakis, Panagiotis Papadopoulos, Nicolas Kourtellis, and Evangelos P. Markatos. 2021. User tracking in the post-cookie era: How websites bypass GDPR consent to track users. In the Web Conference. 2130\u20132141."},{"issue":"1","key":"e_1_3_4_43_2","article-title":"The evolving landscape of international consumer data privacy compliance.","volume":"16","author":"Pisano Mark","year":"2022","unstructured":"Mark Pisano, Robert A. Smith, and Kauther S. Badr. 2022. The evolving landscape of international consumer data privacy compliance. ACET J. Comput. Educ. Res. 16, 1 (2022), 1--9.","journal-title":"ACET J. Comput. Educ. Res."},{"key":"e_1_3_4_44_2","unstructured":"PortSwigger. 2024. Bypassing SameSite cookie restrictions. Retrieved 12 April 2024 from https:\/\/portswigger.net\/web-security\/csrf\/bypassing-samesite-restrictions"},{"key":"e_1_3_4_45_2","unstructured":"ProtonVPN. 2024. Connect to high-speed VPN servers in Japan. Retrieved from https:\/\/protonvpn.com\/vpn-servers\/japan?srsltid=AfmBOorxqz-VwDZWCkHp9wf-0Gnw9opBMKvkoaz7BfEpr0UfPlYAb2SI"},{"key":"e_1_3_4_46_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-28486-1_26"},{"key":"e_1_3_4_47_2","unstructured":"General Data Protection Regulation. 2016. GDPR regulation (EU) 2016\/... of the European parliament and of the council. Retrieved from https:\/\/data.consilium.europa.eu\/doc\/document\/ST-5419-2016-INIT\/en\/pdf"},{"key":"e_1_3_4_48_2","first-page":"155","volume-title":"9th USENIX Symposium on Networked Systems Design and Implementation (NSDI\u201912)","author":"Roesner Franziska","year":"2012","unstructured":"Franziska Roesner, Tadayoshi Kohno, and David Wetherall. 2012. Detecting and defending against third-party tracking on the web. In 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI\u201912). USENIX Association, 155\u2013168. Retrieved from https:\/\/www.usenix.org\/conference\/nsdi12\/technical-sessions\/presentation\/roesner"},{"key":"e_1_3_4_49_2","first-page":"1990","volume-title":"IEEE Symposium on Security and Privacy (SP\u201921)","author":"Sanchez-Rola Iskander","year":"2021","unstructured":"Iskander Sanchez-Rola, Matteo Dell\u2019Amico, Davide Balzarotti, Pierre-Antoine Vervier, and Leyla Bilge. 2021. Journey to the center of the cookie ecosystem: Unraveling actors\u2019 roles and relationships. In IEEE Symposium on Security and Privacy (SP\u201921). IEEE, 1990\u20132004."},{"key":"e_1_3_4_50_2","article-title":"Clash of the trackers: Measuring the evolution of the online tracking ecosystem","author":"Solomos Konstantinos","year":"2019","unstructured":"Konstantinos Solomos, Panagiotis Ilia, Sotiris Ioannidis, and Nicolas Kourtellis. 2019. Clash of the trackers: Measuring the evolution of the online tracking ecosystem. arXiv preprint arXiv:1907.12860 (2019).","journal-title":"arXiv preprint arXiv:1907.12860"},{"key":"e_1_3_4_51_2","first-page":"5539","volume-title":"32nd USENIX Security Symposium (USENIX Security\u201923)","author":"Squarcina Marco","year":"2023","unstructured":"Marco Squarcina, Pedro Ad\u00e3o, Lorenzo Veronese, and Matteo Maffei. 2023. Cookie crumbles: Breaking and fixing web session integrity. In 32nd USENIX Security Symposium (USENIX Security\u201923). 5539\u20135556."},{"key":"e_1_3_4_52_2","first-page":"2917","volume-title":"30th USENIX Security Symposium (USENIX Security\u201921)","author":"Squarcina Marco","year":"2021","unstructured":"Marco Squarcina, Mauro Tempesta, Lorenzo Veronese, Stefano Calzavara, and Matteo Maffei. 2021. Can I take your subdomain? Exploring Same-Site attacks in the modern web. In 30th USENIX Security Symposium (USENIX Security\u201921). 2917\u20132934."},{"key":"e_1_3_4_53_2","unstructured":"Statista. 2023. Top ecommerce in Austrailia via Similarweb. Retrieved from https:\/\/pro.similarweb.com\/#\/digitalsuite\/markets\/webmarketanalysis\/mapping\/E-commerce_and_Shopping\/36\/3m?webSource=Desktop"},{"key":"e_1_3_4_54_2","unstructured":"Statista. 2023. Top online stores in Australia in 2023 by e-commerce net sales. Retrieved from https:\/\/www.statista.com\/forecasts\/1014535\/australia-top-online-stores-australia-ecommercedb"},{"key":"e_1_3_4_55_2","unstructured":"TechNews. 2021. Amazon hit with record E.U. data privacy fine. Retrieved from https:\/\/www.nbcnews.com\/tech\/tech-news\/amazon-hit-record-eu-data-privacy-fine-rcna1566"},{"key":"e_1_3_4_56_2","unstructured":"United States Congress. 2021\u201322. American Data Privacy and Protection Act. Retrieved from https:\/\/www.congress.gov\/bill\/117th-congress\/house-bill\/8152"},{"issue":"2","key":"e_1_3_4_57_2","doi-asserted-by":"crossref","first-page":"226","DOI":"10.1017\/glj.2022.18","article-title":"Adtech and real-time bidding under European data protection law","volume":"23","author":"Veale Michael","year":"2022","unstructured":"Michael Veale and Frederik Zuiderveen Borgesius. 2022. Adtech and real-time bidding under European data protection law. Germ. Law J. 23, 2 (2022), 226\u2013256.","journal-title":"Germ. Law J."},{"key":"e_1_3_4_58_2","unstructured":"Mike West and Mark Goodwin. 2024. Same-site cookies \u2013 draft IETF6265. Retrieved from https:\/\/datatracker.ietf.org\/doc\/pdf\/draft-west-first-party-cookies-07.pdf"},{"key":"e_1_3_4_59_2","unstructured":"Julia Carrie Wong. 2019. The Cambridge Analytica scandal changed the world\u2014but it didn\u2019t change Facebook. Retrieved from https:\/\/www.theguardian.com\/technology\/2019\/mar\/17\/the-cambridge-analytica-scandal-changed-the-world-but-it-didnt-change-facebook"},{"key":"e_1_3_4_60_2","article-title":"Why aren\u2019t HTTP-only cookies more widely deployed","volume":"2","author":"Zhou Yuchen","year":"2010","unstructured":"Yuchen Zhou and David Evans. 2010. Why aren\u2019t HTTP-only cookies more widely deployed. Proc. 4th Web 2 (2010), 1--5.","journal-title":"Proc. 4th Web"}],"container-title":["ACM Transactions on the Web"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3708515","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3708515","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:17:45Z","timestamp":1750295865000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3708515"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,10]]},"references-count":59,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,2,28]]}},"alternative-id":["10.1145\/3708515"],"URL":"https:\/\/doi.org\/10.1145\/3708515","relation":{},"ISSN":["1559-1131","1559-114X"],"issn-type":[{"value":"1559-1131","type":"print"},{"value":"1559-114X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,10]]},"assertion":[{"value":"2024-05-16","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-11-04","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-01-10","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}