Add cookies policy documentation

[Copilot]

Adds comprehensive cookies policy documentation to the repository covering all cookies used by GitHub and third-party providers.

Changes

• COOKIES.md: New file containing detailed cookie information
  • 100+ cookies from 10 providers (GitHub, Microsoft, Adobe, Contentsquare, Facebook, Fullstory, Google, LinkedIn, Quantcast, Yahoo)
  • Structured table format with cookie names, descriptions, and expiration periods
  • Legal references and related documentation links

The policy provides transparency about data collection and cookie usage for repository users and contributors.

Original prompt

Skip to main content
GitHub Docs
Site policy/Privacy Policies/GitHub Cookies
GitHub Cookies
Cookies
GitHub provides a great deal of transparency regarding how we use your data, how we collect your data, and with whom we share your data. To that end, we provide this page which details how we use cookies.

GitHub uses cookies to provide and secure our websites, as well as to analyze the usage of our websites, in order to offer you a great user experience. Please take a look at our Privacy Statement if you’d like more information about cookies, and on how and why we use them and cookie-related personal data. You can change your preference about non-essential cookies at any time by following these instructions.

Since the number and names of cookies may change, the table below may be updated from time to time. To receive notifications of updates to this list, please follow the instructions provided in About notifications.

Provider of Cookie Cookie Name Description Expiration*
GitHub app_manifest_token This cookie is used during the App Manifest flow to maintain the state of the flow during the redirect to fetch a user session. Five minutes
GitHub color_mode This cookie is used to indicate the user selected theme preference. Session
GitHub _device_id This cookie is used to track recognized devices for security purposes. One year
GitHub dotcom_user This cookie is used to signal to us that the user is already logged in. One year
GitHub enterprise_trial_redirect_to This cookie is used to complete a redirect for trial users 5 minutes
GitHub fileTreeExpanded Used to indicate whether the file tree on the code view was last expanded or collapsed 30 days
GitHub ghcc This cookie validates user's choice about cookies 180 Days
GitHub _gh_ent This cookie is used for temporary application and framework state between pages like what step the customer is on in a multiple step form. Two weeks
GitHub _gh_sess This cookie is used for temporary application and framework state between pages like what step the user is on in a multiple step form. Session
GitHub gist_oauth_csrf This cookie is set by Gist to ensure the user that started the oauth flow is the same user that completes it. Deleted when oauth state is validated
GitHub gist_user_session This cookie is used by Gist when running on a separate host. Two weeks
GitHub has_recent_activity This cookie is used to prevent showing the security interstitial to users that have visited the app recently. One hour
GitHub __Host-gist_user_session_same_site This cookie is set to ensure that browsers that support SameSite cookies can check to see if a request originates from GitHub. Two weeks
GitHub __Host-user_session_same_site This cookie is set to ensure that browsers that support SameSite cookies can check to see if a request originates from GitHub. Two weeks
GitHub logged_in This cookie is used to signal to us that the user is already logged in. One year
GitHub marketplace_repository_ids This cookie is used for the marketplace installation flow. One hour
GitHub marketplace_suggested_target_id This cookie is used for the marketplace installation flow. One hour
GitHub _octo This cookie is used for session management including caching of dynamic content, conditional feature access, support request metadata, and first party analytics. One year
GitHub org_transform_notice This cookie is used to provide notice during organization transforms. One hour
GitHub private_mode_user_session This cookie is used for Enterprise authentication requests. Two weeks
GitHub saml_csrf_token This cookie is set by SAML auth path method to associate a token with the client. Until user closes browser or completes authentication request
GitHub saml_csrf_token_legacy This cookie is set by SAML auth path method to associate a token with the client. Until user closes browser or completes authentication request
GitHub saml_return_to This cookie is set by the SAML auth path method to maintain state during the SAML authentication loop. Until user closes browser or completes authentication request
GitHub saml_return_to_legacy This cookie is set by the SAML auth path method to maintain state during the SAML authentication loop. Until user closes browser or completes authentication request
GitHub show_cookie_banner Set based on the client’s region and used to determine if a cookie consent banner should be shown Session
GitHub social_csrf_token This cookie is set by the social initiate path to ensure that the user that started the flow is the same user that completes it. 5 minutes
GitHub tz This cookie allows us to customize timestamps to your time zone. Session
GitHub user_session This cookie is used to log you in. Two weeks
Microsoft ai_session Application Insights session ID One year
Microsoft ai_user Application Insights user ID 30 minutes
Microsoft ANONCHK This Microsoft Clarity cookie monitors website performance One year
Microsoft isFirstSession This cookie is used when user opts-in to saving information Session
...

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[montinode]

Signed by. human