API check

Hosting Support
1

Hello,

I have read the information about the API-check at https://infinityfree.net/support/javascript-error-using-api-or-mobile-android-app/ and while it is clearly explained I would like to ask for a little additional information/clarification to make sure I inform my visitors about it correctly.

As I understand it now a visitor enters the url to my website.
The server returns a page with the javascript provided in the above link.
The javascript executes and generates a cookie before it returns.
Subsequently, the server returns the desired page of my website.

My questions:
Is this javascript always the same or does it contain any information that is related to this specific visit to the website. And how long is this information retained?
To be specific:

  • Does the script and/or the cookie contain any information that can be used to identify which website has been visited?
  • Does the script and/or the cookie contain any information about who is visiting the website (for example the ip-address)?
  • Does the script and/or the cookie contain any information about when the website is visited (for example a timestamp)?
  • When does the cookie expire?

Thanks in advance for your (always great) support.

2

Thank you for your message (and for checking the knowledge base beforehand!), I’m happy to clarify the things you asked about.

Does the script and/or the cookie contain any information that can be used to identify which website has been visited?

Browser cookies are normally only available to a single domain name. The security cookies are no exception. That means that other websites cannot see if or which security cookies are set for other websites.

So these cookies do not leak any information about your browsing habits. The only way other websites could track visitors is through third party tracking cookies, Referrer headers and so on. So that’s no different from any other website.

Does the script and/or the cookie contain any information about who is visiting the website (for example the ip-address)?

The security challenge is solely based on randomly generated hashes. It’s possible that some parameters, like the IP address or browser user agent string, are used in generating these hashes, but it’s not possible to decode these values from the generated cookie.

Does the script and/or the cookie contain any information about when the website is visited (for example a timestamp)?

To my knowledge, no. The expiration of the cookie seems to be a fixed value, and it’s not possible to determine the age of a cookie.

When does the cookie expire?

The cookie expiration date is hard coded to 31 December 2037 23:55:55 GMT. So it can basically be used forever.

1 Like
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.