GitHub provides a great deal of transparency regarding how we use your data, how we collect your data, and with whom we share your data. To that end, we provide this page which details how we use cookies.
GitHub uses cookies to provide and secure our websites, as well as to analyze the usage of our websites, in order to offer you a great user experience. Please take a look at our Privacy Statement if you’d like more information about cookies, and on how and why we use them.
Since the number and names of cookies may change, the table below may be updated from time to time.
| Service Provider | Cookie Name | Description | Expiration* |
|---|---|---|---|
| GitHub | app_manifest_token |
This cookie is used during the App Manifest flow to maintain the state of the flow during the redirect to fetch a user session. | Five minutes |
| GitHub | color_mode |
This cookie is used to indicate the user selected theme preference. | Session |
| GitHub | _device_id |
This cookie is used to track recognized devices for security purposes. | One year |
| GitHub | dotcom_user |
This cookie is used to signal to us that the user is already logged in. | One year |
| GitHub | _gh_ent |
This cookie is used for temporary application and framework state between pages like what step the customer is on in a multiple step form. | Two weeks |
| GitHub | _gh_sess |
This cookie is used for temporary application and framework state between pages like what step the user is on in a multiple step form. | Session |
| GitHub | gist_oauth_csrf |
This cookie is set by Gist to ensure the user that started the oauth flow is the same user that completes it. | Deleted when oauth state is validated |
| GitHub | gist_user_session |
This cookie is used by Gist when running on a separate host. | Two weeks |
| GitHub | has_recent_activity |
This cookie is used to prevent showing the security interstitial to users that have visited the app recently. | One hour |
| GitHub | __Host-gist_user_session_same_site |
This cookie is set to ensure that browsers that support SameSite cookies can check to see if a request originates from GitHub. | Two weeks |
| GitHub | __Host-user_session_same_site |
This cookie is set to ensure that browsers that support SameSite cookies can check to see if a request originates from GitHub. | Two weeks |
| GitHub | logged_in |
This cookie is used to signal to us that the user is already logged in. | One year |
| GitHub | marketplace_repository_ids |
This cookie is used for the marketplace installation flow. | One hour |
| GitHub | marketplace_suggested_target_id |
This cookie is used for the marketplace installation flow. | One hour |
| GitHub | _octo |
This cookie is used for session management including caching of dynamic content, conditional feature access, support request metadata, and first party analytics. | One year |
| GitHub | org_transform_notice |
This cookie is used to provide notice during organization transforms. | One hour |
| GitHub | private_mode_user_session |
This cookie is used for Enterprise authentication requests. | Two weeks |
| GitHub | saml_csrf_token |
This cookie is set by SAML auth path method to associate a token with the client. | Until user closes browser or completes authentication request |
| GitHub | saml_csrf_token_legacy |
This cookie is set by SAML auth path method to associate a token with the client. | Until user closes browser or completes authentication request |
| GitHub | saml_return_to |
This cookie is set by the SAML auth path method to maintain state during the SAML authentication loop. | Until user closes browser or completes authentication request |
| GitHub | saml_return_to_legacy |
This cookie is set by the SAML auth path method to maintain state during the SAML authentication loop. | Until user closes browser or completes authentication request |
| GitHub | tz |
This cookie allows us to customize timestamps to your time zone. | Session |
| GitHub | user_session |
This cookie is used to log you in. | Two weeks |
(*) The expiration dates for the cookies listed below generally apply on a rolling basis.