_pxvid

Used for browser detection and distinguishing whether it is a real user or malicious bot.

JS

1 year

1st Party

Strictly Necessary

Visitor ID (randomly generated ID)

42b

_px* (e.g _px, _px2, _px3)

Used to maintain a session with PerimeterX. It does not correspond to any user ID in the web application and does not store any personally identifiable information.

JS

2 days

1st Party

Strictly Necessary

Visitor ID (randomly generated ID)
Session ID (uuid)
Time expiration

up to 500b

_pxff_*
(e.g
_pxff_af_c
_pxff_af_rf
_pxff_af_se
_pxff_af_sp
_pxff_af_wp
_pxff_bdd
_pxff_idp_c
_pxff_idp_p
_pxff_wa
_pxff_wow
_pxff_ww
_pxff_tm)

Used to flag features for browser detection and distinguishing whether it is a real user or malicious bot.

JS

1 day

1st Party

Strictly Necessary

all pxff cookies are feature flags for PerimeterX code, including no visitor specific data, but instead - instructions for the PerimeterX code running on the client side.

9b-20b

_pxmvid

User Token (from WebView via mobile SDK integration)

JS

1 hour

1st Party

Strictly Necessary

Visitor ID (randomly generated ID)

43b

_pxhd

Used for server-side detection and distinguishing whether it is a real user or malicious bot.

HTTP

1 year

1st Party

Strictly Necessary

Visitor ID (randomly generated ID)

106b

pxcts

Used to maintain a cross tab session

HTTP

session

1st Party

Strictly Necessary

cross tab session
(randomly generated ID)

43b

_pxde

Data enrichment feature (e.g is the user in access control)

JS

5 days

1st Party

Analytics

Hashed incident type
Hashed access control identification

100b-200b

Sensor

Size

30kb

Sensor

CPU block time (sync load)

50ms (95th percentile)

Server-side

95th percentile of API request time

35-50ms
(impacting only 5% or less of legitimate
users’ requests)

Server-side

Token validation

under 2ms (95th percentile)