0

I host a simple (static) html page on a subdomain host by OVH. There is nothing else on this subdomain.

The webpage uses standard html things plus a <img> tag whose src is

https://chart.googleapis.com/chart?chs=300x300&cht=qr&choe=UTF-8&chl=<DATA>

When inspecting my browser, I found that two cookies are found for this subdomain:

First one:

Name: 300gpBAK
Content: R4178757645
Host: <my subdomain>
Path: /
Expires: creation time + 1h

Second one:

Name: 300gp
Content: R588125346
Host: <my subdomain>
Path: /
Expires: creation time + 1h11

So my question boils down to: where do they come from? Is it from Google API? Why are they bound to my subdomain instead of chart.googleapis.com?

YSC
  • 38,212
  • 9
  • 96
  • 149

1 Answers1

1

It looks very much like a cookie that's been added by the hosting company (OVH).

Looking at https://tools.digitalpoint.com/cookie-search?name=300gp, it reveals about 85 pages of domains that have that cookie set.

Executing whois on the IP addresses associated with a couple of these, I always get:

inetnum:        213.186.33.0 - 213.186.33.255
netname:        OVH
descr:          OVH SAS
descr:          Shared Hosting Servers
descr:          http://www.ovh.com
country:        FR
Robby Cornelissen
  • 91,784
  • 22
  • 134
  • 156
  • I'm felling mildly violated by this intrusive hosting company... Why would they do that? – YSC Sep 28 '17 at 09:12
  • No idea... User tracking? Surprised that this is even legal in the EU. – Robby Cornelissen Sep 28 '17 at 09:13
  • Ok, now that I know what to look for, I've found an explanation (in french). They are (accordingly to OVH) technical cookies used to redirect viewers in a way that depends on the servers' load. They are reportedly _"not subject to the UE law on cookies"_. – YSC Sep 28 '17 at 09:14