Cookies
Cookie Notice
The cookies APN sets today, why each exists, and how optional analytics stays off unless you consent.
1#What this covers
A cookie is a small file stored by your browser. This notice lists the cookies APN sets or allows through its current providers. It is based on the code path running today, not a generic template.
2#Strictly necessary cookies
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| sb-*-auth-token | APN / Supabase | Keeps you signed in. Supabase may split the token into numbered chunks. Present only when you are logged in. | Until sign-out or token expiry |
| apn_fb | APN | HTTP-only random ID used to dedupe article feedback votes and limit abuse. It is not used for ads or cross-site tracking. | 12 months |
Blocking auth cookies breaks sign-in and account features. Blocking apn_fb only resets anonymous feedback dedupe.
3#Preference cookies
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| apn_analytics_consent | APN | Stores whether you accepted or declined optional analytics so the banner does not ask every visit. | 12 months |
4#Optional analytics cookies
Google Analytics 4 is off by default. APN sets Google Consent Mode to denied before any remote analytics script can load. GA4 loads only after you choose Accept in the banner.
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics 4 | Distinguishes visits for aggregate, consented analytics. | Usually up to 2 years |
| _ga_* | Google Analytics 4 | Stores GA4 session and measurement state for the configured APN measurement ID. | Usually up to 2 years |
APN does not send ad_storage, ad_user_data, or ad_personalization consent. See Google's "How Google uses information from sites or apps that use our services" page for Google's own processing explanation.
5#Cloudflare security cookies
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| __cf_bm | Cloudflare | Bot management and traffic integrity when Cloudflare decides a short-lived check is needed. | About 30 minutes |
| cf_clearance | Cloudflare | Stores a passed challenge when Cloudflare presents one. | Varies by challenge policy |
Cloudflare Turnstile can also run non-interactive checks on protected flows. APN uses those checks for security, not advertising.
6#What APN does not use
- No advertising cookies.
- No data-broker cookies.
- No cross-site profiling cookies.
- No analytics before consent.
- No retired WordPress-era email tracking in the current public site.
7#Your controls
- Accept or decline optional analytics in the APN banner.
- Clear apn_analytics_consent to reset the banner.
- Use browser controls to clear, block, or inspect cookies for allpatchnotes.com.
- Sign out to remove auth session cookies.
- Enable Global Privacy Control or Do Not Track. APN treats either signal as denied analytics consent when no prior APN cookie exists.
8#Changes
When APN adds, removes, or changes cookies, this page is updated with a new effective date. If a new feature needs consent, the consent step ships with the feature.
*Cookie questions
For cookie, analytics, or privacy questions, use the legal inbox.
legal@allpatchnotes.comOpen email with subject "Cookies"
Privacy / Terms / Cookies / Accessibility / Contact