1. What Are Cookies
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work efficiently, to maintain session state, and to provide information to website operators. Cookies can be "session" cookies (deleted when you close your browser) or "persistent" cookies (retained until they expire or you delete them).
2. How We Use Cookies
Unheadless uses only strictly necessary cookies that are essential for the application to function. These cookies enable core functionality such as user authentication, security protections, and session management.
We do not use:
- Analytics or performance cookies
- Advertising or marketing cookies
- Social media tracking cookies
- Any third-party cookies
3. Cookies We Set
Below is a complete list of every cookie set by the Unheadless application.
Authentication Cookies
These cookies are set automatically by the Auth.js authentication framework to manage your login session and protect against cross-site request forgery (CSRF) attacks.
| Cookie Name | Purpose | Duration |
|---|---|---|
authjs.session-token | Stores your encrypted session for authentication (development / HTTP) | Session |
__Secure-authjs.session-token | Same session token with the Secure flag (production / HTTPS) | Session |
authjs.csrf-token | Protects against cross-site request forgery (development / HTTP) | Session |
__Host-authjs.csrf-token | Same CSRF token with the Host prefix (production / HTTPS) | Session |
authjs.callback-url | Stores the redirect URL during the sign-in flow (development / HTTP) | Session |
__Secure-authjs.callback-url | Same callback URL cookie with Secure flag (production / HTTPS) | Session |
Functional Cookies
These cookies are set by the Unheadless application for core product functionality.
| Cookie Name | Purpose | Duration |
|---|---|---|
unheadless-impersonate | Enables administrator user impersonation for customer support purposes. Only set when a platform administrator activates this function. | Session (cleared on browser close) |
unheadless_simulator_conn | Stores the active CMS connection ID for the content simulator feature. | 24 hours |
4. Third-Party Cookies
Unheadless does not use any third-party cookies. We do not integrate Google Analytics, Facebook Pixel, advertising networks, social media trackers, or any other third-party tracking technologies.
5. Cookie Consent
Under the EU ePrivacy Directive (Article 5(3)) and GDPR, cookies that are "strictly necessary" for the provision of a service explicitly requested by the user are exempt from the requirement to obtain consent.
Because all cookies set by Unheadless fall into the strictly necessary category — they are required for authentication, security, and core application functionality — no cookie consent banner or opt-in mechanism is required.
6. Managing Cookies
You can manage cookies through your browser settings. Most browsers allow you to view, delete, and block cookies. However, please note that if you disable or block the cookies listed above, the Unheadless application will not function correctly — you will not be able to maintain a login session or use the Service.
For instructions on managing cookies in your browser:
- Chrome: Settings → Privacy and Security → Cookies and other site data
- Firefox:Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions → Cookies and site data
7. Changes to This Policy
If we begin using additional cookies — particularly non-essential cookies — we will update this policy and implement appropriate consent mechanisms before deploying them. Material changes will be communicated via email.
8. Contact Us
For questions about our cookie practices, please contact:
- Privacy inquiries: privacy@unheadless.com
- Entity: Unheadless