GOV.UK
Details about cookies used by ESFA
The Education and Skills Funding Service (ESFA) puts small files (known as 'cookies') onto your computer to collect information about how you browse the site. Find out more about the cookies we use, what they're for and when they expire.
Cookies that measure website use
We use Google Analytics software (Universal Analytics) to collect anonymised information about how you use ESFA digital services. We do this to help make sure the site is meeting the needs of its users and to help us make improvements.
Google Analytics stores information about:
- how you got to the site
- the pages you visit on ESFA sites and services and how long you spend on them
- what you click on while you're visiting the site
Google Analytics sets the following cookies:
| Name | Purpose | Expires |
|---|---|---|
| _ga | This helps us count how many people visit ESFA sites by tracking if you've visited before | 2 years |
| _gat | Used to manage the rate at which page view requests are made | 2 years |
Cookies message
You may see a banner when you visit ESFA sites and services, inviting you to accept cookies or review your settings. We'll set cookies so that your computer knows you've seen it and not to show it again, and also to store your settings.
| Name | Purpose | Expires |
|---|---|---|
| cookies_policy | Stores which cookie types you want to allow | 1 year |
| cookies_preferences_set | Stores whether you have seen the cookie banner | 1 year |
Session cookies
We store session cookies on your computer to help keep your information secure while you use the service. Not all cookies will be set on all sessions. These are the cookies that we might set.
| Name | Purpose | Expires |
|---|---|---|
| User.Auth | Stores encrypted information that is used by the server to identify the signed in user | 2 hours |
| User.Context | Stores the email address and full name of a signed in user | Session |
| _RequestVerificationToken or .AspNetCore.Antiforgery | This is an anti-forgery token and is used to prevent cross-site request forgery (CSRF) attacks. It prevents others from forging your website links. | Session |
| .Auth.MyEsf.Shared | Stores encrypted information that is used by the server to identify the signed in user | Session |
| .Auth.Vyp.Shared | Stores encrypted information that is used by the server to identify the signed in user | 2 hours |
| Vyp.user.session | Saves user search and filter information for better user experience | Session |
| .Auth.MyesfDocEx.Shared | Stores encrypted information that is used by the server to identify you after sign in. There might be more than one of these and they will have 'C1', 'C2', and so on, at the end. | Session |
Change your settings
You can change your Google Analytics cookies preference.
Last updated: 3 March 2021