1. Introduction

When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

  • enabling a service to recognise your device so you don't have to give the same information several times during one task
  • recognising that you may already have given a username and password so you don't need to do it for every web page requested
  • measuring how many people are using services, so they can be made easier to use and there's enough capacity to ensure they are fast
  • analysing anonymised data to help us understand how people interact with govt services so we can make them better

If you'd like to learn how to remove cookies set on your device, visit the GOV.UK website.

2. ESDAL2 cookies

Session management

These are session-based cookies used to ensure the smooth running of user's sessions.

Name: ASP.NET_SessionId
Purpose: This is a session cookie providing a user with a unique session ID - used to maintain an
anonymised user session. Note. This is assigned prior to a user logging-in.
Typical content: Randomly generated number/text
Expires: When browsing session ends

Purpose: This cookie is used to identify a logged-in user to enable access to secure areas of the site.
Typical content: Randomly generated number/text
Expires: When browsing session ends

Name: NSC_xxx
Purpose: SSL Session ID persistence, the system load balancer uses the SSL Session ID, which is
part of the SSL handshake process, to create a persistence session before the initial request is
directed to a service i.e. Web Server. The load balancing virtual server directs subsequent requests
that have the same SSL session ID to the same service.
Typical content: predefined string of letters and numbersidentifying the service
Expires: Typically 200mins if a browser is not closed

Name: RequestVerificationToken
Purpose: Anti-forgery verification token. This token is used to prevent cross-site request forgery
Expires: When browsing session ends

3. How to control and delete cookies

We will not use cookies to collect personally identifiable information about you.

However, if you wish to restrict or block the cookies which are set by our websites, or indeed any other website, you can do this through your browser settings. The 'Help' function within your browser should tell you how.

Alternatively, you may wish to visit which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your machine as well as more general information about cookies.

Please be aware that restricting cookies may impact on the functionality of some websites.

If you wish to view your cookie code, just click on a cookie to open it. You'll see a short string of text and numbers. The numbers are your identification card, which can only be seen by the server that gave you the cookie.

For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.

To opt-out of third-parties collecting any data regarding your interaction on our website, please refer to their websites for further information.