This page explains what cookies are, exactly which ones the vpn.now website sets, and how to control them. It is a short list, because we use almost none. The summary: we set only the cookies needed to log you in and keep our forms secure. No advertising cookies, no third party analytics, no cross site tracking of any kind.
What cookies are
A cookie is a small piece of text that a website asks your browser to store. When you come back to the site, your browser sends the cookie along with your request. Cookies are how a website remembers things between page loads, such as the fact that you are logged in. Without them, you would have to type your password on every single page.
Cookies have a bad reputation because many sites use them to follow people across the web for advertising. That is a choice each site makes, not something built into cookies themselves. We made the opposite choice.
The exact cookies we set
The vpn.now website is a single web application with no embedded third party content, so every cookie listed here is set by us, for us. This is the complete list:
| Cookie | What it does | How long it lasts | Protections |
|---|---|---|---|
| session | The standard Flask session cookie. It keeps you logged in as you move between pages and carries your dashboard state. It also holds the CSRF token described below. | Up to 14 days when you tick "remember me" at login. Otherwise it ends when you close your browser. Logging out clears it right away. | HttpOnly, so page scripts cannot read it. SameSite=Lax, so other sites cannot send it with their requests. Sent only over HTTPS in production. |
| remember_token | Set only if you tick "remember me" at login. It lets you stay signed in after restarting your browser. If you never tick the box, this cookie is never set. | Until it expires or you log out. | HttpOnly. Sent only over HTTPS in production. |
| csrf_token | A random token that protects our forms against cross site request forgery, an attack where another website tries to submit actions on our site as you. Every form on vpn.now must echo this token back, which proves the request really came from our pages. It travels inside your session and contains nothing about you. | Lives and dies with your session. | Same protections as the session cookie that carries it. |
That is the whole list. The public pages of the site work without any cookies at all. Cookies only come into play when you log in or submit a form.
What we deliberately do not use
The vpn.now website does not use:
- Analytics cookies, first party or third party
- Advertising cookies or ad network pixels
- Third party trackers of any kind, including social media buttons that report your visit
- Fingerprinting scripts that identify your browser without cookies
- Any third party embeds that could set their own cookies
This is by design, not by accident. A privacy service that tracked visitors on its own website would not deserve your trust. Our privacy policy lists every piece of data we store, and our transparency page explains why each piece exists. Cookies follow the same rule: collect the minimum, explain everything.
Cookies and the VPN are different things
A common misunderstanding is worth clearing up: a VPN does not block, delete, or manage cookies. Cookies live in your browser and are set by the websites you visit. The VPN tunnel encrypts your traffic and hides your IP address, but the cookies a site stores in your browser keep working exactly as before, VPN or not.
If a site can recognize you through a cookie, it still can while you use vpn.now. That is why we never claim a VPN makes you anonymous. For the full picture of how cookies and trackers interact with a VPN, read cookies and tracking explained in our learn section.
How to control cookies in your browser
Every modern browser lets you view, block, or delete cookies. The short version for each:
- Chrome. Settings, then "Privacy and security", then "Third-party cookies" and "Site settings" to view or delete stored cookies.
- Firefox. Settings, then "Privacy & Security". Enhanced Tracking Protection handles third party cookies, and "Cookies and Site Data" lets you clear stored ones.
- Safari. Settings, then "Privacy". "Manage Website Data" shows and deletes stored cookies. Safari blocks most cross site cookies by default.
- Edge. Settings, then "Cookies and site permissions", then "Manage and delete cookies and site data".
You can block all cookies for vpn.now if you wish. The public pages will work fine, but logging in will not, because the session cookie is how our servers know you are you.
Consent and the law
European ePrivacy rules require consent banners for cookies that are not strictly necessary, such as analytics and advertising cookies. Every cookie we set exists only so the site can function, which is the category those rules treat as strictly necessary and exempt from consent. That is why you do not see a cookie banner on vpn.now: there is nothing optional to consent to.
This is our good faith reading of the rules as they apply to us, not legal advice for your own situation. If the rules change, or if we ever add a cookie that needs consent, we will add a proper consent step rather than bend the definition. Given how we run this service, do not expect that to happen.
Changes to this policy
If we ever add or change a cookie, we will update this page, update the date at the top, and explain exactly what the new cookie does. For changes that matter, we will notify account holders by email.
Contact
Questions about cookies on vpn.now? Contact support and we will give you a plain answer.