External Career Sites Powered by Workday – Cookie Details
Career sites powered by Workday drop these required cookies:
| Cookie subgroup | Cookies | Description | Cookie type | Cookie duration |
|---|---|---|---|---|
| Session experience | PLAY_LANG, PLAY_SESSION, timezoneOffset, wd-browser-id wday_vps_cookie CXS_SESSION |
User, device, and session ID cookies along with timestamp cookies for timing out sessions after inactivity. These cookies expire at the end of the session. | 1st party | Session |
| Security management | TS* | Helps prevent cyber attacks on the user’s interactions with the enterprise cloud applications. Verifies that the domain and subdomain cookies sent between the web server and the client aren’t altered. | 1st party | Session |
| Security management | CALYPSO_CSRF_TOKEN | Contains a CSRF token to prevent cross-site request forgery attacks, that is, to prevent a user from carrying out unintended operations on the career site. | 1st party | Session |
| Security management | __cf_bm | Identifies and mitigates automated traffic to protect the Platform from malicious bots. | 1st party | After 30 mins of inactivity |
| Load balancing | Naming convention of WorkdayLB_* WorkdayLB_UICLIENT, WorkdayLB_SAS |
Forwards requests for a single session to the same server for consistency of service. | 1st party | Session |
Organizations applying Workday Career Sites might enable one or more of the discretionary features that use cookies or similar technologies. The table below provides further detail on these optional cookies:
| Cookie subgroup | Cookies | Description | Cookie type | Cookie duration |
|---|---|---|---|---|
| Cookie preference | enablePrivacyTracking | Boolean tracker to capture user preference for nonessential cookies from External Career Site Cookie Banner. | 1st party | Session |
| Performance (analytics) | Google Analytics: _ga* | Delivers Google Analytics data as the nominated Tracking ID for External Site traffic metrics. | 1st party | 400 – 730 days |
| Functional (Apply with LinkedIn) | JSESSIONID lang bcookie bscookie li_gc lissc lidc fcookie fid |
Supports the Apply with LinkedIn feature. For details, contact LinkedIn. See sample Apply with LinkedIn reference materials. | 3rd party | Session (JSESSIONID, lang) 2 years the rest. |
Workday Application
Workday’s enterprise cloud application drops these required cookies:
| Cookie subgroup | Cookies | Description | Cookie type | Cookie duration |
|---|---|---|---|---|
| Session experience | PLAY_LANG, PLAY_SESSION, timezoneOffset, helpLastCheckin, JSESSIONID, LastUserActivity, learningLastCheckIn, SessionTimeoutMS, UserSignedIn, sessionLoggingInfo, uid, wd-alt-sessionid, wd-browser-id |
User, device, and session ID cookies along with timestamp cookies for timing out sessions after inactivity. These cookies expire at the end of the session. | 1st party | Session |
| Security management | TS* | Helps prevent cyberattacks on the user’s interactions with the enterprise cloud applications. Verifies that the domain and subdomain cookies that are sent between the web server and the client aren’t altered. | 1st party | Session |
| Security management | deviceID | Uses deviceID to support the Trusted Devices feature. It expires after 1 year (See Trusted Devices FAQ for configuring trusted devices). | 1st party | 1 year |
| Security management | __cf_bm | Identifies and mitigates automated traffic to protect the Platform from malicious bots. | 1st party | After 30 mins of inactivity |
| Security management | _cfuvid | The _cfuvid cookie is only set when a site uses this option in a Rate Limiting Rule. It is only used to enable the Cloudflare WAF to distinguish individual users who share the same IP address. | 1st party | Session |
| Load balancing | Naming convention of WorkdayLB_* WorkdayLB_BP, WorkdayLB_MICROSCOPE, WorkdayLB_PEX, WorkdayLB_SAS, WorkdayLB_TALK, WorkdayLB_TALK_rest, WorkdayLB_TALK_ws, WorkdayLB_UI, WorkdayLB_UIAUTHGWY, WorkdayLB_USB, WorkdayLB_VPS2, WorkdayLB_WDRIVE_client, WorkdayLB_WDRIVE_server_rest, WorkdayLB_WDRIVE_server_ws |
Forwards requests for a single session to the same server for consistency of service. | 1st party | Session |
| Load balancing | __cflb | Enables Cloudflare to return an end user to the same customer origin for a specific period of time configured by the customer. This process enables the end user to have a smooth experience. | 1st party | 11 hours |
Information fetched on 20/03/2026
Click here to view the Recruiting privacy policies