Cookie policy
Cookie Policy
What are cookies?
A cookie is a small text file that is downloaded onto ‘terminal equipment’ (e.g. a computer or smartphone) when the user accesses a website. It allows the website to recognise the user's device and store some information about the user's preferences or past actions.
How are cookies used?
In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third-party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.
What are sessions and persistent cookies?
Session Cookies expire at the end of a browser session (e.g. when the user exits the Post Office - Holiday Money Online website/customer journey), whereas persistent Cookies can be stored for longer on your device in between sessions, helping you to remember your preferences or actions across a site. Users can delete previously set persistent cookies manually or configure the browser settings to delete cookies at a set interval.
What are essential and optional cookies?
Cookies can be classified as either ‘essential’ or ‘optional’.
Essential Cookies
These are cookies that are either:
- used solely to carry out or facilitate the transmission of communications over a network; or
- strictly necessary to provide an online service (e.g. our website or a service on our website) which you have requested.
Optional Cookies
These are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyse your behaviour on a website (‘analytical’ cookies) or cookies used to display advertisements to you (‘advertising’ cookies).
What are ‘first party’ and ‘third party’ Cookies?
Whether a cookie is ‘first’ or ‘third’ party refers to the website or domain placing the cookie. First-party cookies are set directly by the website the user is visiting, i.e. the URL displayed in the browser's address bar.
Third-party cookies are set by a domain other than the one the user is visiting. This typically occurs when the website incorporates elements from other sites, such as images, social media plugins or advertising. When the browser or other software fetches these elements from the other sites, they can set cookies as well.
What are similar technologies?
Functions usually performed by a cookie can be achieved by other means. This could include, for example, using certain characteristics to identify devices so that visits to a website can be analysed e.g. scripts, tracking pixels, plugins, HTML5 local storage, Local Shared Objects, device fingerprinting techniques and use of any APIs (internal and/or external).
Our use of cookies
First rate uses cookies for the following reasons:
- To improve the performance of our websites by understanding which parts work well, and which don't.
- To enable us to collect information about how you and other people use our website.
- To improve your experience on our websites, for example, we use Cookies to remember the products you've put in your basket and to personalise your experience.
What cookies do we use?
Strictly necessary Cookies
These are Cookies that are required for the operation of our website. They are essential for the safety, security and integrity of the site. For example, they help support the structure of the pages that are displayed to you, help to improve navigation and allow you to return to pages you have previously visited. This type of Cookie only lasts for the duration of the time you are visiting the website. When you leave the website, they are deleted automatically.
Performance Cookies or analytical Cookies
They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. The data is aggregated and anonymised, which means we cannot identify you as an individual.
Functionality Cookies
These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region). These Cookies will remain on your device until you choose to clear them. If you choose to do this, you will need to enter your details each time you visit the site.
Targeting Cookies
These allow us to identify you between different websites to be able to show you personalised ads based on your web browsing activity.
Blocking or restricting Cookies
You can stop Cookies from being used on your device by activating the setting on your browser (e.g. Google Chrome, Safari, Mozilla Firefox) that allows you to block the deployment of all or some Cookies. Please visit whatarecookies.com to find out how. Please note that if you use your browser settings to block Cookies, you may not be able to access all or parts of our site.
Cookies which First Rate uses
Strictly necessary Cookies
| Host | Cookie Name | Description | Expiry Duration |
| mybigcommerce.com | __cf_bm | The __cf_bm cookie is a cookie necessary to support Cloudflare Bot Management, currently in private beta. As part of our bot management service, this cookie helps manage incoming traffic that matches criteria associated with bots. | Session (until browser is closed) |
| This is a CloudFoundry cookie | |||
| BigCommerce StoreFront Cookies | FORNAX_ANONYMOUSID (analytics) | Platform performance and analytics | 2 Years |
| (https://security.bigcommerce.com/?itemUid=98a98389-38a4-4205-9db9-821319f78044) | |||
| LASTVISITEDCATEGORY | Tracks last visited category to build product breadcrumbs | Session | |
| RECENTLY_VIEWED_PRODUCTS | Keeps track of products which the user has viewed to show recently viewed block | Session (until browser is closed) | |
| SHOP_ORDER_TOKEN | Representation of the order - only seen with single page express checkout | 1 Day | |
| SHOP_SESSION_TOKEN | Representation of the user session | 1 Week | |
| SHOP_TOKEN | Essential for security; used to store the customers hash after logging in & is used for customer look up | 1 Week | |
| STORE_VISITOR | Used to track anonymous site usage | 1 Day | |
| XSRF-TOKEN OR SF-CSRF-TOKEN* | Token to avoid cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF | Session | |
| Shopper-Pref | Used to essential store shopper preferences such as currency | 1 Week | |
| tracking-preferences | Used to store shopper tracking preferences when consent manager is enabled to help determine what type of non-essential scripts will load based on user consent | 2 Years | |
| bc_consent | Used to determine if the shopper has consented to tracking when the consent manager is enabled | 2 Years | |
| SHOP_SESSION_ROTATION_TOKEN OR HOST-SHOP_SESSION_ROTATION_TOKEN* | Essential for security; used for cart/checkout sessions | 2 weeks | |
| SHOP_DEVICE_TOKEN | Essential for security; used for lockouts | 1 month | |
| athena_short_visit_id | Used to store a Visitors ID | 30 Minutes | |
| viewPosts[limit] | This cookie name is used to maintain filter settings on the website. | 0 | |
| Post Office | http://postoffice.co.uk | Maintaining session continuity and user preferences. | Session (until browser is closed) |
| postofficemoney.co.uk | Maintaining session continuity and user preferences. | Session (until browser is closed) | |
| postoffice.insure-systems.co.uk | Maintaining session continuity and user preferences. | Session (until browser is closed) | |
| ci-dev-postoffice.cdp.interna | Maintaining session continuity and user preferences. | Session (until browser is closed) | |
| postoffice.creditcardservicing.com | Maintaining session continuity and user preferences. | Session (until browser is closed) | |
| postoffice.secure.force.com | Maintaining session continuity and user preferences. | Session (until browser is closed) | |
| ensighten.postoffice.co.uk | Maintaining session continuity and user preferences. | Session (until browser is closed) | |
| budgetcalcpostoffice.tso.co.uk | Maintaining session continuity and user preferences. | Session (until browser is closed) | |
| First Rate Exchange Services | travelmoneyonline.co.uk | Maintaining session continuity and user preferences. | Session (until browser is closed) |
| Affiliate Window | .zenaps.com | Used for tracking affiliate marketing activities and ensuring accurate attribution of conversions. | Varies (typically months) |
| .awin1.com | Tracks affiliate referrals and commissions, managing the affiliate program effectively. | Varies (typically months) | |
| .dwin1.com | Ensures accurate tracking and reporting of affiliate marketing activities. | Varies (typically months) | |
| .sciencebehindecommerce.com | Tracks user interactions and conversions for affiliate marketing analysis. | Varies (typically months) | |
| WebTrends Optimize | ots.webtrends-optimize.com | Used for A/B testing and personalization of user experiences on the website. | Session (until browser is closed) |
| _wt.mode-2347263 | Stores user preferences and test variations for A/B testing purposes. | 12 months | |
| _wt.user-2347263 | Identifies unique users for the purposes of tracking and optimizing their experience. | 12 months | |
| JSESSIONID | Maintains an anonymous user session by the server. | Session (until browser is closed) | |
| Adobe Target | mbox | Used for A/B testing and personalised content delivery to improve user experience. | 2 weeks |
| mboxEdgeCluster | Determines the geographical location of the server cluster handling the request for Adobe Target services. | 2 weeks | |
| obseu.herbgreencolumn.com | Used for bot detection and mitigation to ensure traffic is human and valid. | Varies (typically months) | |
| euob.herbgreencolumn.com | Similar to obseu.herbgreencolumn.com, this cookie is used for bot detection and traffic validation. | Varies (typically months) | |
| Auth0 | auth0 | Used to implement the Auth0 session layer. | Session (until browser is closed) |
| auth0_compat | Fallback cookie for single sign-on on browsers that don’t support the sameSite=None attribute. | Session (until browser is closed) | |
| auth0-mf | Used to establish the trust level for a given device. | 7 days | |
| auth0-mf_compat | Fallback cookie for multi-factor authentication on browsers that don’t support the sameSite=None attribute. | 7 days | |
| a0_users:sess | Used for CSRF protection in Classic Login flows. | Session (until browser is closed) | |
| a0_users:sess.sig | Used for CSRF protection in Classic Login flows. | Session (until browser is closed) | |
| did | Device identification for attack protection. | Session (until browser is closed) | |
| did_compat | Fallback cookie for anomaly detection on browsers that don’t support the sameSite=None attribute. | Session (until browser is closed) |
Performance Cookies or analytical Cookies
| Host | Cookie Name | Description | Expiry Duration |
| mybigcommerce.com | _ga | This cookie name is associated with Google Analytics. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners. | 1 year |
| s_cc | This cookie is associated with the Adobe Site Catalyst. It determines whether cookies are enabled in the web browser.) | Session (until browser is closed) | |
| s_ac | This cookie name is associated with Adobe Analytics which is used to identify a user and track their activity where cookies are enabled in the web browser. It handles cookieDomainPeriod and determines the correct domain to set AppMeasurement cookies. | Session (until browser is closed) | |
| s_fid | This cookie name is associated with the analytics service provided by Adobe's Site Catalyst product suite. It is a new cookie introduced in 2013 as a 'fallback' visitor identifier where the s_vi cookie normally used for this purpose is blocked. It contains a randomly generated, unique id. | 1 year | |
| travelmoneyonline.co.uk | s_vi | This domain is owned by First Rate Exchange Services Ltd. which provides the provision of foreign currency and travel money services. | 1 year |
Targeting Cookies
| Host | Cookie Name | Description | Expiry Duration |
| mybigcommerce.com | _fbp | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers | 2 months |
Contact Us
If you have a question about any aspect of this Policy, please call us on 0345 8500 900
Last updated: November 2025