Cookie Notice
Last updated: 13 May 2026
This page lists the cookies set by HimalHomes and the third-party services we integrate with. It supplements the Privacy Policy.
What is a cookie?
A cookie is a small text file that a website asks your browser to store on your device. We use cookies for two purposes: keeping you signed in (functional cookies) and counting page views (analytics cookies). We don't use advertising or cross-site tracking cookies.
Cookies we set ourselves
| Cookie | Purpose | Type | Lifetime |
|---|---|---|---|
| himalhomes_session | Holds your authenticated session JWT after login. | Functional. HttpOnly, Secure, SameSite=Lax. | 1 hour by default (you can opt into 2 hours or 1 day at login). |
| himalhomes_signedin | Frontend-readable flag that says “you are signed in”. Carries no identity data. | Functional. Secure, SameSite=Lax. | Same as the session cookie. |
| hh_locale | Remembers your language choice (English / Nepali). | Functional. localStorage on most browsers. | Until you clear browser storage. |
| hh_search_mode | Remembers your last-used home-page search tab (Buy / Rent / Stay / Address / Agents). | Functional, localStorage. | Until you clear browser storage. |
| hh_visitor | Pseudonymous visitor identifier used for first-party usage analytics. Not tied to your name or email. | Analytics, localStorage. | Until you clear browser storage. |
| hh_promo_dismissed | Remembers which version of the promo modal you have dismissed so we don't show it again until it changes. | Functional, localStorage. | Until you clear browser storage. |
Third-party cookies
Depending on what the operator has configured, your browser may also receive cookies from:
- Cloudflare — security & performance proxy for himalhomes.com. May set
__cf_bm(bot-management challenge) andcf_clearance(after passing a challenge). See cloudflare.com/cookie-policy. - Google Analytics 4 — only when the operator has wired in a GA measurement ID. Sets
_ga,_ga_*(session container), and a short-lived_gid. Used to count pageviews. You can opt out via the Google Analytics opt-out browser add-on at tools.google.com/dlpage/gaoptout or by enabling Global Privacy Control in your browser. - Stripe — only on pages where a Stripe Element is rendered (the checkout form during a booking). Stripe sets cookies for fraud detection. See stripe.com/cookie-settings.
Managing cookies
You can clear cookies and localStorage from your browser at any time. If you delete the himalhomes_session cookie you will be signed out and will need to log in again. Disabling cookies entirely will break login (the session cookie is required), so we recommend a per-site exception rather than a global disable.
Do Not Track / Global Privacy Control
Our own analytics layer does not honour the Do Not Track signal (the standard is widely deprecated). Google Analytics honours the newer Global Privacy Control header — enable it in your browser and GA will skip data collection on that request.