At a glance
| Provider | NextAuth.js |
|---|---|
| Category | Strictly necessary |
| Consent required? | No |
| Typical domain | Varies (first-party) |
Do you need consent for __Host-next-auth.csrf-token?
No. __Host-next-auth.csrf-token is a strictly necessary cookie, exempt from consent under Article 5(3) of the ePrivacy Directive and Law 506/2004. You may use it without the visitor's prior agreement.
This is general guidance, not legal advice — always verify with a lawyer.
How FewCookies handles this cookie
FewCookies recognises __Host-next-auth.csrf-token from our database of 1,300+ known cookies and classifies it automatically as "Strictly necessary". The free check tells you whether this cookie is detected on your site and whether your banner handles it correctly — an instant, surface-level check, no account needed.
Frequently asked questions
Do you need consent for the __Host-next-auth.csrf-token cookie?
No. __Host-next-auth.csrf-token is a strictly necessary cookie, exempt from consent under Article 5(3) of the ePrivacy Directive and Law 506/2004. You may use it without the visitor's prior agreement.
What does the __Host-next-auth.csrf-token cookie do?
Host-bound CSRF token used by NextAuth.js.
Who sets the __Host-next-auth.csrf-token cookie?
The __Host-next-auth.csrf-token cookie is associated with NextAuth.js and is classified as strictly necessary.