I recently started logging complete headers as part of a fraud prevention scheme I'm working on. I noticed that some browsers (roughly 5%) are presenting cookies that my site has never set. Here's an example:
Cookie: __utma=154678586.1280061223.1357677819.1357677819.1357758130.2; __utmb=1546785220.127.116.117758130; __utmz=154678586.1357677819.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=chat%20bot.com; __utmc=154678586; <...more cookies that my site did actually set follow>
These appear to be Google Analytics cookies, yet I have never used GA on this site, nor have I used any tracking software which sets cookies (the site is 100% original code)
I haven't yet fully analysed the data but so far the most common user-agent to do this seems to be:
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11
(I presume this is a Google Chrome browser on a Mac, including the Safari name for compatibility reasons?)
Anyone know why it is setting these cookies?