Cookiesentry

Cookie checkerFeaturesPricingBlogContact
Home/Cookies Guide/Essential cookies
Back to all cookies
EssentialNo consent required

Essential cookies

Essential cookies are the small pieces of storage a site genuinely needs to deliver a service the visitor explicitly asked for, such as maintaining a logged-in session, storing cart contents, or preventing payment and security flows from breaking.

Cookies in this hub

14

Provider families

8

Default consent view

No consent required

Legal position

Under Article 5(3) of the ePrivacy Directive, strictly necessary cookies can be set without prior consent. The exemption is narrow: the cookie must be required to provide the requested service, not merely useful for the operator.

Your job is to prove necessity, document the purpose, and ensure these cookies are not mixed with analytics or marketing logic in the same script bundle.

Banner copy tip: Describe the service the cookie supports, such as checkout, login, or fraud prevention, instead of vague wording like platform optimisation.

Common failures

  • Marking analytics or A/B testing cookies as essential just because they help the business.
  • Bundling marketing tags into a global theme or app script that also contains necessary checkout logic.
  • Failing to list essential cookies in the cookie policy because they do not need consent.

Audit checklist

  • Map each essential cookie to a concrete user-requested feature such as login, cart, checkout, or bot protection.
  • Verify the site still works if non-essential scripts are blocked before consent.
  • Document expiry, purpose, and provider in the cookie policy even though consent is not required.
  • Review checkout apps, anti-fraud tools, and CDN services so they do not set unrelated tracking cookies.

Providers commonly found here

Cloudflare (3)WooCommerce (3)Shopify (2)Stripe (2)PayPal (1)PHP / Magento / Drupal (1)PrestaShop (1)WordPress (1)

Need platform-specific implementation advice? Review the matching hub for Shopify, WordPress, WooCommerce, PrestaShop.

Essential cookies reference list

__cf_bmEssentialNo consent required

Cloudflare bot-management cookie. Distinguishes bots from human visitors and is necessary for site security and Bot Management.

Expires: 30 minutes
Cloudflare, Inc.
Cloudflare
__cfruidEssentialNo consent required

Cloudflare rate-limiting cookie. Used to identify trusted web traffic and protect origin servers from abuse.

Expires: Session
Cloudflare, Inc.
Cloudflare
cf_clearanceEssentialNo consent required

Set after a visitor passes a Cloudflare challenge (CAPTCHA, JavaScript challenge, Managed Challenge). Required for site access.

Expires: 30 minutes to 1 year (configurable)
Cloudflare, Inc.
Cloudflare
__stripe_midEssentialNo consent required

Stripe machine-identifier cookie used for fraud prevention on payment forms.

Expires: 1 year
Stripe Payments Europe Ltd.
Stripe
__stripe_sidEssentialNo consent required

Stripe session-identifier cookie used for fraud prevention on payment forms.

Expires: 30 minutes
Stripe Payments Europe Ltd.
Stripe
ts_cEssentialNo consent required

PayPal fraud-prevention and security cookie used during checkout.

Expires: 3 years
PayPal (Europe) S.à r.l. et Cie, S.C.A.
PayPal
cartEssentialNo consent required

Shopify shopping-cart identifier used to associate cart contents with the visitor's browser.

Expires: 2 weeks
Shopify International Ltd.
Shopify
_secure_session_idEssentialNo consent required

Shopify secure session cookie used for checkout and authenticated areas of the storefront.

Expires: 24 hours
Shopify International Ltd.
Shopify
woocommerce_cart_hashEssentialNo consent required

WooCommerce cart-hash cookie. Indicates when the cart contents change so the front-end can reload cart fragments.

Expires: Session
Automattic, Inc.
WooCommerce
woocommerce_items_in_cartEssentialNo consent required

WooCommerce cart-items counter. Tracks the number of items currently in the cart.

Expires: Session
Automattic, Inc.
WooCommerce
wp_woocommerce_session_<hash>EssentialNo consent required

WooCommerce session cookie. Holds a unique code for the customer so cart and order data can be retrieved from the database.

Expires: 2 days
Automattic, Inc.
WooCommerce
wordpress_logged_in_<hash>EssentialNo consent required

Set when a user logs in to WordPress. Used by the WordPress interface to keep the user signed in.

Expires: Session or 14 days (with Remember Me)
WordPress Foundation
WordPress
PrestaShop-<hash>EssentialNo consent required

PrestaShop session cookie. Stores cart, user, and language state for the storefront.

Expires: 20 days
PrestaShop SA
PrestaShop
PHPSESSIDEssentialNo consent required

PHP session-identifier cookie. Used by PHP-based platforms (Magento, Drupal, custom apps) to maintain user session state.

Expires: Session
Site operator
PHP / Magento / Drupal

Want evidence of where these cookies load?

Run a CookieSentry scan to see which essential cookies appear on your live pages before consent, and export a report your privacy team can act on.

Run a free scan →
Cookiesentry
About usFAQContactBlogCookies GuidePrivacyTermsEU Hosting

No cookies. No tracking. Analytics by EU-hosted Umami.

© 2025 CookieSentry. All rights reserved. Made with care for your privacy.