Distinguishes unique users by assigning a randomly generated client ID. Used by both Universal Analytics and GA4 properties.

GA4 session state cookie. Stores the current session ID and engagement state for the property; one is set per GA4 measurement ID.

Used by Universal Analytics to distinguish users over a 24-hour window. Largely deprecated since GA4 but still found on legacy sites.

Throttles the request rate to Google Analytics on high-traffic sites. Often appears as _gat_gtag_<id>.

Used by Google Tag Manager to throttle the request rate to Google Analytics. Set when GTM loads GA on the page.

Google Ads conversion-linker cookie. Stores ad-click information so conversions can be attributed outside Google's domain.

Google Ads click-through cookie set when a visitor lands on the site from a Google search ad. Used for attribution.

Google Ads / DoubleClick click-through cookie set when a visitor arrives from a Display Network ad.

Contains campaign-related information for the user. Linked to GA properties that have Google Ads auto-tagging enabled.

Used by Google DoubleClick to register and report on user actions after viewing or clicking an ad — for measuring effectiveness and serving targeted ads.

Set by doubleclick.net to determine if the user's browser supports cookies before serving ads.

Used by Google DoubleClick to identify a signed-in user across non-Google sites and remember whether they consented to ad personalisation.

Contains a unique ID Google uses to remember preferences (preferred language, ad personalisation) and to show targeted ads on Google services and across the web.

Used by Google to gather website statistics and track conversion rates. Set when Google domains are embedded (YouTube, reCAPTCHA, Maps).

Google account session cookie. On third-party sites (via YouTube, Maps, or reCAPTCHA embeds) it enables Google to identify a signed-in visitor across the web — a tracking-capable identifier that requires consent in EU/UK contexts.

Companion to SID, signed to prevent forgery. On third-party sites surfaced through Google embeds, it contributes to cross-site visitor identification and ad personalisation.

Secure first-party variant of the Google account session cookie. When surfaced on a third-party site through a Google embed, it enables Google to identify the visitor across the web for ad and product personalisation.

Third-party variant of the Google account session cookie. Enables Google to deliver personalised ads across non-Google sites.

Set by Meta Pixel (used by both Facebook and Instagram Ads) to identify browsers for ad delivery, conversion tracking, and remarketing.

Stores the last-click ID (fbclid) from a Facebook or Instagram ad that brought the visitor to the site. Used for ad attribution and conversion tracking.

Set by facebook.com when Meta widgets are embedded (Like button, comments, login). Used to deliver ads, measure ad performance, and personalise ad content across Facebook and Instagram.

Browser identifier set by facebook.com. On third-party sites that embed Meta widgets (Like button, comments, Login) it enables Meta to recognise the browser across sessions — a cross-site tracking signal that requires consent.

Browser identifier used by Meta for account-recovery flows and authentication security. Surfaced on third-party sites through Meta embeds, contributing to cross-site visitor identification.

Stores the Facebook / Instagram user ID of the signed-in visitor. When a third-party page loads a Meta embed, the cookie is sent to Meta — directly identifying the visitor across the web.

Session token authenticating signed-in Facebook / Instagram users. Sent to Meta from any third-party page embedding a Meta widget while the visitor is logged in to Meta.

TikTok Pixel cookie used to track conversions, optimise ad delivery, and build remarketing audiences.

TikTok web identifier used for analytics and ad performance measurement across the TikTok ad network.

Set by TikTok Pixel to confirm whether the visitor's browser will accept TikTok cookies before firing tracking events.

CSRF protection token issued by TikTok. Although strictly necessary for TikTok-side interactions, on a third-party site it appears only when a TikTok video embed loads — making it part of the social-plugin tracking stack.

Internal TikTok request-routing token used to chain related requests across a session. On third-party sites it surfaces through TikTok embeds and contributes to cross-site identification.

Persistent TikTok web visitor ID used for cross-session attribution and ad measurement.

Used by LinkedIn Insight Tag to make a probabilistic match of a visitor's identity outside the designated countries.

LinkedIn browser ID cookie used to identify devices accessing LinkedIn for analytics, ad measurement, and personalisation.

Secure browser ID used for LinkedIn account security. On third-party sites it surfaces through LinkedIn embeds and forms part of LinkedIn's cross-site identity layer used for ad measurement and remarketing.

Used by LinkedIn for ID-syncing of advertising campaigns across user devices.

Stores information about the time a visitor's identity was synchronised with the lms_analytics cookie for LinkedIn analytics.

Used by X (formerly Twitter) to integrate and share features for social media and to personalise content and ads across the X ad network.

Used by X to identify and track website visitors (including non-logged-in users) for embedded content, analytics, and ads.

Set by X to measure and improve the relevance of advertising shown on the X platform and via the X Audience Platform on third-party sites.

Used by Pinterest for tracking purposes and to enable users to share content via the Pinterest social network.

Pinterest uses this cookie to group actions for users who cannot be identified by Pinterest (non-logged-in visitors).

Used by the Pinterest conversion tag to attribute on-site events to Pinterest ad campaigns.

Snapchat Pixel browser identifier used to track conversions and measure the effectiveness of Snapchat ads.

Snapchat authentication / ad-attribution cookie used to associate visitors with Snapchat ad clicks.

Reddit Pixel visitor identifier. Used to measure conversions, build remarketing audiences, and attribute on-site events to Reddit ad clicks.

Criteo's primary retargeting cookie. Stores an encoded bundle that links the visitor to Criteo's ad-bidding profile for personalised display ads.

Used by Criteo to determine the highest-level domain on which it can set cookies. Set briefly during the test, then expires.

Stores a Criteo identifier copied from a related domain to maintain retargeting state across multiple TLDs.

Criteo session identifier used to deduplicate ad impressions and conversion events within a single browsing session.

Microsoft Bing Ads UET (Universal Event Tracking) session cookie. Used for conversion measurement and audience building for Bing/Microsoft Ads campaigns.

Microsoft Bing Ads UET visitor cookie. Persistent ID used for cross-session attribution and remarketing for Microsoft Advertising.

Microsoft user identifier set on bing.com and microsoft.com. Used for user identification, ad personalisation, and analytics across Microsoft properties — including Bing Ads on third-party sites.

Set by bing.com to register a unique ID that identifies a returning user's device for Bing Ads remarketing.

Used by Microsoft Clarity / Bing to validate analytics data and prevent fraudulent UET event submissions.

Used by Microsoft to indicate whether to refresh the MUID cookie. Supports Bing Ads attribution and audience syncing.

Hotjar user ID cookie. Ensures data from subsequent visits to the same site is attributed to the same user.

Hotjar session cookie. Holds current session data so subsequent requests in the session window are attributed correctly.

Identifies a new user's first session and indicates whether or not Hotjar's seeing this user for the first time.

Set so Hotjar can determine whether the visitor is included in the data sampling defined by the site's pageview limit.

Used by Hotjar to detect a visitor's first pageview session and prevent it being counted multiple times.

Persists the Clarity user ID and preferences unique to the site, so visits to the same site are attributed to the same user.

Connects multiple Clarity page views by a user into a single session recording.

Segment-generated anonymous visitor identifier. Used to attribute events from non-logged-in users to a stable ID across sessions before they identify.

Segment user identifier set after a visitor calls analytics.identify(). Used to forward identified events to downstream tools (Mixpanel, Amplitude, etc.).

Stores the Amplitude device and user ID, plus session metadata, so behavioural events can be attributed to a stable user across visits.

Optimizely visitor identifier used to bucket users into A/B test variants and measure experiment exposure consistently across visits.

HubSpot main analytics cookie tracking visitors. Contains domain, utk, initial timestamp, last timestamp, current timestamp, and session number.

HubSpot user token. Identifies a unique visitor and is passed to HubSpot on form submission for contact deduplication.

HubSpot session cookie. Tracks sessions: incremented on each new pageview within 30 minutes.

HubSpot session-restart flag. Set to 1 when HubSpot detects that the visitor has started a new browser session.

Shopify long-term visitor analytics cookie used for tracking returning customers and personalising recommendations.

Shopify session analytics cookie used to track the current visit.

Mailchimp marketing cookie used to identify the visitor and link form submissions to a Mailchimp audience.

Klaviyo identifier cookie. Tracks the visitor across sessions for email campaign attribution and audience syncing.