Hotjar sets 6 cookies on websites that load its scripts. Below is the full list with purpose, expiry, and whether each one needs GDPR / ePrivacy consent.
_hjSessionUser_<id>AnalyticsExpires: 1 yearHotjar user ID cookie. Ensures data from subsequent visits to the same site is attributed to the same user.
_hjSession_<id>AnalyticsExpires: 30 minutesHotjar session cookie. Holds current session data so subsequent requests in the session window are attributed correctly.
_hjFirstSeenAnalyticsExpires: 30 minutesIdentifies a new user's first session and indicates whether or not Hotjar's seeing this user for the first time.
_hjIncludedInPageviewSampleAnalyticsExpires: 30 minutesSet so Hotjar can determine whether the visitor is included in the data sampling defined by the site's pageview limit.
_hjAbsoluteSessionInProgressAnalyticsExpires: 30 minutesUsed by Hotjar to detect a visitor's first pageview session and prevent it being counted multiple times.
_hjOptedOutFunctionalExpires: 1 yearRecords that the visitor has opted out of Hotjar tracking via the provider's universal opt-out endpoint. While set, Hotjar will not record new sessions, recordings, or surveys for the browser. Functional rather than analytics: it exists specifically to suppress tracking, not to enable it.
CookieSentry scans your site, identifies every Hotjar cookie set before consent, and gives you an evidence-grade PDF for your DPO.
Run a free scan →