Reports

What cookies does HubSpot set in a visitor's browser?

Last updated: May 23, 2018

Available For:

Marketing: Free, Starter, Basic, Pro, Enterprise
Sales: Free, Starter, Professional
Service: N/A
HubSpot's tracking code sets the following cookies when someone visits your site. These cookies fall into two general categories: 
  • Essential/necessary cookies: these cookies do not require consent. 
  • Consent banner cookies: there are cookies included in the consent banner under GDPR.

Specific cookie names and descriptions are listed below, as well as tracking information for the ads tool and cookies from third-party systems: 

Essential/necessary cookies

__hs_opt_out
This cookie is used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again. This cookie is set when you give visitors the choice to opt out of cookies.
(Expires: 2 years)

__hs_do_not_track
This cookie can be set to prevent the tracking code from sending any information to HubSpot. Setting this cookie is different from opting out of cookies, which still allows anonymized information to be sent to HubSpot.
(Expires: 2 years)

__hs_testcookie
This cookie is used to test whether the visitor has support for cookies enabled.
(Expires: Session cookie)

hs_ab_test
This cookie is used to consistently serve visitors the same version of an A/B test page that they’ve seen before.
(Expires: Session cookie)

hs_lang_switcher_choice
This cookie is used to consistently redirect visitors to the language version of a page in the language they’ve selected on this top-level private domain in the past (if such a language version exists).

<id>_key
When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login. The cookie name is unique for each password-protected page.   

hs-messages-is-open (TTL 30 minutes)
This cookie is used on the visitor UI side so HubSpot can determine/save whether the chat widget is open for future visits. It resets after 30 minutes to re-close the widget after 30 minutes of inactivity

hs-messages-hide-welcome-message (TTL 1 day)  

When you dismiss the welcome message in your messages tool, a cookie is set to prevent it from appearing again for one day.

Consent banner cookies 

__hstc
The main cookie for tracking visitors. It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
(Expires: 2 years) 

hubspotutk
This cookie is used for to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts.
(Expires: 10 years

__hssc
This cookie keeps track of sessions. This is used to determine if we should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. 
(Expires: 30 min) 

__hssrc
Whenever HubSpot changes the session cookie, this cookie is also set. We set it to 1 and use it to determine if the visitor has restarted their browser. If this cookie does not exist when we manage cookies, we assume it is a new session.
(Expires: None. Session cookie) 

messagesUtk
This cookie is used to recognize visitors who chat with you via the messages tool. If the visitor leaves your site before they're added as a contact, they will have this cookie associated with their browser. If you have a history of chatting with a visitor and they return to your site later in the same cookied browser, the messages tool will load your conversation history with that visitor. 

If you are logged in to HubSpot, HubSpot will set additional authentication cookies. You can see a complete list of cookies set by HubSpot's app here

Ads tracking 

If you have the Facebook pixel code installed on your website, Facebook may place a cookie on your site visitors.

If you use the HubSpot ads tool to select and install your Facebook pixel on pages with the HubSpot tracking code, HubSpot will link the placing of that pixel code to the cookie notification banner. If you require opt-in consent via this banner, the Facebook pixel will not be able to set any cookies on a visitor until they have opted in. 

If you have manually placed the pixel code on pages (for example, by editing your site header code), HubSpot will not be able to control which visitors Facebook is able to set cookies on.

For additional information, check out Facebook's business tools terms and Facebook's cookie consent guide

How are cookies from third-party systems handled? 

HubSpot isn’t able to control the cookies placed by other scripts included on your website. However, you can choose to use the cookie consent banner to know when a visitor has given consent to place cookies in their browser. For additional information on using the banner to know when to include third-party scripts, check out this documentation

Learn more about removing the cookies created by the HubSpot tracking code that are included in the consent banner under GDPR here. This would include the cookies related to tracking the visitor. When cookies are removed, the visitor will see the cookie consent banner the next time they load the page, as they would be considered a new visitor.

 

Was this article helpful?