Analytics Tools

Cookies set in a visitor's browser by HubSpot

Last updated: February 6, 2020

HubSpot's tracking code sets a number of tracking cookies when a visitor lands on your website. These cookies fall into two general categories: 
  • Essential/necessary cookies: essential cookies which do not require consent. 
  • Consent banner cookies: non-essential cookies controlled by the consent banner.

Essential/necessary cookies

__hs_opt_out
This cookie is used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again. This cookie is set when you give visitors the choice to opt out of cookies.
(Expires: 13 months)

__hs_do_not_track
This cookie can be set to prevent the tracking code from sending any information to HubSpot. Setting this cookie is different from opting out of cookies, as it still allows anonymized information to be sent to HubSpot.
(Expires: 13 months)

hs_ab_test
This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before.
(Expires: end of session)

<id>_key
When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again. The cookie name is unique for each password-protected page.
(Expires: 14 days)

hs-messages-is-open
This cookie is used to determine and save whether the chat widget is open for future visits. It is set in your visitor's browser when they start a new chat, and resets to re-close the widget after 30 minutes of inactivity.
(Expires: 30 minutes) 

hs-messages-hide-welcome-message
This cookie is used to prevent the chat widget welcome message from appearing again for one day after it is dismissed.
(Expires: 1 day) 

__hsmem
This cookie is set when visitors log in to a HubSpot-hosted site.
(Expires: 1 year) 

hs-membership-csrf
This cookie is used to ensure that content membership logins cannot be forged.
(Expires: end of session)

hs_langswitcher_choice
This cookie is used to save the visitor’s selected language choice when viewing pages in multiple languages.
(Expires: 2 years)

__cfduid
This cookie is set by HubSpot’s CDN provider, Cloudflare. It helps Cloudflare detect malicious visitors to your website and minimizes blocking legitimate users. It may be placed on your visitors' devices to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It is necessary for supporting Cloudflare's security features. Learn more about this cookie from Cloudflare.
(Expires: session cookie that lasts a maximum of 30 days)

__cfruid
This cookie is set by HubSpot’s CDN provider because of their rate limiting policies.
(Expires: end of session)

Consent banner cookies 

__hstc
The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
(Expires: 13 months) 

hubspotutk
This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
(Expires: 13 months

__hssc
This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. 
(Expires: 30 min) 

__hssrc
Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
(Expires: end of session) 

If you are logged in to HubSpot, HubSpot will set additional authentication cookies. Learn more about cookies set in the HubSpot product. You can also see whether a contact accepted these cookies in their timeline.

Chatflow cookie

messagesUtk
This cookie is used to recognize visitors who chat with you via the chatflows tool. If the visitor leaves your site before they're added as a contact, they will have this cookie associated with their browser. If you chat with a visitor who later returns to your site in the same cookied browser, the chatflows tool will load their conversation history. The cookie is controlled by the Consent to collect chat cookies setting in your chatflow. If this setting is disabled, the cookie is controlled by the Consent to process setting in your chatflow.
(Expires: 13 months)

Chatflow cookie consent text

With the Consent to collect chat cookies setting enabled, HubSpot will prompt visitors for consent to drop a cookie in their browser when they open a chat on your website. This cookie is used to interact with website visitors and provide a visitor's chat history. If a visitor does not give consent, they will not be able to start the chat. With this setting disabled, a visitor can start a chat and give consent to process their information via the Consent to process setting. 

Visitors can also accept or decline cookies on the HubSpot cookie banner if it is enabled on your pages. 

  • If a visitor accepts the cookie when they start a chat, but then clicks Decline on the HubSpot cookie banner the cookie will be removed. 
  • If a visitor clicks Decline on the HubSpot cookie banner before starting a chat, HubSpot will not drop a cookie or prompt them to consent to cookies in the chat widget. 

Ads tracking 

If you have the Facebook pixel code installed on your website, Facebook may set a cookie in your visitor's browser.

If you use the HubSpot ads tool to select and install your Facebook pixel on pages with the HubSpot tracking code, HubSpot will link the placing of that pixel code to the cookie notification banner. If you require opt-in consent via this banner, the Facebook pixel will not be able to set any cookies until the visitor has have opted in. 

If you have manually placed the pixel code on pages (e.g., by editing your site header HTML), HubSpot will not be able to control which visitors Facebook is able to set cookies on.

For additional information, refer to Facebook's business tools terms and Facebook's cookie consent guide

Cookies from third-party systems 

HubSpot cannot control cookies placed by third-party scripts on your website. When a visitor accepts cookies via the HubSpot consent banner, they consent to HubSpot's cookies only. However, you can put code in place to know when a user has accepted or declined HubSpot cookie tracking, then send that information to your third-party system. Learn more about using HubSpot's consent banner for third-party scripts

Other information

Learn about removing the cookies created by the HubSpot tracking code that are included in the consent banner under GDPR. When a visitor's cookies are removed, the visitor will be considered "new" and will see the cookie policy banner the next time they visit your site.

Visitors who visited your website before your cookie policy banner was set up will already have the cookies created by the HubSpot tracking code in their browser. They will, therefore, not see the cookie policy banner until their cookies are removed or expired.

/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser?__hstc=156353892.048d88fb260891c69739288ff3a92ae4.1551854682590.1551874287988.1551933371674.4&__hssc=156353892.32.1551933371674&__hsfp=3495681087