Magento Commerce 2.1.x
Cookie Reference

The default Magento cookies are classified as Exempt / Non-Exempt to help merchants meet GDPR requirements. Merchants should use this information as a guide, and consult with legal advisors to update their Privacy and Cookie Policies as part of a comprehensive GDPR compliance strategy.

Magento 2.x Default Cookies

The following cookies are used by Magento Commerce “out of the box” for on-premise and cloud installations. These cookies are required by functionality that is explicitly requested by the customer. To learn about the lifetime of session cookies, see: Online Session Length.

  • Requested Functionality Cookies (Exempt)

    Cookie Name



    (Used by Google Tag Manager) Captures the product SKU, name, price and quantity removed from the cart, and makes the information available for future integration by third-party scripts,



    Stores the Order ID that guest shoppers use to retrieve their order status.

    loginThe process of signing into an online account._redirectA method used to alert browsers and search engines that a page has been moved.
    301 Redirect: Permanent change
    302 Redirect: Temporary change


    Preserves the destination page the customer was navigating to before being directed to log in.



    Stores banner content locally to improve performance.



    Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages, The message is deleted from the cookie after it is shown to the shopper.



    Stores translated content when requested by the shopper.



    Stores configuration for product data related to Recently Viewed / Compared Products.



    Stores product IDs of recently compared products.



    Stores product IDs of previously compared products for easy navigation.



    Stores product IDs of recently viewed products for easy navigation.



    Stores product IDs of recently previously viewed products for easy navigation.



    (Used by Google Tag Manager) Captures the product SKU, name, price and quantity added to the cart, and makes the information available for future integration by third-party scripts.



    Records the time messages are sent by the SendFriend (Email a Friend) module.



    Configuration setting that improves performance when using Varnish static content caching.

  • Persistent Customization Session Cookies (Exempt)

    Cookie Name



    (Used by Amazon Pay) Value “1’ indicates an authorization error.



    (Used by Amazon Pay) Value “1” indicates that the user should be logged out.



    A security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery (CSRF).



    The value of this cookie triggers the cleanup of local cache storage. When the cookie is removed by the backend application, the Admin cleans up local storage, and sets the cookie value to “true.”



    Local storage of visitor-specific content that enables ecommerce functions.



    Forces local storage of specific content sections that should be invalidated.



    Stores the key (ID) of persistent cart to make it possible to restore the cart for an anonymous shopper.



    Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server.



    Stores customer-specific information related to shopper-initiated actions such as display wish list, checkout information, etc.



    Tracks the specific store view / locale selected by the shopper.

Google Analytics Cookies

The following cookies are used when Google Universal Analytics is fully enabled for your Magento installation. To disable these cookies for GDPR compliance, see: Google Analytics Settings for GDPR. To learn more, see: Google Analytics Cookie Usage on Websites.

Google Universal Analytics Cookies (Non-Exempt)

  • JavaScriptA scripting language used with HTML to produce dynamic effects and interactions on web pages. Libraries: gtag.js and analytics.js

    Cookie Name



    Distinguishes visitors to your site.



    Distinguishes visitors to your site.



    Used to throttle request rate.



    Throttles request rate when Google Analytics is deployed with Google Tag Manager,



    Contains a token that can be used to retrieve a Clilent ID from AMP Client ID service. Other possible values include opt-out, inflight request or an error retrieving a Client ID from  AMP Client ID service.



    Contains campaign-related information for the user.  Google AdWords conversion tags read this cookie if Google Analytics is linked to your AdWords account.