Magento Open Source 2.2.x
Cookie Reference

The default Magento cookies are classified as Exempt / Non-Exempt to help merchants meet GDPR requirements. Merchants should use this information as a guide, and consult with legal advisors to update their Privacy and Cookie Policies as part of a comprehensive GDPR compliance strategy.

Magento 2.x Default Cookies

The following cookies are used by Magento Commerce “out of the box” for on-premise and cloud installations. These cookies are required by functionality that is explicitly requested by the customer. To learn about the lifetime of session cookies, see: Customer Session Lifetime.

  • Requested Functionality Cookies (Exempt)

    Cookie Name

    guest-view

     

    Stores the Order ID that guest shoppers use to retrieve their order status.

    loginThe process of signing into an online account._redirectA method used to alert browsers and search engines that a page has been moved.
    
    301 Redirect: Permanent change
    
    302 Redirect: Temporary change

     

    Preserves the destination page the customer was navigating to before being directed to log in.

    mage-messages

     

    Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages, The message is deleted from the cookie after it is shown to the shopper.

    mage-translation-storage

     

    Stores translated content when requested by the shopper.

    product_data_storage

     

    Stores configuration for product data related to Recently Viewed / Compared Products.

    recently_compared_product

     

    Stores product IDs of recently compared products.

    recently_compared_product_previous

     

    Stores product IDs of previously compared products for easy navigation.

    recently_viewed_product

     

    Stores product IDs of recently viewed products for easy navigation.

    recently_viewed_product_previous

     

    Stores product IDs of recently previously viewed products for easy navigation.

    stf

     

    Records the time messages are sent by the SendFriend (Email a Friend) module.

    X-Magento_Vary

     

    Configuration setting that improves performance when using Varnish static content caching.

  • Persistent Customization Session Cookies (Exempt)

    Cookie Name

    amz_auth_err

     

    (Used by Amazon Pay) Value “1’ indicates an authorization error.

    amz_auth_logout

     

    (Used by Amazon Pay) Value “1” indicates that the user should be logged out.

    form_key

     

    A security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery (CSRF).

    mage-cache-sessid

     

    The value of this cookie triggers the cleanup of local cache storage. When the cookie is removed by the backend application, the Admin cleans up local storage, and sets the cookie value to “true.”

    mage-cache-storage

     

    Local storage of visitor-specific content that enables ecommerce functions.

    mage-cache-storage-section-invalidation

     

    Forces local storage of specific content sections that should be invalidated.

    persistent_shopping_cart

     

    Stores the key (ID) of persistent cart to make it possible to restore the cart for an anonymous shopper.

    private_content_version

     

    Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server.

    section_data_ids

     

    Stores customer-specific information related to shopper-initiated actions such as display wish list, checkout information, etc.

    store

     

    Tracks the specific store view / locale selected by the shopper.

Google Analytics Cookies

The following cookies are used when Google Analytics is fully enabled for your Magento installation. To disable these cookies for GDPR compliance, see: Google Analytics Settings for GDPR. To learn more, see: Google Analytics Cookie Usage on Websites.

Google Analytics Cookies (Non-Exempt)

  • JavaScriptA scripting language used with HTML to produce dynamic effects and interactions on web pages. Library: ga.js

    Cookie Name

    __utma

     

    Distinguishes shoppers and sessions .This cookie is created when the JavaScript library executes and there is no existing __utma cookie. The cookie is updated every time data is sent to Google Analytics.

    __utmt

     

    Used to throttle request rate.

    __utmb

     

    Determines new sessions/visits. This cookie is created when the JavaScript library executes and there is no existing __utmb cookie. The cookie is updated every time data is sent to Google Analytics.

    _utmz

     

    Saves the traffic source or campaign that explains how the shopper reached your site. The cookie is created when the JavaScript library executes, and is updated every time data is sent to Google Analytics.

    __utmv

     

    Stores visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor-level custom variable. This cookie is updated every time data is sent to Google Analytics.