The default Magento cookies are classified as Exempt / Non-Exempt to help merchants meet GDPR requirements. Merchants should use this information as a guide, and consult with legal advisors to update their Privacy and Cookie Policies as part of a comprehensive GDPR compliance strategy.
Magento 2.x Default Cookies
The following cookies are used by Magento Commerce “out of the box” for on-premise and cloud installations. These cookies are required by functionality that is explicitly requested by the customer. To learn about the lifetime of session cookies, see: Customer Session Lifetime.
Requested Functionality Cookies (Exempt)
Stores the Order ID that guest shoppers use to retrieve their order status.
loginThe process of signing into an online account._redirectA method used to alert browsers and search engines that a page has been moved. 301 Redirect: Permanent change 302 Redirect: Temporary change
Preserves the destination page the customer was navigating to before being directed to log in.
Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages, The message is deleted from the cookie after it is shown to the shopper.
Stores translated content when requested by the shopper.
Stores configuration for product data related to Recently Viewed / Compared Products.
Stores product IDs of recently compared products.
Stores product IDs of previously compared products for easy navigation.
Stores product IDs of recently viewed products for easy navigation.
Stores product IDs of recently previously viewed products for easy navigation.
Records the time messages are sent by the SendFriend (Email a Friend) module.
Configuration setting that improves performance when using Varnish static content caching.
Persistent Customization Session Cookies (Exempt)
(Used by Amazon Pay) Value “1’ indicates an authorization error.
(Used by Amazon Pay) Value “1” indicates that the user should be logged out.
A security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery (CSRF).
The value of this cookie triggers the cleanup of local cache storage. When the cookie is removed by the backend application, the Admin cleans up local storage, and sets the cookie value to “true.”
Local storage of visitor-specific content that enables ecommerce functions.
Forces local storage of specific content sections that should be invalidated.
Stores the key (ID) of persistent cart to make it possible to restore the cart for an anonymous shopper.
Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server.
Stores customer-specific information related to shopper-initiated actions such as display wish list, checkout information, etc.
Tracks the specific store view / locale selected by the shopper.
Google Analytics Cookies
The following cookies are used when Google Analytics is fully enabled for your Magento installation. To disable these cookies for GDPR compliance, see: Google Analytics Settings for GDPR. To learn more, see: Google Analytics Cookie Usage on Websites.
Google Analytics Cookies (Non-Exempt)
__utmacookie. The cookie is updated every time data is sent to Google Analytics.
Used to throttle request rate.
__utmbcookie. The cookie is updated every time data is sent to Google Analytics.
Stores visitor-level custom variable data. This cookie is created when a developer uses the
_setCustomVarmethod with a visitor-level custom variable. This cookie is updated every time data is sent to Google Analytics.
A quick rating takes only 3 clicks. Add a comment to help us improve Magento even more.