Magento Commerce, 2.3.x

Cookie Reference

The default Magento cookies are classified as Exempt / Non-Exempt to help merchants meet GDPR requirements. Merchants should use this information as a guide, and consult with legal advisors to update their Privacy and Cookie Policies as part of a comprehensive GDPR compliance strategy.

Magento 2.x Default Cookies

The following cookies are used by Magento Commerce “out of the box” for on-premise and cloud installations. These cookies may be required by functionality that is explicitly requested by the customer. To learn about the lifetime of session cookies, see: Customer Session Lifetime.

Some of these cookies may provide configuration options, including enable/disable, as needed.

Requested Functionality Cookies (Exempt)

add_to_cart

Used by Google Tag Manager. Captures the product SKUStock Keeping Unit: A number or code assigned to a product to identify the product, options, price, and manufacturer., name, price and quantity removed from the cart, and makes the information available for future integration by third-party scripts.

guest-view

Stores the Order ID that guest shoppers use to retrieve their order status. Guest orders view. Used in "Orders and Returns" widgets.

  • Is Secure? No
  • HTTP Only: Yes
  • Expiration Policy: Session
  • Module: Magento_Sales

login_redirect

Preserves the destination page the customer was navigating to before being directed to log in. Used in mini cart for logged in customers if Stores > Settings > Configuration > Sales > Checkout > Shopping Cart Sidebar > Display Shopping Cart Sidebar is set to "Yes".

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Session
  • Module: Magento_Customer

mage-banners-cache-storage

Stores bannerPromotional graphics displayed either horizontally on the top of a web page or vertically on the left or right margins. Website advertisements are often displayed as banners. content locally to improve performance.

mage-messages

Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages. The message is deleted from the cookie after it is shown to the shopper.

There is not an option to disable this cookie.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Duration 1 year. Cleared on frontend when the message is displayed to the user.
  • Module: Magento_Theme

mage-translation-storage(local storage)

Stores translated content when requested by the shopper. Used when Translation Strategy is configured as "Dictionary (Translation on Storefront side)".

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage rules
  • Module: Magento_Translation

mage-translation-file-version (local storage)

Tracks the version of translations in local storage. Used when Translation Strategy is configured as "Dictionary (Translation on Storefront side)".

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage rules
  • Module: Magento_Translation

product_data_storage (local storage)

Stores configuration for product data related to Recently Viewed / Compared Products.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage rules
  • Module: Magento_Catalog

recently_compared_product (local storage)

Stores product IDs of recently compared products.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage rules
  • Module: Magento_Catalog

recently_compared_product_previous (local storage)

Stores product IDs of previously compared products for easy navigationThe primary group of web page links that a customer uses to navigate around the website; the navigation links to the most important categories or pages on an online store..

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage rules
  • Module: Magento_Catalog

recently_viewed_product (local storage)

Stores product IDs of recently viewed products for easy navigation.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage rules
  • Module: Magento_Catalog

recently_viewed_product_previous (local storage)

Stores product IDs of recently previously viewed products for easy navigation.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage rules
  • Module: Magento_Catalog

remove_from_cart

Used by Google Tag Manager. Captures the product SKU, name, price and quantity added to the cart, and makes the information available for future integration by third-party scripts.

stf

Records the time messages are sent by the SendFriend (Email a Friend) module.

  • Is Secure? Yes
  • HTTP Only: Yes
  • Expiration Policy: Session
  • Module: Magento_SendFriend

X-Magento-Vary

Configuration setting that improves performance when using Varnish static contentContent that does not change frequently. See also dynamic content. caching.

  • Is Secure? Yes
  • HTTP Only: Yes
  • Expiration Policy: Based on PHP setting session.cookie_lifetime
  • Module: Magento_PageCache

 

Persistent Customization Session Cookies (Exempt)

amz_auth_err

Used if "Enable Login with Amazon" is enabled. Value “1’ indicates an authorizationTo give a service permission to perform certain actions or to access resources. error.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: 1 year
  • Module: Amazon Pay

amz_auth_logout

Used if "Enable Login with Amazon" is enabled. Value “1” indicates that the user should be logged out.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: 86400s (24h)
  • Module: Amazon Pay

form_key

A security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery (CSRF).

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy:
    • PHP: Based on PHP setting session.cookie_lifetime
    • JS: Session
  • Module: Page Cache

mage-cache-sessid

The value of this cookie triggers the cleanup of local cache storage. When the cookie is removed by the backend application, the AdminThe password-protected back office of your store where orders, catalog, content, and configurations are managed. cleans up local storage, and sets the cookie value to “true.”

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Session
  • Module: Magento_Customer

mage-cache-storage

Local storage of visitor-specific content that enables ecommerce functions.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Session
  • Module: Magento_Customer, Magento_Persistent

mage-cache-storage (local storage)

Local storage of visitor-specific content that enables ecommerce functions.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Session
  • Module: Magento_Customer, Magento_Persistent, Magento_NegotiableQuote

mage-cache-storage-section-invalidation (local storage)

Forces local storage of specific content sections that should be invalidated.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage
  • Module: Magento_Customer

persistent_shopping_cart

Stores the key (ID) of persistent cart to make it possible to restore the cart for an anonymous shopper.

  • Is Secure? Yes
  • HTTP Only: Yes
  • Expiration Policy: Based on configuration Persistent Shopping Cart > General Options > Persistence Lifetime (seconds)
  • Module: Magento_Persistent

private_content_version

Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server.

It is set in multiple places: in PHP, in JavaScriptA scripting language used with HTML to produce dynamic effects and interactions on web pages. as a cookie, and in JavaScript to local storage.

For the HTTP Only Yes (based on request) means that the cookie Secure if set during HTTPS request, and unsecure if set during HTTP request.

  • Is Secure? Yes (based on request), No
  • HTTP Only:
    • PHP: 1 year / 315360000s (10yr)

    • JS: 1 day

    • JS local storage: Per local storage rules (forever)

  • Expiration Policy: Based on configuration Persistent Shopping Cart > General Options > Persistence Lifetime (seconds)
  • Module: Magento_PageCache, Magento_Customer

section_data_ids

Stores customer-specific information related to shopper-initiated actions such as display wish list, checkout information, etc.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Session
  • Module: Magento_Customer

store

Tracks the specific store view / localeA set of configurations that defines the user’s language, country, tax rate, and other settings. selected by the shopper.

  • Is Secure? No
  • HTTP Only: Yes
  • Expiration Policy: 1 year
  • Module: Magento_Store

mage-banners-cache-storage (local storage)

Local storage for Banner functionality.

  • Is Secure? No
  • HTTP Only: No
  • Expiration Policy: Per local storage rules
  • Module: Magento_Banner

Google Analytics Cookies

The following cookies are used when Google Universal Analytics is fully enabled for your Magento installation. To disable these cookies for GDPR compliance, see: Google Settings for GDPR. To learn more, see: Google Analytics Cookie Usage on Websites.

Google Universal Analytics Cookies (Non-Exempt)

JavaScript Libraries: gtag.js and analytics.js: