--- title: Cookies - Web description: List of cookies and local storage items managed by the Contentsquare Tag lastUpdated: 19 February 2026 source_url: html: https://docs.contentsquare.com/en/web/cookies/ md: https://docs.contentsquare.com/en/web/cookies/index.md --- List of cookies and local storage items managed by the Contentsquare Tag. Contentsquare is only using first-party cookies for analytics purposes. Note Tools such as OneTrust may flag a cookie `_cs_nnnnnnnnnnnnn` as coming from Contentsquare, which is incorrect. In this context, `nnnnnnnnnnnnn` refers to an unknown pattern of numbers such as in `1083746253643` or `1111111111111`. Contentsquare is not setting any cookie with a name like `_cs_nnnnnnnnnnnnn` or `_cs_1083746253643`. | Name | Duration | Description | Applies to | | - | - | - | - | | [`_cs_id`](#_cs_id) | 13 months | Stores technical user data | All plans | | [`_cs_s`](#_cs_s) | 30 minutes | Stores session data | All plans | | [`_cs_c`](#_cs_c) | 13 months | Stores user consent on use of session data use within replays (not masked vs. full masked) | All plans | | [`_cs_s_ctx`](#_cs_s_ctx) | 30 minutes | Stores the Session context data | Product Analytics | | [`_cs_i`](#_cs_i) | 3 days | Stores the encryption result of the user identity string | Product Analytics | | [`_cs_cvars`](#_cs_cvars) | Session length | Stores the URL-encoded custom variables from the session | All plans | | [`_cs_ep`](#_cs_ep) | 13 months | Stores the visit-level custom properties as a JSON object | Product Analytics | | [`_cs_ex`](#_cs_ex) | 30 days | When set, the user is excluded from tracking | Enterprise | | [`_cs_optout`](#_cs_optout) | 13 months | When set, the user is opted-out from tracking | All plans | | [`_cs_t`](#_cs_t) | Immediately removed | Checks if the browser supports cookies and sets flags | All plans | | [`_cs_same_site`](#_cs_same_site) | Immediately removed | Checks if the browser supports the `SameSite` flag | All plans | | [`_cs_root-domain`](#_cs_root-domain) | Immediately removed | Stores the URI-encoded main domain name of the site | All plans | | [`_cs_debug`](#_cs_debug) | Session length | Enables/disables specific behavior of the Tag for debugging purposes | All plans | | [`_hjHasCachedUserAttributes`](#_hjhascacheduserattributes) | Session length | Specifies whether the data set in `_hjUserAttributes` local storage item is up to date or not | All plans | | [`_hjUserAttrbutesHash`](#_hjuserattributeshash) | 2 minutes, extended every 30 seconds | Specifies whether any user attribute has changed and needs to be updated | All plans | | [`_hjUserAttributes`](#_hjuserattributes) | No explicit expiration | Local storage item containing user attributes sent through the Identify API | All plans | | [`_hjClosedSurveyInvites`](#_hjclosedsurveyinvites) | 365 days | Ensures the same invite does not reappear if it has already been shown. Set when a user interacts with a Link Survey invitation modal. | All plans | | [`_hjDonePolls`](#_hjdonepolls) | 365 days | Ensures the same Survey does not reappear if it has already been filled in. | All plans | | [`_hjMinimizedPolls`](#_hjminimizedpolls) | 365 days | Ensures that the Survey stays minimized when the user navigates through your site. Set when a user minimizes an on-site Survey. | All plans | | [`_hp2_hld`](#_hp2_hld) | Immediately removed | Used to determine which domain a cookie can be set on (since public suffix domains block setting cookies on the top level) | All plans | | [`_hp5_event_props.ENV_ID`](#_hp5_event_propsenv_id) | 13 months minus a day | Event properties cookie | All plans | | [`_hp5_let.ENV_ID`](#_hp5_letenv_id) | 13 months minus a day | Contains last event timestamp | All plans | | [`_hp5_meta.ENV_ID`](#_hp5_metaenv_id) | 13 months minus a day | Contains all metadata related to user/session | All plans | | [`_cs_mk_aa`](#_cs_mk_aa) | 30 minutes | Ensures Adobe Analytics dimensions and eVars are set only once every 30 minutes | All plans | | [`_cs_mk_ga`](#_cs_mk_ga) | 30 minutes | Ensures Google Analytics dimensions and eVars are set only once every 30 minutes | All plans | | [`_cs_mk_pa`](#_cs_mk_pa) | 30 minutes | Ensures Piano Analytics dimensions and eVars are set only once every 30 minutes | All plans | | [`_cs_rl_*`](#_cs_rl_) | 365 days | For integrations that require replay links to be stored into cookies. | All plans | | [`_cs_tld{nnnnnnnnnnnnn}`](#_cs_tldnnnnnnnnnnnnn) | Immediately removed | Cookies generated for Google Analytics and Adobe Analytics integrations which help determine the main domain on which to create integration cookies | All plans | ## Tag cookies Cookies required by the Contentsquare tag to collect reliable data. ### `_cs_id` #### Description Stores technical user data. Contains the following information separated by dots: * User ID, * User creation timestamp (seconds), * Number of visits, * Last pageview timestamp (seconds), * Last visit timestamp (seconds), * Timestamp of the last time this visitor was drawn, * Cookie expiration date, * Cookie `SameSite` attribute: * `None`: For cross-domain projects, * `Lax`: For projects that are not cross-domains, * `X`: When browsers that do not support the `SameSite` cookie attribute. * Cookie `Secure` attribute value: * `0`: cookie is not secure. Default for projects that are not cross-domain or if the browser doesn't support the `SameSite` cookie attribute, * `1`: cookie is secure, default for cross-domain projects. #### Lifetime 13 months, fixed. The cookie value is updated with every pageview. The cookie is recreated if the visitor can be tracked and no `_cs_id` cookie exists. #### Length Up to 103 characters. #### Example `5c8f99e9-46cc-a2cc-b049-031bfdb3d43b.1661526503.5.1661785703.1661785703.1.1695690503380` ### `_cs_s` #### Description Stores session data. Contains the following data separated by dots: * The number of pages viewed for the current session, * The Session Replay data collection state: * For the legacy Session Replay data collection pipeline: * `1` when not collected, * `3` when collected, * `5` when collected after a specific trigger. * For the main Session Replay data collection pipeline: * `0` when not collected, * `5` when collected. * The Event Triggered Replay (ETR) state: * `0` when ETR sampling is not allowed, * `1` when ETR sampling is allowed. * The cookie expiry timestamp (Epoch time). #### Length Between 16 and 20 characters. The maximum number of characters depend on the number of pages seen during the session. On average, for less than 100 pageviews, this adds between 16 and 17 characters. #### Lifetime 30 minutes, renewed with every user action. #### Example `3.0.0.1661531650281` ### `_cs_c` #### Description Stores user consent on use of session data use within replays (not masked vs. full masked): * `1` (consent not expressed) — visitor session is fully masked. * `2` (consent granted) — visitor session is not fully masked even if the feature is enabled. * `3` (consent withdrawn) — visitor session is fully masked even if the feature is not enabled. * `0` (masking not required) — visitor session is not fully masked. Note The value `0` means that full masking was deactivated in your project configuration. This is applicable for projects having no sensitive data or having masked all their sensitive data. #### Lifetime 13 months, renewed when consent is updated. ### `_cs_s_ctx` #### Description Stores the Session context data. Contains a URL encoded stringified JSON object with the following data: * `firstViewTime`: The timestamp of the first pageview of the session. * `firstViewUrl`: The URL of the first pageview of the session. * `sessionReferrer`: The referrer of the first pageview of the session. #### Length Due to the nature of the data, the length of this cookie can vary significantly and can be problematic if you enforce a cookie size limitation on your servers. The following rules are applied to limit its length: 1. Each URL (`firstViewUrl`, `sessionReferrer`) is truncated to 800 characters. 2. The cookie is automatically compressed when its length exceeds 256 characters. #### Lifetime 30 minutes, renewed with every user action. #### Example Example of URL-decoded data: ```json { "firstViewTime":1753968212429, "firstViewUrl":"https://contentsquare.com/", "sessionReferrer":"https://www.google.com/" } ``` ### `_cs_i` #### Description Stores the result of the encryption of the user identity string when the user is currently associated with an identity string via the [identify](https://docs.contentsquare.com/en/web/command-reference/#identify) command. Stores as well the first 8 characters of the hash of the key used for its encryption and the user id: `_cs_i` = `..` #### Length The total length is 566. In details: 36 (`user_id`) + 1 (separator) + 512 (`identity_string_encryption_result`) + 1 (separator) + 16 (`encryption_key_hash`). #### Lifetime 3 days, renewed when the [identify](https://docs.contentsquare.com/en/web/command-reference/#identify) command is executed. #### Example `7e845c32-0783-a6b4-cc0b-f995f4881782.YgQw555v3uL98tBy9qIjPvaZsPeauaCZzci67hWElRDuvfNqHyNHs6RbUDzIRYnGBWZHPxnw1wOydMzM8EXMjoi+Qn+z2hJPNwBaqoslRFuKSlI6OZljo9LEqzobQy0v4DZgUSy4ezhAKw8Om6FNAsgjNB+XPSG34EsDGWAhtCp2CKLOv2eHc5Secs+5STxATXM5J2dmzEonVyxSKX8pH4bCassn2SzSwyYcxyuhIv9ySgx6KI1ru2eMo5yUUUfsSQXsHf5VrqtX7P9n0M00M4jhA+m3gIuBk4yG4mjMJ7V7YKClbIjLYvvfVaGkPmkjlDmTa6f0vSJXeBXWL28Ikd2JJiwsT28WB8YBxvzNTvgXnzThAPREsipPSeA211RD/FVvgwOYpFfSbcZIjlRS8j6pTFyPxvRH64N1CNp7S7wJ8z6g2efH4w7PiLeulAQbGKthewCeiVfpmLJ9OWE5FHr9ahw8pFxTM3luLxrcDTuTfho0C9Jci+Nwlnk9z3Do.d5ae589256d3ff1c` ### `_cs_cvars` #### Description Includes the URL-encoded custom variables from the session. Used only when using custom vars in scope `visit` or without scope. #### Example This will store custom vars inside `_cs_cvars`: ```javascript window._uxa.push(["setCustomVariable", 5, "cvar_name", "cvar_value", "visit"]); ``` ```javascript window._uxa.push(["setCustomVariable", 5, "cvar_name", "cvar_value"]); ``` This will **not** store custom vars inside `_cs_cvars`: ```javascript window._uxa.push(["setCustomVariable", 5, "cvar_name", "cvar_value", "page"]); ``` #### Lifetime While the session lasts. Created when session-level custom variables are triggered. The value and expiration date are updated with each pageview. #### Length The minimum number of characters is 39. Length depends on how many custom variables are pushed as well as the length of the keys and values passed. ### `_cs_ep` Product Analytics #### Description Stores visit-level custom properties as a URL-encoded JSON object. Custom properties are set through the [`customProperties:visit:add`](https://docs.contentsquare.com/en/web/command-reference/#custompropertiesvisitadd) Tag command and persist across pages for the duration of the cookie. Values are sanitized before storage: * Strings are stored as-is. * Numbers and booleans are converted to strings. * Arrays are joined with `||`. * Objects are dropped. #### Lifetime 13 months, renewed when custom properties are updated. The cookie is removed when the [`customProperties:visit:clear`](https://docs.contentsquare.com/en/web/command-reference/#custompropertiesvisitclear) command is called or when the user opts out. #### Example URL-decoded value: ```json {"plan":"premium","country":"FR"} ``` ### `_cs_ex` Enterprise #### Description Contains the timestamp of the last time this visitor was drawn. Used to exclude visitors from being tracked when: * The Sample Rate defined for the project is below 100%. * The user is not selected to be tracked (generated number for user < Sample Rate). #### Lifetime 30 days, renewed on Tag execution. ### `_cs_optout` #### Description When set, the user is opted-out from tracking. The cookie is set when you implement and execute the `optout` Tag command, for users who [do not consent to data collection](https://docs.contentsquare.com/en/web/send-the-users-decisions-about-data-collection/#users-who-refuse-data-collection). #### Lifetime 13 months, fixed. ### `_cs_t` #### Description Whether the browser supports cookies. If so, the Tag sets the `SameSite` flag to `None` and the `Secure` flag to `Yes`. Always `1`. #### Lifetime Immediately removed. ### `_cs_same_site` #### Description Used to check if the browser supports the `SameSite` flag. The value is always `Test same site`. #### Lifetime Immediately removed. ### `_cs_root-domain` #### Description Stores the URI-encoded main domain name of the site. #### Lifetime Immediately removed. #### Example `https%3A%2F%2Fusps.com` for the domain `usps.com`. ### `_cs_debug` #### Description Enables/disables specific behavior of the Tag for debugging purposes. Danger You can only use this cookie to inspect the uncompressed payload content, not to perform complete end-to-end data collection tests. Requests with uncompressed payloads are filtered out by our Session Replay pipeline. You will **not** be able to replay **any** session collected with the `compressionDisabled` flag on. Supported flags: * `compressionDisabled`: disables payload compression for inspection in the browser. #### Lifetime Session duration. To be created and deleted manually. #### Length N/A #### Example N/A ## Voice of Customer cookies ### `_hjHasCachedUserAttributes` Voice of Customer Specifies whether the data set in `_hjUserAttributes` local storage item is up to date or not. #### Lifetime Session duration. #### Example `true` ### `_hjUserAttributesHash` Voice of Customer Specifies whether any user attribute has changed and needs to be updated. #### Lifetime 2 minutes, extended every 30 seconds. #### Example `5fc3d78656281a4f251d087894032eaa` ### `_hjUserAttributes` Voice of Customer Local storage item containing user attributes sent through the Identify API. #### Lifetime No explicit expiration. #### Example `eyJhdHRyaWJ1dGVzIjp7InRlc3QiOiJ0ZXN0In0sInVzZXJJZCI6bnVsbH0` ### `_hjClosedSurveyInvites` Voice of Customer A list of Survey IDs, URL encoded. Ensures the same invite does not reappear if it has already been shown. Set when a user interacts with a Link Survey invitation modal. #### Lifetime 365 days. #### Example `840982%2C841051%2C733219%2C155923%2C853559%2C859932%2C866639%2C898685%2C896429%2C899130%2C921824%2C951201%2C788909` ### `_hjDonePolls` Voice of Customer A list of Survey IDs, URL encoded. Ensures the same Survey does not reappear if it has already been filled in. #### Lifetime 365 days. #### Example `840982%2C841051%2C733219%2C155923%2C853559%2C859932%2C866639%2C898685%2C896429%2C899130%2C921824%2C951201%2C788909` ### `_hjMinimizedPolls` Voice of Customer A list of Survey IDs, URL encoded. Ensures that the Survey stays minimized when the user navigates through your site. Set when a user minimizes an on-site Survey. #### Lifetime 365 days. #### Example `840982%2C841051%2C733219%2C155923%2C853559%2C859932%2C866639%2C898685%2C896429%2C899130%2C921824%2C951201%2C788909` ## Product Analytics cookies ### `_hp2_hld` Product Analytics #### Description Used to determine the highest-level domain a cookie can be set on (since public suffix domains block setting cookies on the top level). #### Lifetime Immediately removed. ### `_hp5_event_props.ENV_ID` Product Analytics #### Description Event properties cookie. #### Lifetime 13 months minus a day. ### `_hp5_let.ENV_ID` Product Analytics #### Description Contains last event timestamp. #### Lifetime 13 months minus a day. #### Example ```txt 1736522139241 ``` ### `_hp5_meta.ENV_ID` Product Analytics #### Description Contains all metadata related to user/session. #### Lifetime 13 months minus a day. #### Example ```json { "setPath": {}, "userId": "6491850061908711", "sessionId": "6327163630185553", "lastEventTime": 1717426613532, "sessionProperties": { "time": 1717426613532, "referrer": "", "id": "6327163630185553", "search_keyword": "", "utm": { "source": "", "medium": "", "term": "", "content": "", "campaign": "" }, "initial_pageview_info": { "time": 1717426613532, "id": "8208811256027992", "title": "Landing page", "url": { "domain": "user.host.io", "path": "/pa-cs/page1.html", "query": "", "hash": "" }, "source_properties": { "screen_height": 874, "screen_width": 621 }, "properties": {} } } } ``` ## Integration cookies Cookies used when third-party integrations are enabled. ### `_cs_mk_aa` #### Description Ensures Adobe dimensions and eVars are set only once every 30 minutes. Stores the value of the `csMatchingKey` which is a random number plus timestamp in milliseconds. #### Lifetime 30 minutes. #### Example `0.004432816788423777_1593783518901` ### `_cs_mk_ga` #### Description Ensures Google dimensions and eVars are set only once every 30 minutes. Stores the value of the `csMatchingKey` which is a random number plus timestamp in milliseconds. #### Lifetime 30 minutes. #### Example `0.004432816788423777_1593783518901` ### `_cs_mk_pa` #### Description Ensures Piano dimensions and eVars are set only once every 30 minutes. Stores the value of the `csMatchingKey` which is a random number plus timestamp in milliseconds. #### Lifetime 30 minutes. #### Example `0.004432816788423777_1593783518901` ### `_cs_rl_*` #### Description For integrations that require replay links to be stored into cookies. #### Lifetime 1 year. Updates on every pageview. #### Example `https://app.contentsquare.com/quick-playback/index.html?pid=2887&uu=022d47a4-ef01-a959-f9df-be7b104e2762&sn=5&pvid=1` ### `_cs_tld{nnnnnnnnnnnnn}` #### Description Cookies generated for Google Analytics and Adobe Analytics integrations which help determine the main domain on which to create integration cookies. `{nnnnnnnnnnnnn}` is the timestamp. #### Lifetime Immediately removed. #### Example `_cs_tld1670937307564`