What cookies are involved when using the tool?

Below, you will find a list of the different cookies involved when using the Ducky Challenge.

Name of each Cookie/Tracking Technology Cookie Categorisation Description of Cookie First Party or Third Party Cookie Data and personal data we collect through the Cookie, if any. Retention Period/Expiry date for Cookie?
__hs_opt_out Necessary This cookie is used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again.
This cookie is set when you give visitors the choice to opt out of cookies.
Third Party It contains the string "yes" or "no"
It expires in 6 months.
__hs_do_not_track

Necessary This cookie can be set to prevent the tracking code from sending any information to GAPs HubSpot CRM Third Party It contains the string "yes".
It expires in 6 months.
__hs_initial_opt_in

Necessary This cookie is used to prevent the banner from always displaying when visitors are browsing in strict mode. Third Party It contains the string "yes" or "no".
It expires in seven days.
__hs_cookie_cat_pref

Necessary This cookie is used to record the categories a visitor consented to. Third Party It contains data on the consented categories.
It expires in 6 months.
hs_ab_test

Necessary This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before. Third Party It contains the id of the A/B test page and the id of the variation that was chosen for the visitor.
It expires at the end of the session
<id>_key

Necessary When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again. Third Party The cookie name is unique for each password-protected page.
It contains an encrypted version of the password so future visits to the page will not require the password again.
It expires in 14 days.
hs-messages-is-open Necessary This cookie is used to determine and save whether the chat widget is open for future visits.
It is set in your visitor's browser when they start a new chat, and resets to re-close the widget after 30 minutes of inactivity.
If your visitor manually closes the chat widget, it will prevent the widget from re-opening on subsequent page loads in that browser session for 30 minutes.
Third Party It contains a boolean value of True if present.
It expires in 30 minutes.
hs-messages-hide-welcome-message

Necessary This cookie is used to prevent the chat widget welcome message from appearing again for one day after it is dismissed. Third Party It contains a boolean value of True or False.
It expires in one day.
__hsmem Necessary This cookie is set when visitors log in to a HubSpot-hosted site. Third Party It contains encrypted data that identifies the membership user when they are currently logged in.
It expires in one year.
hs-membership-csrf Necessary This cookie is used to ensure that content membership logins cannot be forged. Third Party It contains a random string of letters and numbers used to verify that a membership login is authentic.
It expires at the end of the session.
hs_langswitcher_choice

Necessary This cookie is used to save a visitor’s selected language choice when viewing pages in multiple languages.
It is set when a visitor selects a language from the language switcher and is used as a language preference to redirect them to sites in their chosen language in the future if they are available.
.
Third Party It contains a colon delimited string with the ISO639 language code choice on the left and the top level private domain it applies to on the right. An example will be "EN-US:hubspot.com".
It expires in two years
__cf_bm

Necessary This cookie is set by HubSpot's CDN (Cloudflare) provider and is a necessary cookie for bot protection. For More information on cloudflare cookies navigate here hhttps://developers.cloudflare.com/fundamentals/get-started/reference/cloudflare-cookies/ Third Party  
It expires in 30 minutes.
__cfruid Necessary This cookie is set by HubSpot’s CDN provider because of their rate limiting policies. Third Party  
It expires at the end of the session.
__hstc

Analytics The main cookie for tracking visitors. Third Party It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
It expires in 6 months.
hubspotutk

Analytics This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts. Third Party It contains an opaque GUID to represent the current visitor.
It expires in 6 months.
__hssc

Analytics This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. Third Party It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
It expires in 30 minutes.
__hssrc

Analytics Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.
If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
Third Party It contains the value "1" when present.
It expires at the end of the session.
messagesUtk Functional This cookie is used to recognize visitors who chat with you via the chatflows tool. If the visitor leaves your site before they're added as a contact, they will have this cookie associated with their browser.
With the Consent to collect chat cookies setting turned on:
If you chat with a visitor who later returns to your site in the same cookied browser, the chatflows tool will load their conversation history.
The messagesUtk cookie will be treated as a necessary cookie.
When the Consent to collect chat cookies setting is turned off, the messagesUtk cookie is controlled by the Consent to process setting in your chatflow.
HubSpot will not drop the messagesUtk cookie for visitors who have been identified through the Visitor Identification API. The analytics cookie banner will not be impacted.
This cookie will be specific to a subdomain and will not carry over to other subdomains. For example, the cookie dropped for info.example.com will not apply to the visitor when they visit www.example.com, and vice versa.
Third Party It contains an opaque GUID to represent the current chat user.
It expires after 6 month
_pk_id Necessary Used to store a few details about the user such as the unique visitor ID First Party  
It expires after 13 months
_pk_ref Functional Used to store the attribution information, the referrer initially used to visit the website First Party  
It expires after 6 months
_pk_ses, _pk_cvar, _pk_hsr
Functional Short lived cookies used to temporarily store data for the visit First Party  
It expires in 30 minutes
_pk_testcookie Functional Used to check whether the visitor’s browser supports cookies First Party   Directly deleted
mtm_consent, or mtm_consent_removed

Analytics

Are created with an expiry date of 30 years to remember that consent was given (or removed) by the user. It is possible to define a shorter expiry period for your user consent by calling: _paq.push([‘rememberConsentGiven’, optionallyExpireConsentInHours]) First Party  
Are created with an expiry date of 30 years
mtm_cookie_consent

Analytics

Is created with an expiry date of 30 years to remember that consent for storing and using cookies was given by the user. It is possible to define a shorter expiry period for your user cookie consent by calling: _paq.push(['rememberCookieConsentGiven', optionallyExpireConsentInHours]);. First Party  
Is created with an expiry date of 30 years
matomo_ignore

Analytics

This cookie does not contain personal information or any ID and the cookie value is the same for all visitors First Party  
Is created with an expiry date of 30 years
matomo_sessid Functional To provide fraud prevention First Party  
It expires in 14 days
_hjSessionUser_* (eg _hjSessionUser_2031087) Analytics Cookie used by hotjar to store a unique user id, website heatmaps and behaviour analytics First Party userid 1 year
_hjAbsoluteSessionInProgress Analytics Used to detect the first pageview session of a user First Party Boolean true/false data type 30 minutes
_hjFirstSeen Analytics Identifies a new user’s first session, Used by Recording filters to identify new user sessions First Party Boolean true/false data type Session
_hjSession_{siteid} Analytics Holds current session data, ensure subsequent requests in the session window are attributed to the same session First Party JSON data type 30 minutes
_fbp Analytics Facebook, store and track visits across websites First Party   3 months
_gid Analytics Google Analytics, Used to distinguish users Third party   24 hours
_ga Analytics Google Analytics, Used to distinguish users First Party   2 years
gcl_au Analytics Google Analytics, Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out First Party   90 days
__Secure-3PSIDCC
Marketing For delivering relevant google ads Third Party   1 year
__Secure-1PSIDCC
Necessary Required to use website options and services Third Party   1 year
__Secure-3PAPISID
Marketing For delivering relevant google ads Third Party   2 years
__Secure-1PAPISID
Marketing For delivering relevant google ads Third Party   2 years
__Secure-3PSIDCC
Marketing For delivering relevant google ads Third Party   2 years
__Secure-1PSIDCC
Necessary Required to use website options and services Third Party   2 years
AEC Security Ensure requests from within browsing session are made by the user, not by other sites (prevent malicious sites from acting on behalf of a user) Third Party   6 months
APISID Marketing SSID, APISID and SAPISID cookies enable Google to collect user preferences and information Third Party   2 years
HSID Security ‘SID’ and ‘HSID’ contain digitally signed and encrypted records of a user’s Google Account ID and most recent sign-in time. The combination of these cookies allows Google to block many types of attack, such as attempts to steal the content of forms submitted in Google services. Third Party   2 years
NID Functional Used to remember user preferences and other information such as preferred language Third Party   6 months
SAPISID Marketing These cookies are used by Google to display personalized advertisements on Google sites Third Party   2 years
SID Security ‘SID’ and ‘HSID’ contain digitally signed and encrypted records of a user’s Google Account ID and most recent sign-in time. The combination of these cookies allows Google to block many types of attack, such as attempts to steal the content of forms submitted in Google services. Third Party   2 years
SIDCC Security Protects user data from unauthorized access Third Party   1 year
SSID

Marketing

Google Ads Optimization Third Party   2 years
1P_JAR Marketing Google Ad delivery or retargeting Third Party   1 month