Below, you will find a list of the different cookies involved when using the Ducky Challenge.
| Name of each Cookie/Tracking Technology | Cookie Categorisation | Description of Cookie | First Party or Third Party Cookie | Data and personal data we collect through the Cookie, if any. | Retention Period/Expiry date for Cookie? |
| __hs_opt_out | Necessary | This cookie is used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again. This cookie is set when you give visitors the choice to opt out of cookies. |
Third Party | It contains the string "yes" or "no" |
It expires in 6 months.
|
| __hs_do_not_track |
Necessary | This cookie can be set to prevent the tracking code from sending any information to GAPs HubSpot CRM | Third Party | It contains the string "yes". |
It expires in 6 months.
|
| __hs_initial_opt_in |
Necessary | This cookie is used to prevent the banner from always displaying when visitors are browsing in strict mode. | Third Party | It contains the string "yes" or "no". |
It expires in seven days.
|
| __hs_cookie_cat_pref |
Necessary | This cookie is used to record the categories a visitor consented to. | Third Party | It contains data on the consented categories. |
It expires in 6 months.
|
| hs_ab_test |
Necessary | This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before. | Third Party | It contains the id of the A/B test page and the id of the variation that was chosen for the visitor. |
It expires at the end of the session
|
| <id>_key |
Necessary | When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again. | Third Party | The cookie name is unique for each password-protected page. It contains an encrypted version of the password so future visits to the page will not require the password again. |
It expires in 14 days.
|
| hs-messages-is-open | Necessary | This cookie is used to determine and save whether the chat widget is open for future visits. It is set in your visitor's browser when they start a new chat, and resets to re-close the widget after 30 minutes of inactivity. If your visitor manually closes the chat widget, it will prevent the widget from re-opening on subsequent page loads in that browser session for 30 minutes. |
Third Party | It contains a boolean value of True if present. |
It expires in 30 minutes.
|
| hs-messages-hide-welcome-message |
Necessary | This cookie is used to prevent the chat widget welcome message from appearing again for one day after it is dismissed. | Third Party | It contains a boolean value of True or False. |
It expires in one day.
|
| __hsmem | Necessary | This cookie is set when visitors log in to a HubSpot-hosted site. | Third Party | It contains encrypted data that identifies the membership user when they are currently logged in. |
It expires in one year.
|
| hs-membership-csrf | Necessary | This cookie is used to ensure that content membership logins cannot be forged. | Third Party | It contains a random string of letters and numbers used to verify that a membership login is authentic. |
It expires at the end of the session.
|
| hs_langswitcher_choice |
Necessary | This cookie is used to save a visitor’s selected language choice when viewing pages in multiple languages. It is set when a visitor selects a language from the language switcher and is used as a language preference to redirect them to sites in their chosen language in the future if they are available. . |
Third Party | It contains a colon delimited string with the ISO639 language code choice on the left and the top level private domain it applies to on the right. An example will be "EN-US:hubspot.com". |
It expires in two years
|
| __cf_bm |
Necessary | This cookie is set by HubSpot's CDN (Cloudflare) provider and is a necessary cookie for bot protection. For More information on cloudflare cookies navigate here hhttps://developers.cloudflare.com/fundamentals/get-started/reference/cloudflare-cookies/ | Third Party |
It expires in 30 minutes.
|
|
| __cfruid | Necessary | This cookie is set by HubSpot’s CDN provider because of their rate limiting policies. | Third Party |
It expires at the end of the session.
|
|
| __hstc |
Analytics | The main cookie for tracking visitors. | Third Party | It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). |
It expires in 6 months.
|
| hubspotutk |
Analytics | This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts. | Third Party | It contains an opaque GUID to represent the current visitor. |
It expires in 6 months.
|
| __hssc |
Analytics | This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. | Third Party | It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. |
It expires in 30 minutes.
|
| __hssrc |
Analytics | Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. |
Third Party | It contains the value "1" when present. |
It expires at the end of the session.
|
| messagesUtk | Functional | This cookie is used to recognize visitors who chat with you via the chatflows tool. If the visitor leaves your site before they're added as a contact, they will have this cookie associated with their browser. With the Consent to collect chat cookies setting turned on: If you chat with a visitor who later returns to your site in the same cookied browser, the chatflows tool will load their conversation history. The messagesUtk cookie will be treated as a necessary cookie. When the Consent to collect chat cookies setting is turned off, the messagesUtk cookie is controlled by the Consent to process setting in your chatflow. HubSpot will not drop the messagesUtk cookie for visitors who have been identified through the Visitor Identification API. The analytics cookie banner will not be impacted. This cookie will be specific to a subdomain and will not carry over to other subdomains. For example, the cookie dropped for info.example.com will not apply to the visitor when they visit www.example.com, and vice versa. |
Third Party | It contains an opaque GUID to represent the current chat user. |
It expires after 6 month
|
| _pk_id | Necessary | Used to store a few details about the user such as the unique visitor ID | First Party |
It expires after 13 months
|
|
| _pk_ref | Functional | Used to store the attribution information, the referrer initially used to visit the website | First Party |
It expires after 6 months
|
|
|
_pk_ses, _pk_cvar, _pk_hsr
|
Functional | Short lived cookies used to temporarily store data for the visit | First Party |
It expires in 30 minutes
|
|
| _pk_testcookie | Functional | Used to check whether the visitor’s browser supports cookies | First Party | Directly deleted | |
|
mtm_consent, or mtm_consent_removed
|
Analytics | Are created with an expiry date of 30 years to remember that consent was given (or removed) by the user. It is possible to define a shorter expiry period for your user consent by calling: _paq.push([‘rememberConsentGiven’, optionallyExpireConsentInHours]) | First Party |
Are created with an expiry date of 30 years
|
|
|
mtm_cookie_consent
|
Analytics | Is created with an expiry date of 30 years to remember that consent for storing and using cookies was given by the user. It is possible to define a shorter expiry period for your user cookie consent by calling: _paq.push(['rememberCookieConsentGiven', optionallyExpireConsentInHours]);. | First Party |
Is created with an expiry date of 30 years
|
|
| matomo_ignore | Analytics | This cookie does not contain personal information or any ID and the cookie value is the same for all visitors | First Party |
Is created with an expiry date of 30 years
|
|
| matomo_sessid | Functional | To provide fraud prevention | First Party |
It expires in 14 days
|
|
| _hjSessionUser_* (eg _hjSessionUser_2031087) | Analytics | Cookie used by hotjar to store a unique user id, website heatmaps and behaviour analytics | First Party | userid | 1 year |
| _hjAbsoluteSessionInProgress | Analytics | Used to detect the first pageview session of a user | First Party | Boolean true/false data type | 30 minutes |
| _hjFirstSeen | Analytics | Identifies a new user’s first session, Used by Recording filters to identify new user sessions | First Party | Boolean true/false data type | Session |
| _hjSession_{siteid} | Analytics | Holds current session data, ensure subsequent requests in the session window are attributed to the same session | First Party | JSON data type | 30 minutes |
| _fbp | Analytics | Facebook, store and track visits across websites | First Party | 3 months | |
| _gid | Analytics | Google Analytics, Used to distinguish users | Third party | 24 hours | |
| _ga | Analytics | Google Analytics, Used to distinguish users | First Party | 2 years | |
| gcl_au | Analytics | Google Analytics, Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out | First Party | 90 days | |
|
__Secure-3PSIDCC
|
Marketing | For delivering relevant google ads | Third Party | 1 year | |
|
__Secure-1PSIDCC
|
Necessary | Required to use website options and services | Third Party | 1 year | |
|
__Secure-3PAPISID
|
Marketing | For delivering relevant google ads | Third Party | 2 years | |
|
__Secure-1PAPISID
|
Marketing | For delivering relevant google ads | Third Party | 2 years | |
|
__Secure-3PSIDCC
|
Marketing | For delivering relevant google ads | Third Party | 2 years | |
|
__Secure-1PSIDCC
|
Necessary | Required to use website options and services | Third Party | 2 years | |
| AEC | Security | Ensure requests from within browsing session are made by the user, not by other sites (prevent malicious sites from acting on behalf of a user) | Third Party | 6 months | |
| APISID | Marketing | HSID, SSID, APISID and SAPISID cookies enable Google to collect user preferences and information | Third Party | 2 years | |
| HSID | Security | ‘SID’ and ‘HSID’ contain digitally signed and encrypted records of a user’s Google Account ID and most recent sign-in time. The combination of these cookies allows Google to block many types of attack, such as attempts to steal the content of forms submitted in Google services. | Third Party | 2 years | |
| NID | Functional | Used to remember user preferences and other information such as preferred language | Third Party | 6 months | |
| SAPISID | Marketing | These cookies are used by Google to display personalized advertisements on Google sites | Third Party | 2 years | |
| SID | Security | ‘SID’ and ‘HSID’ contain digitally signed and encrypted records of a user’s Google Account ID and most recent sign-in time. The combination of these cookies allows Google to block many types of attack, such as attempts to steal the content of forms submitted in Google services. | Third Party | 2 years | |
| SIDCC | Security | Protects user data from unauthorized access | Third Party | 1 year | |
| SSID | Marketing | Google Ads Optimization | Third Party | 2 years | |
| 1P_JAR | Marketing | Google Ad delivery or retargeting | Third Party | 1 month |