Cookies Reference
Overview
The Convert tracking script uses first-party cookies set on your domain. No third-party cookies are used. All cookies are prefixed with _conv_ for easy identification.
Cookie Inventory
| Cookie | Purpose | Lifetime | Contains PII? |
|---|---|---|---|
_conv_v | Visitor identity and state | 6 months | No |
_conv_s | Session detection | 20 minutes | No |
_conv_r | Referral source attribution | 6 months | No |
_conv_sptest | Split URL test redirect | 15 seconds | No |
_conv_prevent_tracking | Opt-out flag | Read-only | No |
Cookie Details
_conv_v — Visitor Cookie
_conv_v — Visitor CookieThe main cookie that identifies the visitor and stores their experimentation state.
What it stores:
- A randomly generated visitor ID (not tied to any personal information)
- Session counters (total sessions, pages viewed)
- First visit timestamp
- Traffic source and medium (e.g., "organic", "referral", "direct")
- UTM campaign data (from URL parameters)
- New/returning visitor flag
- Which experiences the visitor is bucketed into and which variations they see
- Which goals have been triggered (to prevent duplicate counting)
- Custom segment memberships
Lifetime: 6 months from last update
_conv_s — Session Cookie
_conv_s — Session CookieTracks the current session. When this cookie expires (after 20 minutes of inactivity), the next page load starts a new session.
What it stores:
- A session identifier hash
- Page count for the current session
Lifetime: 20 minutes (rolling — resets on each page load)
_conv_r — Referral Cookie
_conv_r — Referral CookiePreserves the original traffic source so that returning visitors retain their attribution.
What it stores:
- The referring URL and domain from the visitor's first arrival
Lifetime: 6 months
_conv_sptest — Split Test Cookie
_conv_sptest — Split Test CookieA very short-lived cookie used during split URL test redirects. It stores the bucketing decision so that the visitor is counted correctly after the redirect completes.
What it stores:
- The experience ID and variation ID for the redirect
Lifetime: 15 seconds (deleted after the redirect completes and tracking fires)
_conv_prevent_tracking — Opt-Out Cookie
_conv_prevent_tracking — Opt-Out CookieA read-only cookie that, when present, disables all tracking. This is used for opt-out mechanisms.
Cookie Attributes
All Convert cookies are set with:
- Domain: Your website's domain (first-party)
- Path:
/(entire site) - SameSite:
Lax - Secure: Only on HTTPS sites (can be forced via API)
Consent Behaviour
When cookies are blocked (either by a consent management platform or by the browser):
- The script detects that cookies cannot be written
- It behaves as if
consentRequiredwas called — no tracking events are sent - Experiences may still display (depending on configuration)
- The split test cookie (
_conv_sptest) is always written regardless of consent state, because it is strictly functional (prevents redirect loops)
When consent is given via the consentGiven API call:
- All queued tracking events are sent
- Cookies are written to the browser
- The script re-runs to establish proper visitor state
Compliance Notes
- No PII: Convert cookies contain no names, emails, IP addresses, or other personally identifiable information. The visitor ID is a random hash.
- First-party only: Cookies are set on your domain, not on a Convert domain.
- GDPR classification: Convert cookies are used for A/B testing functionality. Depending on your interpretation, they may be classified as "functional" or "analytics" cookies. Consult your legal team for your specific compliance requirements.
- Whitelisting: If you use a cookie management platform, whitelist all cookies matching the regex
/^_conv_/ias essential or strictly necessary. See the Whitelist Convert Cookies recipe for platform-specific instructions.
Updated about 1 month ago