These are used to track website visitors and their user behaviour. This data is then used to improve the way the website works and in turn, used to improve user experience.
| Cookie name | Description | Retention period | Third-party |
|---|---|---|---|
| .AspNetCore.Antiforgery. | Anti-forgery cookie is a security mechanism to defend against cross-site request forgery (CSRF) attacks. | Session | No |
| AMP_TOKEN | Contains a token code that is used to read out a Client ID from the AMP Client ID Service. By matching this ID with that of Google Analytics, users can be matched when switching between AMP content and non-AMP content. | 1 year | No |
| ASP.NET_Sessio | General purpose platform session cookie, used by sites written with Microsoft .NET based technologies. Usually used to maintain an anonymised user session by the server. | Session | No |
| ASP.NET_Sessio_Fallback | Fallback session cookie to support older browsers that haven't implemented the Secure flag, in modern evergreen browsers this cookie is never set as it haven't got the Secure flag. | Session | No |
| CLID | The cookie is set by embedded Microsoft Clarity scripts. The purpose of this cookie is for heatmap and session recording. | 1 year | No |
| FPAU | Assigns a specific ID to the visitor. This allows the website to determine the number of specific user-visits for analysis and statistics. | Session | No |
| FPID | Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator. | 1 year | No |
| FPLC | This FPLC cookie is the cross-domain linker cookie hashed from the FPID cookie. It’s not HttpOnly, which means it can be read with JavaScript. It has a relatively short lifetime, just 20 hours. | 20 hours | No |
| MicrosoftApplicationsTelemetryDeviceId | Used to store a unique device ID for tracking behavior and usage of the website | 1 year | No |
| SM | This is a Microsoft cookie used to measure the use of the website for internal analytics | Session | No |
| __RequestVerificationToken | This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery. | Session | No |
| __utma | ID used to identify users and sessions | 2 years | No |
| __utmb | Used to distinguish new sessions and visits. This cookie is set when the GA.js javascript library is loaded and there is no existing __utmb cookie. The cookie is updated every time data is sent to the Google Analytics server. | 30 minutes | No |
| __utmc | Used only with old Urchin versions of Google Analytics and not with GA.js. Was used to distinguish between new sessions and visits at the end of a session. | Session | No |
| __utmt | Used to monitor number of Google Analytics server requests | 10 minutes | No |
| __utmv | Contains custom information set by the web developer through the _setCustomVar method in Google Analytics. This cookie is updated each time new data is sent to the Google Analytics server. | 2 years | Unknown |
| __utmx | Used to determine whether a user is included in an A / B or Multivariate test. | 18 months | No |
| __utmxx | Used to determine when the A / B or Multivariate test in which the user participates ends | 18 months | No |
| __utmz | Contains information about the traffic source or campaign that directed user to the website. The cookie is set when the GA.js javascript is loaded and updated when data is sent to the Google Anaytics server | 6 months | No |
| _clck | This cookie is installed by Microsoft Clarity to store information of how visitors use a website and help in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form. | 1 year | No |
| _clsk | This cookie is installed by Microsoft Clarity to store information of how visitors use a website and help in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form. | 24 hours | No |
| _dc_gtm_ | Used to monitor number of Google Analytics server requests | 1 minute | No |
| _ga | ID used to identify users | 1 year | Unknown |
| _ga_* | Used to identify and track an individual user session | 2 years | No |
| _gac_ | Contains information related to marketing campaigns of the user. These are shared with Google AdWords / Google Ads when the Google Ads and Google Analytics accounts are linked together. | 90 days | No |
| _gat | Used to monitor number of Google Analytics server requests when using Google Tag Manager | 58 seconds | No |
| _gat_* | Used to set and get tracking data | 1 hour | No |
| _gid | ID used to identify users for 24 hours | 24 hours | No |