Store information about user preferences, user location, and other details
Protect users’ data from unauthorized access
Maintain certain websites’ functionality
Serve personalize ads to users and make advertising more effective via re-marketing
Collect Google Analytics data and other tracking data.
Cookies are stored on a user’s hard disk and can be enabled or disabled via web browser settings.
In general, a browser can accept a maximum of 300 cookies, and the maximum size of each cookie could be 4096 bytes.
The different browser has a different limit set for cookie storage.
So as of now, the maximum size per cookie limit is as below based on the browser type.
Google Chrome – 4096 bytes
Internet Explorer – 5117 bytes
Firefox – 4097 bytes
Microsoft Edge – 4097 bytes
Typically, the following configuration is allowed
300 cookies in total
4096 bytes per cookie
20 cookies per domain
81920 bytes per domain
Cookies are nothing but a piece of code saved by the websites onto the user’s web browsers when a session is initiated.
As mentioned above, they have many uses, but the most important ones are session management, user personalization, and tracking.
Cookies are not programs; they do not perform any function.
For example, if a user visits a website, that website’s cookie is dropped on the user’s browser.
When the users visit the website again after a few days, the website will know that it was the same user.
With the EU cookie policy in place, every website owner must now seek the user’s consent before dropping any cookies in their browser.
According to GDPR, users have all the rights to opt-in or opt-out of the cookies, and they also have the right to opt-out of specific cookies as well (for example, opting out of marketing cookies).
Note: You cannot determine the exact number of users who have cookies enabled/disabled.
These cookies are issued by the website being visited, and only the website which issued the first-party cookies can read them.
The data collected by these cookies is used mainly for calculating sessions, pageviews, bounce rate and other metrics.
As an example of the first-party cookie, when a user signs into an ecommerce website, the web browser will send a request in a process that provides the highest level of trust that the user is directly interacting with the main website.
The website drops a cookie into the user’s browser under the same domain name.
#2 Third-Party Cookies
These cookies are issued by the website(s) other than the website being visited. For example, say you have visited an online shopping website and spent
some time on the product purchase page and did not make a purchase. Later, you would receive emails about a price drop for the same product that you looked at. These are shown to the user by remarking pixels placed on the page.
Cookies With and Without Expiration Date
Cookies (both first and third-party cookies) can be set with or without an expiration date.
The cookies set without an expiration date are known as temporary cookies. Such cookies expire when you end the web session or close the browser window.
The cookies set with an expiration date are known as persistent cookies.
Such cookies expire only on the expiration date and can remain on your computer even when you have ended the web session or closed your browser window.
Apart from this, you also have secure cookies. Only an HTTPS website can set these cookies.
It is mostly ecommerce websites with checkout pages that redirect to payment gateways with secure cookies to make transactions safe and secure. Banking websites also use secure cookies.
Note: All Google Analytics cookies are persistent except the _utmc cookie, which is temporary.
Cookies Set By Google
Google sets different types of cookies for different purposes.
Following are the type of cookies set by Google on a user’s hard disk:
Preference cookie (PREF) is used to store users’ preferences (like preferred language or any type of customization).
Security cookies (like ‘SID’ and ‘HSID’) are used to protect users’ data from unauthorized access.
Advertising cookies (like ‘id’) used to serve personalized ads to users and to make advertising more effective
Analytics cookies (like _utma, _utmb, _ga, etc.) are used to collect Google Analytics data.
Introduction to Google Analytics 4 Cookies
Google Analytics 4 sets cookies to:
Identify unique users
Identify unique sessions
Throttle the request rate
Store information about users’ sessions and campaigns.
Google Analytics 4 mainly sets first-party cookies.
But it can also set third-party cookies (DoubleClick cookies) if a website uses GA4 display advertiser features, such as re-marketing.
Cookies and JavaScript Libraries
Google Analytics uses cookies based on the JavaScript library being used.
Google Analytics has got four types of JavaScript libraries for tracking website usage data:
Google Analytics Cookies are created as soon as you visit a website on which a valid Google Analytics tracking code is installed and fired.
Since all cookies are browser-specific, Google Analytics will set a different set of cookies if you return to a website via another web browser.
If a GA cookie already exists, it is updated to collect users’ data. So if you try to create a cookie that already exists, it will be overwritten.
Note: Google Analytics does not store and does not allow any personally identifiable information in its cookies.
Cookies used by Google Analytics 4
The Google Analytics JavaScript library sets the following first-party cookies:
#1 _ga cookie – used to identify unique users and expires after two years.
#2 _gat cookie – used to throttle the request rate, and it expires after one minute. If Google Analytics is set up using GTM, this cookie is set as _dc_gtm_<property-id>.
#3 _gid – used to identify the user and expires in 24 hours
These cookies are set on the top-level domain so that users can be automatically tracked across subdomains without any extra configuration.
For example, in the case of the following domains:
www.abc.com
music.abc.com
asian.music.abc.com
The highest domain level is abc.com.
So the top-level domain is abc.com
The second highest domain levels are: www.abc.com and music.abc.com
The third highest domain level is asian.music.abc.com
Note: Ideally, ‘.com’ should be the highest domain level. But Google Analytics can not set up a cookie at ‘.com’ level.
Creating gtag.js Cookies
To create gtag.js cookies, you need to create a tracking object using the ‘config’ command.
Syntax: gtag(‘config’, ‘GA_TRACKING_ID’);
Note: Google Analytics 4 can also collect data even without any cookies through the GA4 measurement protocol.
Viewing Google Analytics Cookies
The Google Analytics cookies are set as soon as a user loads your web page in his browser (provided the web page contains valid Google Analytics tracking code and it fires on page load).
To view the analytics.js cookies, follow the steps below:
Step-1: Click on the 3 dots at the left corner of your Chrome browser and then click on settings.
Step-2: Scroll Down and click on ‘Cookies and other site data‘ in Privacy and Security.
Step-3: Scroll Down and Click on “See all cookies and site data”.
Step-4: Look for your website domain and click on it.
Step5: Click on “_ga” and in content, you will find your Google Analytics 4 cookie.
_ga cookie is made up of the following four fields:
The first field is the version number like GA1.
The second field is the number of components at the domain separated by a dot.
By default, the _ga cookie is set on the top-level domain with the root level (/) path.
So if you have set a cookie at the top-level domain like optimizesmart.com then the second field would have a value of 2 as there are 2 components separated by a dot.
One component is ‘optimizesmart’ and the second component is ‘com’.
If you have set up a cookie at the sub-domain level, like analytics.optimizesmart.com, then the second field would have a value of 3 as there are now three components separated by a dot.
The first component is ‘analytics’.
The second component is ‘optimizesmart’.
The third component is ‘com’
The third field is a random unique ID (randomly generated number). Here 908899769 is the random unique id.
The fourth field is the first timestamp, i.e. the time when the cookie was first set for the user. Here 1600020018 is the first timestamp.
The third and fourth fields together make the client ID. So the client ID would be 908899769.160020018.
Get weekly practical tips on GA4 and/or BigQuery to accurately track and read your analytics data.
The client ID is stored in the Google Analytics cookie.
The GA cookie is set when a person visits your website for the first time. Google Analytics sends the client ID with each hit to associate hits with a user.
A GA cookie can exist only on the device and browser where it has been set.
Since the client ID is stored in a GA cookie, the client ID will also exist only on the device and browser where it has been set.
Because of this reason, by default, GA can’t identify unique users across different web browsers and devices.
Also, note that cookies are site-specific. The default Google Analytics implementation will track the subdomain user’s activity.
If a user travels between the site and the subdomain, they will still maintain the same cookie.
However, cross-domain tracking is different; cookies will not be shared unless you have set up cross-domain tracking correctly on your website.
If you want to retrieve the client ID from _ga cookie, then use the following call back function:
ga(function(tracker) { var clientId = tracker.get(‘clientId’); });
If you want to collect client IDs in GA reports, then you can do that by creating a new custom dimension with user scope:
ga(‘set’, ‘dimension1’,clientId); for Universal Analytics
gtag(‘set’, ‘parameter_name’, clientId); for Google Analytics 4 (here parameter name is the name you have set for the user scope custom dimension in GA4.
Identifying unique users across different web browsers and devices is known as ‘Cross-Device Tracking’.
If users can log in on your website, then you can implement cross-device tracking with the help of a User ID.
According to Google’s terms of service, the User ID must not contain any personally identifiable data like the user’s name, email address, etc.
User ID is different from client ID in that client ID is generated by Google Analytics. Whereas a User ID is generated by your users’ authentication system (like Website Login).
To send user ID data to Google Analytics, use the ‘set’ command method like the one below:
gtag(‘set’, ‘userId’, ‘USER_ID’);
here, the value of USER_ID is of type string. For example:
gtag(‘set’, ‘userId’, ‘DTS234554134’});
You can also send user ID data to GA while creating the tracking object:
gtag(‘config’, ‘STREAM_ID’, {
‘user_id’: ‘id’
});
There are two important points that you need to remember about using user IDs:
#1 The user IDs must be set after the tracking object has been created. Otherwise, the user IDs will not be associated with your web property.
#2 The user IDs must be set before you send any hit data to GA. Otherwise, user IDs won’t be set for all subsequent hits that occur on a page.
Note: You can also set up user IDs for mobile apps.
Attributes of _ga Cookie
_ga cookie has got the following attributes:
Cookie name
Cookie domain
Cookie path
Cookie expires
You can modify _ga cookie by changing its attributes.
Note: Google recommends not to directly access the _ga cookie as the cookie format might change without warning, which could lead to script errors and incorrect data.
#1 Cookie name
The cookie name is the name of the google analytics cookie, which is _ga by default.
If you want to change this cookie name to something else, you can do this by setting the cookieName field. For example:
If you want google analytics to automatically determine and set the _ga cookie at the top-level domain or automatically set the value of cookieDomain to ‘none’ when you use localhost, then use ‘auto’ as the value of cookieDomain.
The advantage of using an automatic cookie domain configuration is that you can track users across all sub-domains without any additional configuration.
#3 Cookie Path
Cookie Path is the path at which the cookie is set up.
The _ga cookie is set on the top-level domain with the root level (/) path by default.
If you want to modify the _ga cookie path from the default ‘/’ to say ‘/lib’, then set the ‘cookiePath‘ field to ‘/lib’:
Here we set the _ga cookie to expire after 180 seconds.
Note: The cookieExpires field accepts values of type integer.
Making _ga cookie a ‘browser session’ based cookie
If you set the _ga cookie to expire after 0 seconds, then the cookie turns into a browser session-based cookie and expires once the current browser session ends.
Note: The biggest drawback of the _ga cookie is that you can’t dig out session or campaign-specific data from the cookie as all of these calculations happen in the backend on GA servers
Other articles related to GA4 (Google Analytics 4)
Get weekly practical tips on GA4 and/or BigQuery to accurately track and read your analytics data.
My best selling books on Digital Analytics and Conversion Optimization
Maths and Stats for Web Analytics and Conversion Optimization
This expert guide will teach you how to leverage the knowledge of maths and statistics in order to accurately interpret data and take actions, which can quickly improve the bottom-line of your online business.
Master the Essentials of Email Marketing Analytics
This book focuses solely on the ‘analytics’ that power your email marketing optimization program and will help you dramatically reduce your cost per acquisition and increase marketing ROI by tracking the performance of the various KPIs and metrics used for email marketing.
Attribution Modelling in Google Analytics and BeyondSECOND EDITION OUT NOW!
Attribution modelling is the process of determining the most effective marketing channels for investment. This book has been written to help you implement attribution modelling. It will teach you how to leverage the knowledge of attribution modelling in order to allocate marketing budget and understand buying behaviour.
Attribution Modelling in Google Ads and Facebook
This book has been written to help you implement attribution modelling in Google Ads (Google AdWords) and Facebook. It will teach you, how to leverage the knowledge of attribution modelling in order to understand the customer purchasing journey and determine the most effective marketing channels for investment.
About the Author
Himanshu Sharma
Founder, OptimizeSmart.com
Over 15 years of experience in digital analytics and marketing
Author of four best-selling books on digital analytics and conversion optimization
Nominated for Digital Analytics Association Awards for Excellence
Runs one of the most popular blogs in the world on digital analytics
Consultant to countless small and big businesses over the decade
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of all the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
