Google Analytics

Tracking Code

- Home
- Getting Started
- Tracking Reference
  - Global Objects
    - _gat
    - _gaq
  - Tracker Objects
- Libraries
  - Gadgets
  - Chrome Extensions
  - Mobile Updated (Labs )
  - Flash/Flex (Labs )
    - Flash Setup
    - Flex Setup
  - Silverlight (Labs )

Management API (Labs in Labs

)

Data Export API (Labs in Labs

)

- Home
- Getting Started
  - Authorization
  - Protocol
  - Java
  - Javascript
  - Version 1.0
    - Protocol
    - Java
    - Javascript
- Feed Reference
- Dimensions & Metrics
- Libraries & Examples
- Issue Tracker

Website Optimizer (No longer available)

Cookies & Google Analytics

An HTTP cookie—commonly referred to as just "cookie"—is a parcel of text sent back and forth between a web browser and the server it accesses. Its original purpose was to provide a state management mechanism between a web browser and a web server. Without a cookie (or a similar solution), a web server cannot distinguish between different users, or determine any relationship between sequential page visits made by the same user. For this reason, cookies are used to differentiate one user from another and to pass information from page to page during a single user's website session. A web server uses cookies to collect data about a given browser, along with the information requested and sent by the browser's operator (the visitor). Cookies do not identify people, but rather they are defined themselves by a combination of a computer, a user account, and a browser.

Google Analytics tracking (and most web tracking software) uses cookies in order to provide meaningful reports about your site visitors. However, Google Analytics cookies do not collect personal data about your website visitors.

This document discusses the following:

How Google Analytics Uses Cookies
Cookies Set by Google Analytics
Significance of Cookie Identification & Expiration
Cookie Implementation Limits

For more information about cookies, see the Wikipedia article on HTTP Cookies.

How Google Analytics Uses Cookies

Google Analytics uses cookies to define user sessions, as well as to provide a number of key features in the Google Analytics reports. Google Analytics sets or updates cookies only to collect data required for the reports. Additionally, Google Analytics uses only first-party cookies. This means that all cookies set by Google Analytics for your domain send data only to the servers for your domain. This effectively makes Google Analytics cookies the personal property of your website domain, and the data cannot be altered or retrieved by any service on another domain.

The following table lists the type of information that is obtained via your Google Analytics cookies and used in Analytics reports.

Functionality	Description of Cookie	Cookie Used
Setting the Scope of Your Site Content	Because any cookie read/write access is restricted by a combination of the cookie name and its domain, default visitor tracking via Google Analytics is confined to the domain of the page on which the tracking code is installed. For the most common scenario where the tracking code is installed on a single domain (and no other sub-domains), the generic setup is correct. In other situations where you wish to track content across domains or sub-domains, or restrict tracking to a smaller section of a single domain, you use additional methods in the `ga.js` tracking code to define content scope. See Domains & Directories in the Collection API document for details.	All Cookies
Determining Visitor Session	The Google Analytics tracking for `ga.js` uses two cookies to establish a session. If either of these two cookies are absent, further activity by the user initiates the start of a new session. See the Session article in the Help Center for a detailed definition and a list of scenarios that end a session. You can customize the length of the default session time using the _setSessionCookieTimeout() method. This description is specific to the `ga.js` tracking code for web pages. If you use Analytics tracking for other environments—such as Flash or mobile—you should check the documentation for those environments to learn how sessions are calculated or established.	`__utmb __utmc`
Identifying Unique Visitors	Each unique browser that visits a page on your site is provided with a unique ID via the `__utma` cookie. In this way, subsequent visits to your website via the same browser are recorded as belonging to the same (unique) visitor. Thus, if a person interacted with your website using both Firefox and Internet Explorer, the Analytics reports would track this activity under two unique visitors. Similarly if the same browser were used by two different visitors, but with a separate computer account for each, the activity would be recorded under two unique visitor IDs. On the other hand, if the browser happens to be used by two different people sharing the same computer account, one unique visitor ID is recorded, even though two unique individuals accessed the site.	`__utma`
Tracking Traffic Sources & Navigation	When visitors reach your site via a search engine result, a direct link, or an ad that links to your page, Google Analytics stores the type of referral information in a cookie. The parameters in the cookie value string are parsed and sent in the GIF Request (in the `utmcc` variable). The expiration date for the cookie is set as 6 months into the future. This cookie gets updated with each subsequent page view to your site; thus it is used to determine visitor navigation within your site.	`__utmz`
Custom Variables	You can define your own segments for reporting on your particular data. When you use the `_setCustomVar()` method in your tracking code to define custom variables, Google Analytics uses this cookie to track and report on that information. In a typical use case, you might use this method to segment your website visitors by a custom demographic that they select on your website (income, age range, product preferences).	`___utmv`
Website Optimizer	You can use Google Analytics with Google Website Optimizer (GWO), which is a tool that helps determine the most effective design for your site. When a website optimizer script executes on your page, a _utmx cookie is written to the browser and its value is sent to Google Analytics. See the Website Optimizer Help Center for more information.	`___utmx`

Once the cookies are set/updated on the web browser, the data they contain that is required for reporting purposes is sent to the Analytics servers in the GIF Request URL via the utmcc parameter.

Cookies Set By Google Analytics

Google Analytics sets the following cookies as described in the table below. A default configuration and use of Google Analytics sets only the first 4 cookies in the table.

Name	Description	Expiration
`__utma`	This cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new `__utma` cookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure.	2 years from set/update.
`__utmb`	This cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on your site for longer than 30 minutes. You can modify the default length of a user session with the `_setSessionCookieTimeout()` method.	30 minutes from set/update.
`__utmc`	This cookie operates in conjunction with the `__utmb` cookie to determine whether or not to establish a new session for the user. In particular, this cookie is not provided with an expiration date, so it expires when the user exits the browser. Should a user visit your site, exit the browser and then return to your website within 30 minutes, the absence of the `__utmc` cookie indicates that a new session needs to be established, despite the fact that the `__utmb` cookie has not yet expired.	Not set.
`__utmz`	This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site.	6 months from set/update.
`__utmv`	This cookie is not normally present in a default configuration of the tracking code. The `__utmv` cookie passes the information provided via the `_setVar()` method, which you use to create a custom user segment. This string is then passed to the Analytics servers in the GIF request URL via the `utmcc` parameter. This cookie is only written if you have added the `_setVar()` method for the tracking code on your website page.	2 years from set/update.
`__utmx`	This cookie is used by Website Optimizer and only set when the Website Optimizer tracking code is installed and correctly configured for your pages. When the optimizer script executes, this cookie stores the variation this visitor is assigned to for each experiment, so the visitor has a consistent experience on your site. See the Website Optimizer Help Center for more information.	2 years from set/update.

Significance of Cookie Identification and Expiration

This section describes how Google Analytics uses the standards for cookie identification and expiration to correctly attribute visitor activity on your site. Cookie data is, by a combination of attributes, restricted to a specific website entity so that its data can not be read or written by code residing on any other domain. Additionally, the expiration settings for cookies can be used to determine the recency of user interaction with your site. When you define cookies for your website, whether via your own coding means, or through using Google Analytics, each cookie is set on the visitor's web browser with the following attributes:

Name
Content
Domain
Path
Security Level
Expiration Date

Since most web sites set cookies, you can look at this data yourself by inspecting the cookies via your browser's menu. For example, in Firefox on Windows, you can select Tools -> Options from the menu and click on the Show Cookies button to see a listing of all cookies set on your browser, by domain. Once you select a domain from the list, click on a cookie by name to see its attribute settings. If you frequently visit various Google properties, try selecting google.com from the domain listing. You'll probably see a repetition of the same cookie name in the list (many of them set by Google Analytics). The screen shot below illustrates:

Listing of Cookies

While this section does not cover all of the standards for cookie reading and writing, it covers how cookies are identified and how they expire, and why this is significant when considering how you might want to limit or expand Google Analytics tracking to ensure correct recording of sessions, unique page views, and unique visitors for your web property.

Identification

A cookie is uniquely identified by a combination of three of its attributes:

Name, which is merely a string identifier
Domain, which is the fully qualified domain of the cookie (e.g. www.example.com, sub.example.com, or sub1.sub.example.com)
Path, which is the root level by default

Most cookies are explicitly set with only the name and content attributes defined. When this is the case, the web browser automatically sets the domain for that cookie to the document.host of the web page that sets the cookie, and it sets the path to the root level (/). This is how a default installation of Google Analytics works, such that if you install the Google Analytics tracking code on pages on www.example.com with no customizations, the attributes for the __utma cookie will be:

Name: __utma
Domain: www.example.com
Path: /

This configuration then allows any page (in any directory) on www.example.com to read and set the __utma cookie. However, a page on another host of example.com, such as server1.example.com, will not be able to read or write the __utma cookie from www.example.com because the fully-qualified domains do not match.

Large domains that contain independent blocks of content across directories and sub-domains might want to restrict cookie tracking to a specific area. You can see from the screen shot that the same cookie names are repeated multiple times across the same domain, so in this situation it is necessary to distinguish the cookies from each other by more than just name. In other cases, you might want to share cookie data across sub-domains or top-level domains in order to have aggregate user reporting that is not enabled by default.

In either case, you can use a variety of methods in your Google Analytics Tracking Code (GATC) to customize tracking to suit your particular configuration, if it varies from the standard single-domain setup. See Domains & Directories in the Collection API document for more information.

Expiration

When a cookie expires, it is no longer present on the web browser and therefore not sent to the server. As you can see from the cookie table listed above, the Google Analytics cookies have a variety of expiration dates. In the case of the __utmc cookie, there is no expiration date set. This is because when a cookie is written without an expiration date, it automatically expires when the browser closes. Google Analytics uses this feature of HTTP Cookies to determine user sessions, since the absence of the __utmc cookie lets the tracking code know that a new user session should be started.

Google Analytics sets an expiration date of 2 years for unique visitor tracking. However, if your visitors delete their cookies and revisit your site, then Google Analytics will set new cookies (including new unique visitor cookies) for those visitors. While you can configure the duration of a user session cookie (from the default 30 minutes) using the _setSessionCookieTimeout() method, you cannot configure the duration of the unique visitor cookie.

Google Analytics also automatically configures the __utmz (traffic sources) cookies to 6 months. This time-frame is used so that a specific campaign that you have set (by name) can be tracked for conversion purposes (goals). If your particular business experiences a longer or shorter conversion time-frame, you can use the _setCampaignCookieTimeout() method, which will then change the default expiration for the __utmz cookie and result in a different conversion time-frame for your campaigns. Bear in mind that this will also affect the expiration for other types of traffic referrals, such as organic or paid searches. For more information on conversions, see the Conversion University.

Cookie Implementation Considerations

There are two implementation scenarios with Google Analytics that bear special consideration due to inherent cookie behavior:

Using multiple Analytics accounts on a hosted or single domain
Using multiple Analytics accounts on the same set of pages

Multiple Analytics Accounts on Larger Domains

The original RFC for cookies states that browser support for cookies should be a minimum of:

300 cookies in total
20 cookies per domain
4095 bytes per cookie

In some browsers, support for cookies is limited to this minimum requirement, while for others, cookie support is more generous. If you are tracking website content on a sub-section of a single domain where Google Analytics is already used on the main domain, the domain administrator might limit Google Analytics tracking to the larger domain, due to these cookie limits. Remember that domains are defined for the fully-qualified domain, so if your hosting provider provides a unique sub-domain for its users, these cookie limitations would not apply.

Multiple Analytics Accounts on a Given Page

Some users want to track the same page or set of pages in multiple Analytics Accounts. Analytics is designed to work effectively with a single account-to-web-property relationship. If you have multiple accounts tracking the same web property (e.g. page or sets of pages), both accounts will read from and set the same set of cookies. This set up is generally not recommended.