Cookies set on HubSpot's websites
Last updated: June 10, 2025
Available with any of the following subscriptions, except where noted:
All products and plans
|
HubSpot is committed to privacy and protecting individual rights on the internet. When you visit HubSpot's websites, sign up for a HubSpot account, attend a HubSpot virtual event, or request more information about HubSpot, HubSpot automatically collects information using tracking technologies, such as cookies and tracking pixels.
HubSpot may use cookies or similar technologies (such as web beacons and JavaScript) to analyze trends, administer the website, monitor how visitors navigate through websites, and gather demographic information about HubSpot's user base. Learn more about how HubSpot uses cookies on its websites and how to manage your cookie preferences.
HubSpot websites
The HubSpot websites you may be visiting include:
- www.hubspot.com
- www.hubspot.de
- www.hubspot.fr
- www.hubspot.es
- www.hubspot.jp
- br.hubspot.com
- app.hubspot.com (the HubSpot product)
- www.inbound.com
- knowledge.hubspot.com
- developers.hubspot.com
- ecosystem.hupspot.com
- academy.hubspot.com
- community.hubspot.com
- thehustle.co
- ir.hubspot.com
If your site is hosted on the HubSpot product or uses the HubSpot tracking code, learn more about cookies set in a visitor's browser by HubSpot.
Learn about cookies
HubSpot websites use different types of cookies. Some cookies are necessary for the websites and services to function properly. Others are optional and help HubSpot to perform analytics, provide different functionality, or engage in targeted advertising.
Please note: tracking pixels (e.g., ptq.gifs) are used to record anonymous data, such as page views and clicks. These don’t store any personal information and aren't considered cookies.
Below is a list of the types of cookies that may be set on your browser when you visit a HubSpot website.
Necessary cookies
Necessary cookies are cookies that are required for HubSpot's sites to function properly. The table below includes examples of necessary cookies.
| Cookie name |
Vendor |
Purpose |
| __cfduid |
Cloudflare |
Detection of malicious actors. |
| __cf_bm |
Cloudflare |
Placed on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode. This cookie is necessary for these bot solutions to function properly. |
| __cfuvid |
Cloudflare |
First-party cookie used by Cloudflare, a content delivery network, to identify individual clients behind a shared IP address. |
| __hs_opt_out |
HubSpot |
Used by the cookie banner to remember not to ask the visitor to accept cookies again. |
| _hs_cookie_cat_pref |
HubSpot |
Saves the preferences chosen by the visitor from the cookie banner. |
| laboratory-anonymous-id |
HubSpot |
Session-based cookie platform to show and group individual user sessions in an anonymous and non-identifiable way, to allow HubSpot.com to work properly. It's discarded at the end of a session. |
| hs_login_email |
HubSpot |
Verifies the user's email for log-in purposes to the HubSpot product. |
| hsgn |
HubSpot |
Necessary for login to the HubSpot product |
| ak_bmsc |
Akami |
Used by Akamai to optimize site security by distinguishing between humans and bots. bm_sv. |
| Hubspotapi |
HubSpot |
Allows the user to access the app with the correct permissions. |
| Hubspotapi-csrf |
HubSpot |
Used for CSRF prevention - preventing third-party websites from accessing your data. |
| Hubspotapi-lax |
HubSpot |
Test cookie HubSpot uses to identify if the user’s browser accepts SameSite Lax cookies. It helps determine if HubSpot can make the Hubspotapi cookie SameSite Lax in the future, which is currently set as SameSite None. |
| Hubspotapi-prefs |
HubSpot |
Used with the Hubspotapi cookie to remember whether the user checked the remember me box (controls the expiration of the main cookie's authentication). |
| Hubspotapi-strict |
HubSpot |
Similar to Hubspotapi-lax, a test cookie that HubSpot uses to identify if the user’s browser accepts SameSite Strict cookies. This determines if HubSpot can make the Hubspotapi cookie SameSite Strict in the future, which is currently set as SameSite None. |
| hs_langswitcher_choice |
HubSpot |
Sets browser language for users. |
| Hubspotutk |
HubSpot |
Tracks a visitor's identity. It's passed to HubSpot on form submission and used when deduplicating contacts. It contains an opaque GUID to represent the current visitor. |
| gbu9uvfhph6a0mdatwbzomssrlboczvs |
E-Hawk Talon |
Used to prevent fraudulent signups on sign-up pages. Expires at the end of the session. |
| AWSALB |
Amazon Web Services (AWS) |
Load-balancing cookie used by Amazon Web Services (AWS) to manage traffic distribution across multiple instances of an application. It's generated and managed by the Application Load Balancer and helps route traffic to the most appropriate server to ensure a smooth user experience, especially during periods of high traffic. |
| AWSALBCORS |
Amazon Web Services (AWS) |
Used by websites to ensure a smooth and efficient user experience. It was created by Amazon as part of its web services unit for applications that use load balancers. This particular cookie acts like a traffic controller, performing the function of load balancing. |
| LiSESSIONID |
Khoros |
Session management cookie, often set by sites using the Khoros platform or similar. It is used to identify a user's session on a particular community or website, ensuring that the user remains logged in across multiple pages. This cookie is typically associated with the user's session and expires when the session ends. |
| LithiumVisitor |
Khoros |
Used by Khoros to compute billing visits, registered billing visits, visits, registered visits, and unique visitors metrics. The cookie is encrypted and stores when it was first issued, when it was last seen by Khoros, and a unique visitor ID (unique per visitor’s browser). |
Functionality cookies
Functionality cookies are used to enhance the performance of a website. They're non-essential cookies controlled by the cookie banner. Without them, certain website functions may not be available.
If you're a visitor to a HubSpot site, you can opt out of funtionality cookies or manage your cookie preferences using the options provided in the cookie banner or the Manage cookies link in your browser.
The table below includes some examples of functionality cookies.
| Cookie name |
Vendor |
Purpose |
| messagesUtk |
HubSpot |
This is the cookie used for the chatflows tool. If you're a visitor, you can chat with an agent on the site. |
| __hs_cookie_cat_pref |
HubSpot |
Records your category preference from the cookie banner after selection. |
| hs_high_contrast |
HubSpot |
Sets high-contrast settings on the site for the user. |
| _conv_v |
Convert |
Stores information about a user's activity on a website. This includes session counts, page views, and timestamps for first and previous sessions. This cookie helps websites track and analyze user behavior, personalize experiences, and measure the effectiveness of experiments. |
Analytics cookies
Analytics cookies are non-essential cookies controlled by the cookie banner. They're used to track how users navigate and interact with the website. The information collected is used to help us improve the website.
If you're a visitor to a HubSpot site, you can opt out of analytics cookies or manage your cookie preferences using the option provided in the cookie banner or the Manage cookies link in your browser.
The table below includes some examples of analytics cookies.
| Cookie name |
Vendor |
Purpose |
| _ga |
|
The main cookie used by Google Analytics. Enables the service to distinguish one visitor from another. |
| _gid |
|
Used for Google Analytics to store and update a unique value for each page visited. |
| __hssc |
HubSpot |
Tracks sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. It expires in 30 minutes. |
| __hssrc |
HubSpot |
Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie doesn't exist when HubSpot manages cookies, it's considered a new session. It contains the value "1" when present. Expires at the end of the session. |
| __hstc |
HubSpot |
The main cookie used for tracking visitors. Contains the domain, HubSpotutk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). Expires in six months. |
| hs-messages-is-open |
HubSpot |
Used to determine and save whether the chat widget is open for future visits. It's set in your visitor's browser when they start a new chat, and resets to re-close the widget after 30 minutes of inactivity. |
| __utma |
|
Used to distinguish users and sessions. The cookie is created when the JavaScript library executes and no existing __utma cookies exist. This is updated every time data is sent to Google Analytics. |
| _conv_r |
Convert |
Stores referral data for the current visitor. This data includes the source of the referral (e.g., domain name), the medium used (e.g., email, social media), and any search terms associated with the referral. The cookie is overwritten each time a visitor comes from a new referrer. |
Advertisement cookies
Advertisement cookies are ad-pixel cookies (such as Facebook, LinkedIn, and Google). They're used to track user behavior and gather insight to deliver tailored ads.
If you're a visitor to a HubSpot site, you can opt out of advertisement cookies or manage your cookie preferences using the options provided in the cookie banner or the Manage cookies link in your browser.
You may have certain rights regarding the collection and use of your data under applicable data protections laws including, but not limited to, the California Consumer Privacy Act. To opt out of having your information disclosed to advertising vendors, you can opt in your Privacy Preferences or through the Your Privacy Choices link in the footer of the HubSpot website.
The table below includes some examples of advertisement cookies.
| Cookie Name |
Vendor |
Purpose |
| _fbp |
|
Used by Facebook to track a user's activity across different websites. It's a first-party cookie set by the site the user is currently on. Facebook uses the _fbp cookie to understand a user's browsing behavior and improve advertising targeting. This cookie helps Facebook track the user's visits to different websites. The data collected from the _fbp cookie helps Facebook understand user interests and preferences, allowing Facebook to deliver more relevant ads to users, both on Facebook and on other websites. |
| _gtmeec |
|
Used by Google Tag Manager (GTM) to enhance event data by storing a unique identifier within an HTTP-only, secure cookie. This cookie helps improve the accuracy and quality of event data, especially when integrating with platforms like Facebook. This cookie enables tracking of users via the Facebook Conversion API. |
| FPAU |
|
Used by Google for advertising and measurement purposes, particularly in products like Campaign Manager, Display & Video 360, Google Ads, and Search Ads 360. It helps with analytics, allowing websites to track user activity and generate reports. FPAU is used to assign a unique ID to visitors, enabling websites to determine the number of user visits for analysis and statistics. |
| FPID |
|
Used by Google in server-side Google Tag Manager (GTM) to store a unique Client ID for tracking and analytics in Google Analytics 4 (GA4). It's a secure, HttpOnly cookie that's only accessible by the web server, not browser JavaScript, making it more secure than traditional browser cookies. |
| __pdst |
Podsites |
Used by websites, including PDST's website, to track users across multiple websites, often for advertising purposes. It helps identify users and present relevant ads based on their browsing behavior. |
