Relevant products:

Optimizely Web Experimentation
Optimizely Performance Edge

This article describes how to:

Familiarize yourself with the first-party cookies used by Optimizely Web Experimentation and Optimizely Performance Edge
Understand when visitors are cookied

Optimizely Web Experimentation and Optimizely Performance Edge enable you to uniquely identify visitors, track their actions, and deliver consistent experiences across page loads via persistent visitor-level cookies and localStorage. Each cookie Optimizely Experimentation sets stores a different set of data; this article explains the purpose and behavior of each cookie Optimizely Experimentation uses. For information on how Optimizely Web Experimentation works with Intelligent Tracking Prevention (ITP), see Intelligent Tracking Prevention and Optimizely Web Experimentation.

Optimizely Performance Edge is a lightweight experimentation product that delivers significantly faster performance than previous versions of Optimizely Web Experimentation. It does this by relying on a streamlined "microsnippet" which limits the range of available features.

Optimizely Performance Edge and Optimizely Web Experimentation use cookies the same way, so all information contained in this article applies to experiments created with either version of Optimizely Experimentation.

Take care not to directly reference the cookies and localStorage keys in code, as the specific data format and the cookies themselves may change over time and break your experiences. Instead, use the JavaScript API for Optimizely Web Experimentation.

If your Optimizely Experimentation account uses custom snippets, you might see more than one snippet listed for your projects.

Beginning with iOS 12.2 and Safari 12.1 on macOS High Sierra and Mojave, Intelligent Tracking Protection 2.1 is the new default behavior. All client-side cookies (in other words, cookies set from JavaScript via document.cookie) will have a maximum 7-day expiry period.

Please read Intelligent Tracking Prevention and Optimizely Web Experimentation for more information.

Cookies

Optimizely Web Experimentation's JavaScript snippet uses cookies to store some data in visitors' browsers. In most contexts, these are first-party cookies.

Important:

When developing experiences on your site, it is important to use the JavaScript API.

Take care not to reference the cookies and localStorage keys directly, as they may change at any time.

If Optimizely Web Experimentation or Optimizely Performance Edge is implemented within a third-party frame (a frame or iframe whose domain differs from the domain of the page), the cookies that it needs to read and write are considered third-party cookies.

These cookies are likely to be rejected in browsers like Safari and Firefox. Starting with Chrome 80, such cookies are still supported, but only if they explicitly include the Secure; SameSite=None; directives. You can read more in the Chromium Blog.

You can opt into a setting configuring the Optimizely Web Experimentation snippet to set its cookies with these directives. Please file a support ticket to enable this setting if you currently run experiments within a third-party frame.

The following are descriptions of all cookies that Optimizely Web Experimentation and Optimizely Performance Edge set:

optimizelyEndUserId

What: Stores a visitor's unique Optimizely Experimentation identifier. It is a combination of a timestamp and a random number. No other information about you or your visitors is stored inside.
Example value: "oeu1383080393924r0.5047421827912331"
Expiration: 6 months from last page visit, or a period of your choice (per the setCookieExpiration and extendCookieLifetime APIs)

optimizelyRedirectData

What: After Optimizely Experimentation has executed a redirect experiment, it stores various data from the original page so that Optimizely Experimentation still has access to it on the new page.
Expiration: 5 seconds

optimizelyDomainTestCookie

What: When Optimizely Experimentation loads a URL, the snippet places the cookie to get the current domain for determining whether cross-domain syncing is possible. If successful, the cookie is immediately removed.
Expiration: 6 months, but the cookie is removed by Optimizely Experimentation immediately after the set action is successful.

optimizelyOptOut

What: Stores a boolean indicating whether the visitor has opted out of participating in Optimizely Experimentation-powered experimentation. A visitor can opt out by using the opt-out tool here. An Optimizely Experimentation customer may also set this cookie's value via the snippet's "optOut" API call.
Example values: "true", "false"
Expiration: 10 years from the use of the opt-out tool or snippet's "optOut" API.

In Optimizely Experimentation, you can use our JavaScript API to set cookie domain. You can also use the API to set cookie expiration and to enable or disable the extend cookie lifetime function.

RUM cookies

For a small portion of your visitors (less than 10%), Optimizely Web Experimentation and Optimizely Performance Edge will attempt to collect performance and product usage telemetry; no personal data is collected. We call this process "real user monitoring", or RUM. Visitors who are sampled for this telemetry data will have two cookies on the domain rum.optimizely.com. These are both session cookies; they are not persisted on the visitor's device. Finally, the "domain" attribute of these cookies is always rum.optimizely.com; the aforementioned set cookie domain API has no effect on these.

AWSELB

What: Enables "sticky sessions", which is a requirement of our RUM service. For more information, see AWS load balancer documentation. Its value is random data.
Example value: "799B7FFB1A5DA8D5E09A5D5213B368BD54D987883D4B3B3193567422FA84E59605DE048B6A4B6B488C4DAEFC462F7170F3506CF8FB2F0CBDAA360D722F3F52CFE3A55DF331A5DE690D18747252F1146EF3D3629B00"
Expiration: N/A; it is a session cookie.

optimizelyRumLB

What: Controls the AWSELB cookie's attributes (e.g., SameSite and Secure). For more information, see AWS documentation on application-controlled session stickiness. Its value is always "1".
Example value: "1"
Expiration: N/A; it is a session cookie.

localStorage

Optimizely Web Experimentation and Optimizely Performance Edge store data under the following keys in localStorage.

Keys set by Optimizely Experimentation

The following are keys set by Optimizely Web Experimentation, Personalization, and Optimizely Performance Edge. {visitorId} is dependent on the visitor ID, generally stored in the optimizelyEndUserId cookie, and {projectNamespace} maybe a project ID or its account ID depending on whether the project is linked.

Important:

When developing experiences on your site, it is important to use the JavaScript API. Here are resources for Optimizely Web Experimentation.

Take care not to reference the cookies and localStorage keys directly, as they may change at any time.

The 'visitorId' part of the keys below is a combination of a timestamp and random number. No other information about you or your visitors is stored inside.

optimizelyData$${visitorId}$${projectNamespace}$$event_queue

What: Stores event instances that are waiting to be added to the previous ...$$events key.

optimizelyData$${visitorId}$${projectNamespace}$$events

What: Stores event instances that describe actions the visitor has taken on your website.

optimizelyData$${visitorId}$${projectNamespace}$$layer_states

What: Stores bucketing decision (variation and holdback assignment) for each layer in Optimizely Web Experimentation and Optimizely Personalization.

optimizelyData$${visitorId}$${projectNamespace}$$session_state

What: Tracks the session identifier and timestamp, which helps Optimizely Experimentation identify sessions for analytics purposes.

optimizelyData$${visitorId}$${projectNamespace}$$variation_map

What: Records the variation that the visitor has seen for each experiment. This allows us to deliver a consistent experience on successive page loads.

optimizelyData$${visitorId}$${projectNamespace}$$visitor_profile

What: Stores the visitor's values for various audience conditions. This is particularly important for "sticky" conditions like Ad Campaign, Source Type, and Referrer, for which we need to rely on the first observed value.

optimizelyData$${visitorId}$${projectNamespace}$$layer_map

What: Stores bucketing information within mutual exclusion groups.

optimizelyData$${visitorId}$${projectNamespace}$$tracker_optimizely

What: Temporary storage for the batched sending of events to the Optimizely Experimentation Event API.

optimizelyData$${visitorId}$${projectNamespace}$$pending_events

What: Temporary storage of XMLHttpRequest information, enabling the snippet to reliably send requests (e.g., to the Event API) even if the visitor navigates to a new page while a request is in progress.

optimizelyData$${visitorId}

optimizelyData$${visitorId}$$events

optimizelyData$${visitorId}$$event_queue

optimizelyData$${visitorId}$$layer_states

optimizelyData$${visitorId}$$session_state

optimizelyData$${visitorId}$$visitor_profile

optimizelyData$${visitorId}$$variation_map

These are keys that we used to set in Classic Optimizely. The snippet no longer sets data under these keys. For visitors who originally received data for these keys, the snippet is slowly migrating their data over to the new keys.

Origins

Unlike cookie data, localStorage is scoped to a single "origin." An “origin” is a combination of a specific hostname, protocol, and port on your site. Two pages have the same origin if the protocol, port (if one is specified), and host are the same for both pages.

Here is an example of pages that do not have the same or different origins as https://shop.example.com:

http://shop.example.com (different security protocol)
https://example.com (different subdomain)

You will find that the documented localStorage keys are set on every domain that uses Optimizely Experimentation.

For Optimizely Web Experimentation or Optimizely Performance Edge to recognize visitors across your pages and deliver consistent experiences, we replicate each visitor's data on all of your subdomains by routing it through another origin: https://a{yourAccountId}.cdn.optimizely.com/. Your visitors' data will be set on that origin as well, and on every page load with an Optimizely Experimentation snippet on it, Optimizely Experimentation makes an async call to this origin to sync this data. This will sync information across origin as well as across subdomains. Read more about tracking events across domains in Optimizely Web Experimentation.

Optimizely Web Experimentation and Optimizely Performance Edge do not combine visitor data from multiple accounts.

Cookies and localStorage in the Optimizely Web Experimentation and Optimizely Performance Edge snippets