Familiarize yourself with the first-party cookies used by Optimizely X
Understand when visitors are cookied
Optimizely enables you to uniquely identify visitors, track their actions, and deliver consistent experiences across page loads via persistent visitor-level cookies and localStorage. Each cookie Optimizely sets stores a different set of data; this article explains the purpose and behavior of each cookie Optimizely uses.
Optimizely Performance Edge is a lightweight experimentation product that delivers significantly faster performance than previous versions of Optimizely. It does this by relying on a streamlined "microsnippet" which limits the range of available features.
Optimizely Performance Edge and Optimizely X Web use cookies the same way, so all information contained in this article applies to experiments created with either version of Optimizely.
Take care not to directly reference the cookies and localStorage keys in code, as the specific data format and the cookies themselves may change over time and break your experiences. Instead, use the JavaScript API for Optimizely X Web.
If your Optimizely X account uses custom snippets, you might see more than one snippet listed for your projects.
Beginning with iOS 12.2 and Safari 12.1 on macOS High Sierra and Mojave, Intelligent Tracking Protection 2.1 is the new default behavior. All client-side cookies (in other words, cookies set from JavaScript via document.cookie) will have a maximum 7-day expiry period.
Optimizely uses cookies to store some data in visitors' browsers. These cookies are all first-party cookies; no third-party cookies are used.
Important:
When developing experiences on your site, it's important to use the JavaScript API.
Take care not to reference the cookies and localStorage keys directly, as they may change at any time.
As of version 80, Chrome browser introduces a policy when cookies with SameSite=none attribute and without the Secure attribute will not be allowed. This doesn't impact any Optimizely cookies because Optimizely only reads cookies in first-party contexts, and has no issue with the new default of SameSite=Lax that's used by Chrome. You can find more information about the topic here.
The following are descriptions of all cookies that Optimizely sets:
optimizelyEndUserId
What: Stores a visitor's unique Optimizely identifier. It's a combination of a timestamp and random number. No other information about you or your visitors is stored inside.
Example value: "oeu1383080393924r0.5047421827912331"
What: After Optimizely has executed a redirect experiment, stores various data from the original page so that Optimizely still has access to it on the new page.
Expiration: 5 seconds
optimizelyDomainTestCookie
What: When Optimizely loads a URL, the snippet places the cookie to get the current domain, for the purpose of whether cross-domain syncing is possible. If successful, the cookie is immediately removed.
Expiration: 6 months, but the cookie is removed by Optimizely immediately after the set action is successful.
optimizelyOptOut
What: Stores a boolean indicating whether the visitor has opted out of participating in Optimizely-powered experimentation. A visitor can opt out by using the opt-out tool here. An Optimizely customer may also set this cookie's value via the snippet's "optOut" API call.
Example values: "true", "false"
Expiration:10 years from the use of the opt-out tool or snippet's "optOut" API.
Technical skills needed to implement this solution: Familiarity with browser developer tools
What's the problem?
3rd party cookies are not present within the Resources tab of the browser developer tools.
Solution:
Instead of using the Resource tab within the browser developer tools, you'll have to look into the Network panel for a request sent as part of a goal conversion.
Open up the browser developer tools --> Network
Fire off Optimizely request
Click on the request --> Headers --> Request Headers --> Look for the strings bucket_map and end_user_id
Alternatively, you can click on the Request --> Cookies and look for the strings bucket_map and end_user_id
Why is this information internal-only, and not customer facing?
This is not really information that needs to be digested by a large customer base. 3rd party cookies are more for cross-domain tracking (which works inconsistently), as well as reconciling user actions within our Backend.
localStorage
Optimizely stores data under the following keys in localStorage.
Keys set by Optimizely
The following are keys set by Optimizely X Web Experimentation, Personalization, and Optimizely Performance Edge:
Important:
When developing experiences on your site, it's important to use the JavaScript API. Here are resources for Optimizely X Web.
Take care not to reference the cookies and localStorage keys directly, as they may change at any time.
The 'visitorId' part of the keys below is a combination of a timestamp and random number. No other information about you or your visitors is stored inside.
What: Stores the visitor's values for various audience conditions. This is particularly important for "sticky" conditions like Ad Campaign, Source Type, and Referrer for which we need to rely on the first observed value.
What: Temporary storage of XMLHttpRequest information, enabling the snippet to reliably send requests (e.g., to the Event API) even if the visitor navigates to a new page while a request is in progress.
optimizelyData$${visitorId}
optimizelyData$${visitorId}$$events
optimizelyData$${visitorId}$$event_queue
optimizelyData$${visitorId}$$layer_states
optimizelyData$${visitorId}$$session_state
optimizelyData$${visitorId}$$visitor_profile
optimizelyData$${visitorId}$$variation_map
These are keys that we used to set, in Classic and/or New Optimizely. The snippet no longer sets data under these keys, for visitors who originally received data for these keys, the snippet is slowly migrating their data over to the new keys.
Origins
Unlike cookie data, localStorage is scoped to a single "origin." An “origin” is a combination of a specific hostname, protocol, and port on your site. Two pages have the same origin if the protocol, port (if one is specified), and host are the same for both pages.
Here's an example of pages that don't have the same or different origins as https://shop.example.com:
You'll find that the documented localStorage keys are set on every domain that uses Optimizely.
In order for Optimizely to recognize visitors across your pages and deliver consistent experiences, we replicate each visitor's data on all of your subdomains by routing it through another origin: https://a{yourAccountId}.cdn.optimizely.com/. Your visitors' data will be set on that origin as well, and on every page load with an Optimizely snippet on it, Optimizely makes an async call to this origin to sync this data. This will sync information across origin as well as across subdomains. Read more about tracking events across domains in Optimizely.
Optimizely does not combine visitor data from multiple projects.
