Cookies are used for various types of website tracking, for example browser sessions.
 Optimizely Content Management System (CMS) uses the following cookies:
| Cookie Name | Purpose |
| **ASP.NET\_SessionId** | Strictly necessary. Session cookie sent to the web browser. Used when you open the browser and go to a website that implements ASP.NET session state. Required to identify requests from the same browser during a limited session time window when browsing the website.This cookie is deleted when you close your browser. |
| **EPi:NumberOfVisits** | Functionality-related. Stores the number of times you access pages on the site to allow personalization of content based on the frequency the site content is viewed. Used with the **Number of Visits** personalization criterion. This cookie is not  set if you remove it from all of your visitor groups. Persistent (1 year from creation). |
| **.EPiServerLogin**, **EPiDPCKEY**, **.ASPXRoles** | Strictly necessary. Only used if you log in to a website. You should clearly state on the login page that cookies are used if you log in. Allows for login/access and permissions when using the CMS interface. This cookie is deleted when you close your browser. |
| **\_\_epiXSRF & \_\_RequestVerificationToken & \_\_RequestVerificationToken** | Strictly necessary. Used by the Optimizely security components. Protects the user against cross-site request forgery (XSRF). Used only by the CMS UI. This cookie is deleted when you close your browser. |
| **ImageEditorFileSize** | Used by the Image Editor. |
| **\_utma**, **\_utmb**, **\_utmc**, **\_utmz** | Google Analytics cookies that are commonly used on Optimizely websites. These third-party cookies are used to collect information about how visitors use the website. |
## Protect visitor privacy
According to EU directives, website owners are responsible for informing visitors about cookies used on the site. See [Protecting Your Visitors’ Privacy According to EU Directive on Cookies](🔗).