Cookies are used for various types of website tracking, for example browser sessions.
Optimizely Content Management System (CMS) uses the following cookies:
|**ASP.NET\_SessionId**||Strictly necessary. Session cookie sent to the web browser. Used when you open the browser and go to a website that implements ASP.NET session state. Required to identify requests from the same browser during a limited session time window when browsing the website.This cookie is deleted when you close your browser.|
|**EPi:NumberOfVisits**||Functionality-related. Stores the number of times you access pages on the site to allow personalization of content based on the frequency the site content is viewed. Used with the **Number of Visits** personalization criterion. This cookie is not set if you remove it from all of your visitor groups. Persistent (1 year from creation).|
|**.EPiServerLogin**, **EPiDPCKEY**, **.ASPXRoles**||Strictly necessary. Only used if you log in to a website. You should clearly state on the login page that cookies are used if you log in. Allows for login/access and permissions when using the CMS interface. This cookie is deleted when you close your browser.|
|**\_\_epiXSRF & \_\_RequestVerificationToken & \_\_RequestVerificationToken**||Strictly necessary. Used by the Optimizely security components. Protects the user against cross-site request forgery (XSRF). Used only by the CMS UI. This cookie is deleted when you close your browser.|
|**ImageEditorFileSize**||Used by the Image Editor.|
|**\_utma**, **\_utmb**, **\_utmc**, **\_utmz**||Google Analytics cookies that are commonly used on Optimizely websites. These third-party cookies are used to collect information about how visitors use the website.|
## Protect visitor privacy
According to EU directives, website owners are responsible for informing visitors about cookies used on the site. See [Protecting Your Visitors’ Privacy According to EU Directive on Cookies](🔗).