Cookie usage

Cookies track browser sessions and support personalization, security, and telemetry in CMS 13. Understanding which cookies the platform sets helps with privacy compliance and consent configuration.

Optimizely Content Management System (CMS) uses the following cookies:

• apt.uid, apt.sid – Collect telemetry data.
• .AspNetCore.Antiforgery.# – Strictly necessary. Protects against cross-site request forgery (CSRF). Used only by the CMS UI. The browser deletes this cookie when the session ends.
• .AspNetCore.Identity.Application – Strictly necessary. Keeps users logged in for the duration of the browsing session.
• EPi:NumberOfVisits – Functionality-related. Stores the number of page visits to enable content personalization based on visit frequency. Used with the Number of Visits personalization criterion. This cookie is not set when the criterion is removed from audiences. It is persistent (one year from creation).
• EpiStateMarker – Functionality-related. Indicates whether session-based visit information is stored in sessions or cookies.
• EPiViewedPages – Tracks whether a user has visited a selected page. Used with ViewedPagesCriterion under the Site Criteria category of VisitorGroup.
• ImageEditorFileSize – Used by the Image Editor.
• _utma, _utmb, _utmc, _utmz – Google Analytics cookies commonly used on Optimizely websites. These third-party cookies collect information about how visitors use the website.

Protect visitor privacy

EU directives require website owners to inform visitors about cookies on the site. See Protect visitor privacy according to EU directive on cookies.