Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Software on your device, for example a web browser, stores the cookies and sends them back to a website next time you visit. Cookies allow websites to recognise your device and preferences and provide information to the owners of sites which can be used to improve your online experience. A number of websites provide details on cookies, including cookiedatabase.org and cookiepedia.co.uk.
The rules on cookies are covered by the Privacy and Electronic Communications Regulations 2003 (PECR). PECR also covers the use of similar technologies for storing or accessing information, such as ‘Flash cookies’ and device fingerprinting.
In the UK, the Information Commissioners Office (ICO) is responsible for enforcing these rules.
Consumers may come across information about cookies and similar technologies on websites and be given choices about how some cookies are used. This might include, for example, being asked to agree to a cookie being used for a particular service, such as remembering your preferences on a site.
Organisations have to provide clear and comprehensive information about the way they use cookies, and ensure that for any cookie not strictly necessary for their website, they give you an appropriate means of consenting to that cookie being set on your device.
First-party cookies are directly stored by the website (or domain) you visit. These cookies allow website owners to collect analytics data, remember language settings, and perform other useful functions that provide a good user experience. The domain host can see the data that the cookie retrieves. First-party cookies can’t usually be used to track a user’s activity on another site other than the original website it was placed on. These types of cookies include things such as your sign-on credentials, items you put in the shopping cart, or your preferred language.
First-party cookies are set by the publisher’s web server or any JavaScript loaded in the website.
Third-party cookies are created by domains that are not the website (or domain) that you are visiting. These are usually used for online-advertising purposes and placed on a website through adding scripts or tags. A third-party cookie is accessible on any website that loads the third-party server’s code.
The below tables detail all the cookies generated by ATG NetDirector® suite of technologies so that you can share the information with consumers via your websites Cookie Policy. Please note, that not all cookies will present themselves on your website as some are dependant of which modules have been enabled. From time to time, this list will be updated when new cookies are added to ATG NetDirector® software platforms.
Additionally, we have provided links to lists of cookies generated by other common technologies added to ATG product suites. This is not an exhaustive list of other cookies may present themselves on the website. It is important to note that where the relationship with a third party technology provider (e.g. Stripe) does not sit with ATG, and ATG has just development the integration, ATG is not responsible to manage or define the cookies.
Cookie Name | Recommended Categorisation | Description | Duration | 1st/3rd Party |
dataLayer.visitor.isReturning | Analytics | Cookie to provide page view details to a GTM data layer where added. By default the cookie is set to 'True'. | Persistent | First Party |
gf-session-id | Required / Essential | When users are navigating throughout the site this is used to determine a consistent session. E.g a user creates a transaction without being logged in and then the user logs in we can use the consistent session id to link the user to the transaction. This is set in local storage | Session | First Party |
isSessionUsed | Functional / Personalisation | To determine if a session is used on the frontend. For example, a website page that requires a login screen because it's for internal use only. | Session | First Party |
lastViewedVehicles_* | Required / Essential | Allows the breadcrumbs to work within the details pages | Session | First Party |
PHPSESSID | Required / Essential | Preserves user session state across page requests. | Session | First Party |
postcode | Functional / Personalisation | Saves the postcode used within vehicle search and dealer locator search so that it is populated for example do a postcode search on dealer locator page, go to used cars and postcode is populated. | Session | First Party |
recentLocationHash | Functional / Personalisation | Allows the enquiry form where multiple locations may be present to populate the most recently used location for example on site enquiry forms. | Session | First PartyFirst Party |
recentVehicles_* | Required / Essential | Stores the reference of the most recent vehicle viewed. | Session | First Party |
searchPath_* | Functional / Personalisation | Welcome back module - Shows the continue search button within Welcome back by storing the search parameters | Persistent | First Party |
searchQuery_* | Required / Essential | Enables site breadcrumbs to work with New Car Offers, vehicle search listings and details pages, and ensures that the lazy load search feature works correctly | Session | First Party |
searchTags_* | Required / Essential | Enables the search pills to be displayed from the search selection | Session | First Party |
sessionStorageTest | Required / Essential | Determines if sessionStorage is available | Session | First Party |
storageSettings | Required / Essential | Determine which category of cookies can be stored locally | Persistent | First Party |
trackingIpFilter | Required / Essential | Stores the user IP address when visiting the website for cyber security purposes in the event a user uses the website maliciously. | 2 Years | First Party |
vehicleId | Required / Essential | Is used by the AJAX used vehicles listing to hold the last clicked vehicle, so that it can be scrolled to once the user revisits the listing | Session | First Party |
vehicleIndex | Required / Essential | Works with vehicleQuery cookie to store the vehicle index of the vehicle in relation to the previous/next vehicle | Session | First Party |
vehicleQuery | Required / Essential | Previous and next vehicle buttons - run search and go to vehicle details - buttons that allow you to go to previous and next within search results | Session | First Party |
wasCtwPopupSeen | Required / Essential | To determine if the cookie banner has been engaged with and consent obtained | 6 months | First Party |
wbClosed_* | Required / Essential | Determines if Welcome Back module has been closed | Session | First Party |
XSRF-TOKEN | Required / Essential | Security cookie to prevent Cross site Forgery | Session | First Party |
layout | Functional / Personalisation | Used for storing information about vehicle listing view: list or boxes | Session | First Party |
dynamo-seo | Analytics | Used for storing information that user came from SEO site, e.g. google (boolean) | Session | First Party |
errorUrl | Analytics | Used for tracking error page. If the page doesn’t exist or there is some error and the user is redirected to homepage the cookie is created and stores the URL where the error is. | Session | First Party |
topPosition | Required / Essential | Used in listing layout | Session | First Party |
vehicleMileage_* | Required / Essential | Used for counting fuel savings and valuation | Session | First Party |
vehicleRegistrationNumber_* | Required / Essential | Used for counting fuel savings and valuation | Session | First Party |
_csrf | Required / Essential | Security token to prevent Cross-site Request Forgery | Session | First Party |
Cookie Name | Recommended Categorisation | Description | Duration | 1st/3rd Party |
auth-token | Required / Essential | Required by ecommerce module for session security | Session | First Party |
currentTransaction | Required / Essential | A session storage variable that allows us to scope our API requests in a browser tab (so you can have two different concurrent transactions in different tabs). Functionally, we use this variable when the user logs in to allow us to transition an anonymous transaction onto a users account. | Session | First Party |
ovs_criteria_* | Functional / Personalistion | Stores the budget search parameters so that they can be re-used when a user comes back and performs another search. | Session | First Party |
ovs-entry-point | Required / Essential | Stores the entry page from the website into the ecommerce journey in the event of a network failure | Session | First Party |
ovs-previous-step | Required / Essential | Stores the website previous page OR ecommerce previous step in the event of network failure | Session | First Party |
gf-auth0-access-token | Required / Essential | Used to get user detail from auth0 and to generate an Auth token. This is set in session storage. | Session | First Party |
gf-auth0-id-token | Required / Essential | Used to generate an Auth token. This is set in session storage. | Session | First Party |
gf-jwt-token | Required / Essential | The internal auth token. This is stored in local storage so the user does not have to log in / get auth status from Auth0 on each page load which improves performance of the site. | Persistant | First Party |
touchPayment | Required / Essential | Required by the Online Payment technology | Session | First Party |
gf-session-id | Required / Essential | Local storage item which stores session ID | Persistant | First Party |
Cookie Name | Recommended Categorisation | Description | Duration | 1st/3rd Party |
__stripe_mid | Required / Essential | Set for fraud prevention purposes and helps Stripe access the risk associated with an attempted transaction. | 1 Year | First Party |
__stripe_sid | Required / Essential | Set for fraud prevention purposes and helps Stripe access the risk associated with an attempted transaction. | 30 Minutes | First Party |
Cookie name | Recommended Categorisation | Description | Duration | 1st/3rd Party |
@@auth0spajs@@* | Required / Essential | Auth0 Universal login cookies used to cache access token and ID token in local storage | Persistant | First Party |
_com.auth0.auth* | Required / Essential | Stores a random value that is appended to the authorisation URL string to ensure that the value matches the user session. | 1 Minute | First Party |
auth0.ssodata | Required / Essential | Allows user to re-authenticate using last used log in credentials | 24 Hours | First Party |
co%2Fverifier%2F* | Required / Essential | Used for cross origin authentication | 15 Minutes | First Party |
_co%2Fverifier%2F* | Required / Essential | Used for cross origin authentication | 15 Minutes | First Party |
auth0 | Required / Essential | Handles user session | 1 Hour | First Party |
auth0.*.is.authenticated | Required / Essential | Used to determine if a request to Auth0 for silent authentication should take place | 24 Hours | First Party |
did | Required / Essential | Identifier for a device/user agent | Session | First Party |
Cookie Name | Recommended Categorisation | Description | Duration | 1st/3rd Party |
_sp_id.* | Analytics | It is used to persist information about a user's activity on the domain between sessions to provide Business Intelligence for the software provider. It contains the following information: - An ID for the user based on a hash of various browser attributes - How many times the user has visited the domain - The timestamp of the user's first visit - The timestamp of the current visit - The timestamp of the last visit - The ID of the current session | Persistent | First Party |
_sp_ses.* | Analytics | The purpose of this cookie is to differentiate between different visits to provide Business Intelligence for the website provider. | Persistent | First Party |
enquiriesSent_* | Analytics | Captures the type of enquiries sent in a session. No PII is collected, only the enquiry type | Session | First Party |
nd | Analytics | SnowPlow tracking - Events and Contexts | Session | First Party |
session_counter_* | Analytics | Determines if ReturningUsers context should be sent (ie. if counter > 1 then send ReturningUsers context) | Persistent | First Party |
session_was_counted_* | Analytics | Ensures current session is counted only once | Session | First Party |
snowplowOutQueue_ndanalytics_nd_post2 | Analytics | Snowplow Analytics Used to store a cache of unsent events. This is used to reduce the chance of events to be lost due to page navigation and events not being set to the collector before the navigation event occurs. Where GET requests are used, this key will end in _get rather than _post2. | Session | First Party |
snowplowOutQueue_ndanalytics_nd_post2.expires | Analytics | Snowplow Analytics Used to match the concept of cookie expiry within Local Storage. This ensures a consistent behaviour between cookie and local storage. Where GET requests are used, this key will end in _get rather than _post2. | Session | First Party |
sp_landing_page | Analytics | Stores the landing page URL | 1 day | First Party |
sp_referer | Analytics | Stores the host/referrer | Session | First Party |
sp_referer_category | Analytics | Stores the referer/channel category | Session | First Party |
sp_referrer_url | Analytics | Stores the referrer URL | Session | First Party |
Cookie Name | Recommended Categorisation | Description | Duration | 1st/3rd Party |
ndfe-payment-state | Required / Essential | Stores the status of an online payment incase the users refreshes their browser so they don’t get charged twice. This cookie is only applicable if using checkout.com payment gateway. | Session | First Party |
Cookie Name | Recommended Categorisation | Description | Duration | 1st/3rd Party |
__ggtrses | functional | Gubagoo - Stores data relating to chat feature. It uses a cookie to decide when to display the chat feature. | 24 hours | First Party |
__ggtruid | functional | Gubagoo - Stores data relating to chat feature. It uses a cookie to identify and differentiate between user sessions. | 2 years | First Party |
*:cache_expiry | functional | Gubagoo - to know when the items in LocalStorage should expire | Persistant | First Party |
gg_chat_popup_closed | functional | Gubagoo - to know that the chat popup has been closed | Persistant | First Party |
gg_chat_welcome_msg | functional | Gubagoo - to know if the welcome message has been displayed | Persistant | First Party |
gg_emulation_welcome_msg | functional | Gubagoo - Stores data relating to chat feature. Welcome message to be displayed when chat is opened | Persistant | First Party |
gg_firestamps | functional | Gubagoo - Stores data relating to engagement. Logs when a user engages with a portion of Gubagoo | Persistant | First Party |
gg_firestamps:cache_expiry | functional | Gubagoo - to know when the firestamp data should expire | 40 days | First Party |
gg_repeat | functional | Gubagoo - Stores data relating to chat feature. Determines if a chat element that was hidden should reshow | Persistant | First Party |
gg_repeat:cache_expiry | functional | Gubagoo - to know when the repeat data should expire | Persistant | First Party |
gg_tabs-opened | functional | Gubagoo - tracks the number of tabs Gubagoo is open on | Persistant | First Party |
gg_view-*_time | functional | Gubagoo - Stores data relating to chat feature. Records time when a view was generated | Persistant | First Party |
gg_*_1_ccpa_accept | functional | Gubagoo - Tracks whether or not a Cookie toolbar has been accepted. Moves the chat feature up or down if on the page. | Persistant | First Party |
prox_id | functional | Gubagoo - Responsible for determining chat socket to Glive / Chat Console | 24 hours | First Party |
*_cbo_in_transit_vins | functional | Gubagoo - Stores vehicle VINs that are in transit to dealership but still sold in VR | Persistant | First Party |
Cookie Name | Recommended Categorisation | Description | Duration | 1st/3rd Party |
osano_consentmanager | Required | Stores the user's current consent status. | 1 Year | First Party |
osano_consentmanager_expdate | Required | Stores the expiration of the user's captured consent | 1 Year | First Party |
osano_consentmanager_uuid | Required | Stores the user's unique consent identifier | 1 Year | First Party |
Cookie Name | Recommended Categorisation | Description | Duration | 1st/3rd Party |
criteo_write_test | Targeting | This is a Criteo cookie used to identify the visitor across visits and devices. This allows the website to present the visitor with relevant advertisement - The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers. | Session | Third Party |
cto_bundle | Targeting | Criteo cookies are used to display personalised advertising to you | 390 Days | Third Party |
cto_tld_test | Targeting | This is a Criteo cookie used to identify the visitor across visits and devices. This allows the website to present the visitor with relevant advertisement - The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers. | Session | Third Party |
uid | Targeting | Criteo - This cookie provides a uniquely assigned, machine-generated user ID and gathers data about activity on the website. | 390 Days | Third Party |
cto_optout | Targeting | Criteo cookies are used to display personalised advertising to you | 390 Days | Third Party |
cto_axid | Targeting | Criteo cookies are used to display personalised advertising to you | 390 Days | Third Party |
cto_lwid | Targeting | Criteo cookies are used to display personalised advertising to you | 390 Days | Third Party |
cto_idcpy | Targeting | Criteo cookies are used to display personalised advertising to you | 390 Days | Third Party |
cto_idfs | Targeting | Criteo cookies are used to display personalised advertising to you | 390 Days | Third Party |
cto_sid | Targeting | Criteo cookies are used to display personalised advertising to you | 390 Days | Third Party |
cto_clc | Targeting | Criteo cookies are used to display personalised advertising to you | 1 Day | Third Party |
criteo_cookie_perm | Targeting | Criteo cookies are used to display personalised advertising to you | 1 Year | Third Party |
cto_sid_ack | Targeting | Criteo cookies are used to display personalised advertising to you | 1 Year | Third Party |
cto_pxsig | Targeting | Criteo cookies are used to display personalised advertising to you | 1 Hour | Third Party |