Utma, utmb, utmz cookies

From Helpful
Jump to navigation Jump to search


The cookies named __utma through __utmz are stored by websites that choose to use Google Analytics to see how people use their websites.


These cookies support the part of analytics that actually take some amount of remembering to figure out (the analytics also sends in some other things that can be figured out on the spot, such as screen resolution).


Some details:

  • __utmz records whether the visitor came from...
a search engine (and if so, the search keyword used),
a link, or
from no previous page - as is the case when you use a bookmark, or typed in a URL themselves
  • __utma stores
the amount of your visits
the time of the first visit, the previous visit, and the current visit


  • __utmb and __utmc are used to approximate how fast people leave, by recording when a visit starts, and approximately ends.
If you look at cookie state changes (e.g. using firecookie), you will see these change regularly and __utmc expire quickly.


Also:

  • __utmv is used for user-custom variables [1]



These cookie names seem to come from an earlier versions of google analytics called urchin.js, Urchin Tracking Module.

The names are still used by the newer ga.js.

It seems that similar lettering, without the utm, was used by analytics.js (Universal Analytics).


What about the analytics they are part of?

The mentioned cookies support things that rely on some sort of memory.

how you got there (search, link, or bookmark)
how often you visit
how long you stay


To get some idea of what else is sent in (mostly things that can be figured on the spot), you can e.g. use your browser's debug console to look at the request made.

For ga.js, the request to google (to __utm.gif) includes things like

utmcc - contains the __utma through __utmz cookies
utmht - timestamp
utmhn - hostname that you are visiting
utmp - path on site
utmdt - document title
utmul - user/browser(?) language, e.g. "en-us"
utmsr - screen resolution, e.g. "1920x1080"
utmsc - screen colors, e.g. "24-bit"
utmje - java enabled, either "0" or "1"?
utmfl - flash version, now often "-" as Flash has been retired
utmac - the analytics account this is reported to
utmwv - version (of tracking code)
utmn - random number (to avoid missed reports due to cached requests?(verify))

(these names happen to be named similarly, but are not cookies - they don't need to be)


Since this contains information about the visit, not so much and not about you, none of this seems particularly privacy-sensitive to reveal to the site owner, or to google.

Yet if you wish to block such reporting on principle, and get an active idea how common such invisible tracking is rather than just block them (ABP, Privacy Badger), look at things like Ghostery, which shows you the list of used trackers, and which one it's been configured to block.