To track visitors, Matomo (Piwik) by default uses 1st party cookies, set on the domain of your website. Cookies created by Matomo start with:
_pk_ses. When you use the Heatmap & Session Recording plugin, a cookie
_pk_hsr will be created.
When you exclude yourself from being tracked using the cookie method or using the iframe opt-out method, Matomo will create a cookie
piwik_ignore set on the domain of your Matomo server. When Matomo is setup on a different domain than the website being tracked, the cookie will a third party cookie. Please note that the
piwik_ignore cookie does not contain personal information or any ID and the cookie value is the same for all visitors.
When the opt-out feature is used, there is a cookie called
MATOMO_SESSID being created, this cookie is only temporary (it is called a nonce and helps prevent CSRF security issues).
When you’re asking for consent before tracking visitors, a cookie
mtm_consent will be created.
Matomo by default does not use third party cookies but you can enable a third party
_pk_uid cookie it if you wish.
Learn more about What data does Matomo track?.
Default expiration times
The cookies described above will eventually expire and be removed from your users’ browsers.
_pk_id– 13 months (used to store a few details about the user such as the unique visitor ID)
_pk_ref– 6 months (used to store the attribution information, the referrer initially used to visit the website)
_pk_hsr– 30 minutes (short lived cookies used to temporarily store data for the visit)
_pk_testcookieis created and should be then directly deleted (used to check whether the visitor’s browser supports cookies)
mtm_consentis created with an expiry date of 30 years to remember that consent was given by the user. It is possible to define a shorter expiry period for your user consent by calling: _paq.push([‘rememberConsentGiven’, optionallyExpireConsentInHours]). Learn more in the Asking for consent developer guide.
mtm_cookie_consentis created with an expiry date of 30 years to remember that consent for storing and using cookies was given by the user. It is possible to define a shorter expiry period for your user cookie consent by calling: _paq.push([‘rememberCookieConsentGiven’, optionallyExpireConsentInHours]). Learn more in the Asking for consent developer guide.