Cookie Policy
Last updated: 4 March 2026
Cookies on sourcetag.io
Our website and application use the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Keeps you logged in to the SourceTag dashboard | Session / 30 days |
_ga, _ga_* | Google Analytics. Anonymous usage statistics to help us improve the site | Up to 2 years |
_sourcetag | Our own SourceTag attribution tracking. We use our own product to understand where our visitors come from | 400 days |
crisp-client/* | Crisp live chat. Stores session and conversation state so you can continue a chat across pages | Up to 6 months |
cc_cookie | Stores your cookie consent preferences | 182 days |
We do not use advertising or retargeting cookies on our own site. Google Analytics and SourceTag cookies are only set after you give consent.
You can change your cookie preferences at any time using the option in the footer.
Cookies set by the SourceTag tracking script
When you install SourceTag on your website, our script sets the following first-party cookies on your visitors' devices:
| Cookie name | Purpose | Duration | Type |
|---|---|---|---|
_sourcetag | Stores attribution data: UTM parameters, channel, referrer, landing page, visit count, first click and last click data | 400 days | First-party, functional |
_sourcetag_r | Refresh marker used by the WordPress plugin and Cloudflare Worker to avoid re-setting the cookie on every page load | 24 hours | First-party, functional, HttpOnly |
The cookie is named _sourcetag with a duration of 400 days.
What data is stored in the cookie
The cookie contains a JSON object with:
- First-touch attribution data (channel, UTMs, click IDs, referrer, landing page)
- Last-touch attribution data (same fields, updated on each new visit)
- Visit count
- First visit timestamp
- Last seen timestamp
The cookie does not contain the visitor's name, email, IP address, or any other personally identifying information unless UTM parameters happen to contain such data (which would be unusual).
Cookie consent
If your website serves visitors in the EU or UK, you are required to obtain cookie consent before the SourceTag cookie is set. This is your responsibility as the website operator (data controller). We recommend using a cookie consent management platform such as CookieYes, Iubenda, or Cookiebot.
How to block the cookie
Visitors can block the cookie by:
- Declining cookie consent (if you implement a consent banner)
- Disabling cookies in their browser settings
- Using a browser extension that blocks first-party cookies
Server-side cookies
If you enable server-side cookies via the SourceTag WordPress plugin or the Cloudflare Worker, the same cookie data is set via an HTTP Set-Cookie header instead of JavaScript. This extends the cookie duration to 400 days in Safari, Brave, and other privacy-focused browsers. The cookie data and purpose are identical. The _sourcetag_r refresh marker cookie is also set to control how often the main cookie is refreshed.