This document serves as a central repository for identifying and classifying cookies encountered across publisher sites. The goal is to build a reusable asset to streamline responses to compliance audits and reduce redundant research.
Instructions & Disclaimer
- Search First: When a new cookie is identified, please search this knowledge base first.
- Contribute: If the cookie is not found, research it and add a new row to the "Actively Identified & Classified Cookies" list with your findings.
- Be Consistent: Use the Standard Classification categories defined at the end of this document.
Important: The information for non-Freestar domains represents our best estimation based on public and industry knowledge. It is not definitive legal or compliance advice. Publishers are ultimately responsible for their own cookie compliance and may need to conduct their own independent investigations.
Freestar Official Cookie & Storage Library (Verified)
This section contains information directly from Freestar's official documentation and engineering feedback.
Freestar Initiated Cookies & Storage
| Name | Type | Purpose | TTL (Time to Live) | Notes |
| usprivacy | Cookie | Stores U.S. consent information (via Quantcast). | 390 days | |
| fs.identifier.hash | Cookie | User identifier hash. | 5 years | |
| fs.session.servertoserver | Cookie | 30 minutes | ||
| fs.direct.traffic | Cookie | Session Length | ||
| fs.pushdown.optout | Cookie | Indicates if user opted out of pushdown. | Session Length | |
| fs.bot.found | Cookie | Indicates if the user is a known bot. | Session Length | Introduced in 5.5.0 |
| _fsuid | Cookie | Performance per-user value. | 72 hours | |
| fs.bot.check | Cookie | Indicates if the user is a known bot. | Session Length | Deprecated in 5.5.0 |
| fs.session | Session Storage | Performance per-session value. | Closes with tab | |
| fs.analytics | Session Storage | Contains analytic-specific details. | Closes with tab | |
| fs.idealadstack.config | Session Storage | Freestar wrapper configuration. | Closes with tab | |
| fs.itf.group | Session Storage | Assigned group for identity providers. | Closes with tab | |
| fs.itf.targeting | Session Storage | KVP targeting for identity providers (base64). | Closes with tab | |
| fs.ident | Session Storage | Email hashes for identity providers. | Closes with tab | |
| fs.iiq.ab.segment | Session Storage | A/B Framework segments. | Closes with tab | |
| pageviews | Session Storage | Stores the number of page views. | Closes with tab | Per ENG feedback. |
| fs.adb | Local Storage | Tracks adblocker status and prompt dismissal. | Persists | |
| fs.cfc | Local Storage | Tracks failed requests for Freestar Recovered config. | Persists | |
| fs.cdi | Local Storage | Tracks which config domain to request from. | Persists |
Partner Initiated Cookies (via Freestar)
| Partner | Cookie Name | TTL (Time to Live) |
| ATS (LiveRamp) | _lr_sampling_rate | 24 Hours |
| Criteo ID | cto_bidid | 82 Years |
| Criteo ID | cto_bundle | 82 Years / 13 Months |
| Criteo ID | cto_dna_bundle | 82 Years |
| Criteo | cto_optout | 5 Years |
| Identity Link (LiveRamp) | _lr_retry_request | 1 Hour |
| Identity Link (LiveRamp) | _lr_env_src_ats | 30 Days |
| SharedID (Prebid) | _pubcid | 1 Year |
| UID2 | __uid2_advertising_token | 24 Hours |
| IntentIQ | _iiq_fdata | 1 Year |
| UnifiedId (Prebid) | pbjs-unifiedid | 30 Days |
| Liveramp (ConnectId) | connectId | 30 Days |
| PanoramaId | panoramaId | 30 Days |
| Prebid Core | _pbjs_userid_consent_data | 30 Days |
Actively Identified & Classified Cookies (Working Audit List)
This table should be actively updated by the team.
| Cookie Name | Domain | Vendor/Entity | Standard Classification | Purpose/Description | Date Verified/Updated | Verified By |
| ljt_reader | .lijit.com | Sovrn | Targeting / Advertising | Identifies a user's browser for targeted advertising. | 2024-06-11 | C. Langford |
| MUID | .bing.com | Microsoft Bing | Targeting / Advertising | Used by Microsoft Bing as a unique user identifier. | 2025-06-11 | PSE Team |
| IDE | .doubleclick.net | Google Marketing | Targeting / Advertising | Used for ad frequency capping and reporting. | 2025-06-11 | PSE Team |
| ANON_ID | .adgrx.com | Samsung Ads | Targeting / Advertising | Used for user identification within the advertising ecosystem. | 2025-06-11 | PSE Team |
| uuid2 | .adnxs.com | Microsoft Monetize | Targeting / Advertising | Used for user syncing and ad delivery. | 2025-06-11 | PSE Team |
| TDID | .adroll.com | Adroll | Targeting / Advertising | Used for retargeting and ad delivery. | 2025-06-11 | PSE Team |
| tuuid | .bidtellect.com | Bidtellect | Targeting / Advertising | Used for native advertising and user identification. | 2025-06-11 | PSE Team |
| crto_id_storage | .criteo.com | Criteo | Targeting / Advertising | Used for retargeting and user identification. | 2025-06-11 | PSE Team |
| KRTBCOOKIE_194 | .pubmatic.com | Pubmatic | Targeting / Advertising | Used for user syncing and ad delivery. | 2025-06-11 | PSE Team |
| khaos | .rubiconproject.com | Magnite | Targeting / Advertising | Used for bidding and user identification. | 2025-06-11 | PSE Team |
| uid | .yieldmo.com | Yieldmo | Targeting / Advertising | Used for ad personalization and user identification. | 2025-06-11 | PSE Team |
Domain & Entity Mappings
| Domain | Vendor/Entity | Likely Purpose/Function | Verified By | Notes |
| .id5-sync.com | ID5 | Identity provider | C. Langford | Can be set as a 1st-party cookie. |
| .360yield.com | Improve Digital | SSP | C. Langford | |
| .3lift.com | Triplelift | SSP | C. Langford |
CMP Cookies
CMP local storage (web)
| Key | Name | Expiry | Data Collected | Purpose |
| _sp_non_keyed_local_state | [legislation]._sp_v1_p | Expiration is configurable by client, but no longer than 12 months | Represents end-user's partition number. A randomized number between 0-999 | The field is utilized by our messaging service to deliver "scenario" based messaging to different partition sets. |
| _sp_non_keyed_local_state | [legislation]._sp_v1_data | Expiration is configurable by client, but no longer than 12 months | Represents the campaign ID delivered to the end-user. | Used to compare against properties current campaign to determine if the property's active campaign is the same as what was previously set for the user. If a new campaign was started we will issue a new [legislation].mmsCookies._sp_v1_ss cookie. |
| _sp_local_state | [legislation].mmsCookies._sp_v1_ss | Expiration is configurable by client, but no longer than 12 months | Represents user's scenario state (leveraged by our messaging service) | Represents user's scenario state (leveraged by our messaging service) |
| _sp_local_state | [legislation].mmsCookies._sp_v1_freqcap | Expiration is configurable by client, but no longer than 12 months | How many times a message has been surfaced to a user | Capping the frequency of messaging to users |
| _sp_local_state | [legislation].propertyId | Expiration is configurable by client, but no longer than 12 months | Sourcepoint property ID | Technical |
| _sp_local_state | [legislation].messageId | Expiration is configurable by client, but no longer than 12 months | Sourcepoint message ID | Technical |
| _sp_user_consent_{propertyId} | gdpr | Expiration is configurable by client, but no longer than 12 months | End-user's consent choices for GDPR messaging campaign. | Store end-user consent record for GDPR messaging campaign |
| _sp_user_consent_{propertyId} | usnat | Expiration is configurable by client | End-user's consent choices for U.S. Multi-State Privacy message campaign. | Store end-user consent record for U.S. Multi-State Privacy message campaign |
| _sp_user_consent_{propertyId} | preferences | Does not expire | End-user's marketing preferences for a Preferences message campaign. | Store end-user marketing preferences for Preferences message campaign |
CMP cookies (web)
| Name | Expiry | Cookie Type | Cookie Host Domain | Data Collected | Purpose | Notes |
| consentUUID | Configurable by client, but no longer than 12 months | Browser | First Party Domain | Represents the users unique id for which a GDPR consent record is stored against | Represents the users unique id for which a GDPR consent record is stored against | Set when a user has made a consent choice or if they are included in the analytics sample. (GDPR) |
Standard Classification Definitions
- Strictly Necessary: Essential for the website to function. Cannot be disabled. (e.g., session management, security).
- Functional: Remembers user choices or enables core site functions that are not strictly essential but improve the user experience. (e.g., enabling ad serving, language preference).
- Performance / Analytics: Collects anonymous data on how visitors use the site. (e.g., Google Analytics, performance monitoring).
- Targeting / Advertising: Tracks browsing activity to deliver relevant ads. Almost always third-party cookies.