Cookie Management
Dynamic Yield stores personal information in cookies and local storage to create targeted experiences on the web. Listed cookies and local storage entries are divided into logical groups.
Most cookies are used by Dynamic Yield JavaScript sources, which are implemented on your site. These are stored on your second-level domain (SLD). Cookies representing personal identifiers are also stored on the dynamicyield.com domain.
When working with the Experience OS display ad feature without setting up a custom domain, the content is served by a Dynamic Yield domain (adserve.io). This domain then also hosts cookies designated to your SLD.
Cookie time to live:
In accordance with EU privacy guidelines, we limit storage of all cookies to a maximum of 365 days.
Personal identifiers
Personal identifiers used for tracking:
| Name | Description | Cookie / TTL | Local Storage | Cookie Domain |
|---|---|---|---|---|
| DYID |
Dynamic Yield unique anonymous identifier. This is a secure cookie. |
✔ / 1 year | dynamicyield.com | |
| _dyid | Dynamic Yield unique anonymous identifier. | ✔ / 30 days | ✔ | Customer's SLD |
| _dyid_server |
Dynamic Yield unique anonymous identifier. For more information, see Safari Intelligent Tracking Prevention Policy and DYID Retention |
✔ / 1 year | Customer's SLD | |
| _cfduid | Used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. | ✔ / 1 year | dynamicyield.com | |
| DYSES |
Dynamic Yield session identifier. This is a secure cookie. |
✔ / browser session | dynamicyield.com | |
| _dy_lu_ses | Session identifier for landing URL condition targeting. | ✔ / browser session | ✔ | Customer's SLD |
Experimentation
A group of values used for experimentation in various Dynamic Yield objects.
Values are not personally identifying:
| Name | Description | Cookie / TTL | Local Storage | Cookie Domain |
|---|---|---|---|---|
| _dy_ses_load_seq | Internal state in experimentation to detect browser sessions. | ✔ / 30 days | ✔ | Customer's SLD |
| _dy_soct | Indicates the last time an action occurred, used for frequency settings (once per day, for example). | ✔ / 1 year | ✔ | Customer's SLD |
| _dy_csc | Keeps track of events for the “Elapsed time” condition. | 30 days | ✔ | |
| _dyexps, _dy_att_exps | Keeps state of experiment selections and attribution. | 30 days | ✔ | |
| _dy_c_exps, _dy_c_att_exps | Keeps state of persistent experiment selections (legacy, empty entry for most customers). | ✔ / 30 days | ✔ | Customer's SLD |
Mechanics
A group of values tracking specific browser behavior (clock drift, browser
closure, interrupted calls to the server, and so on). Values are not personally identifying:
| Name | Description | Cookie / TTL | Local Storage | Cookie Domain |
|---|---|---|---|---|
| _dy_csc_ses | Empty session cookie to notice close of browser. | ✔ / browser session | Customer's SLD | |
| _dy_toffset | Validation for client’s clock drift (for computers that don’t sync their clock with the Internet – as was observed in Eastern Europe). | ✔ / 30 days | ✔ | Customer's SLD |
| _dyrc | User engagement actions that are yet to be verified to be sent successfully to server from previous pageview. Should indicate whether another attempt to send should be done. Cleaned up on the next pageview. | 30 days | ✔ | Customer's SLD |
| _dyfs | Indicates the first session. | ✔ / browser session | Customer's SLD | |
| dy_fs_page | Indicates the URL of the first page in the session | ✔ / browser session | ||
| _dybatch | User engagement actions that are yet to be verified to be sent successfully to the server from the previous pageview. Should indicate whether another attempt to send should be done. Cleaned up on the next pageview. | 30 days | ✔ | |
| _dycmc | Assists in markup of cookie-deleter users. | ✔ / 30 days | ✔ | Customer's SLD |
| _dyjsession | The session ID | ✔ / browser session | ✔ | Customer's SLD |
| _dy_cs_storage_items | Management of custom cookies created by customer or Customer Success team. | ✔ / 1 year | Customer's SLD |
Segmentation
A group of values assisting in user segmentation (geography, device type, site variables
and so on). These are used for caching segmentation values for performance enhancement
and optimization. Values are not personally identifying:
| Name | Description | Cookie / TTL | Local Storage | Domain |
|---|---|---|---|---|
| _dy_df_geo | Human-friendly country, state, city. | ✔ / 30 days | ✔ | Customer's SLD |
| _dy_geo | Machine-friendly country, continent, area, city. | ✔ / 30 days | 30 | Customer's SLD |
| _dyaud_sess | User state of the real-time audience segmentation system (session-oriented). | ✔ / 30 days | Customer's SLD | |
| _dyuss_<section_id> | Superficial usage data (session-oriented). | ✔ / browser session | ✔ | Customer's SLD |
| _dy_weather_<section_id> | Cached weather forecast data (if applicable). | 30 days | ✔ | |
| _dy_tsrc | Cached “traffic source”. | 30 days | ✔ | |
| _dyaud_nchc | User state of the real-time audience segmentation system. | 30 days | ✔ | |
| _dyaud_page | Non-user state of the real-time audience segmentation system. | 30 days | ✔ | |
| _dycnst | GDPR consent user status | 30 days | ✔ | Customer's SLD |
| _dy_device | Caches coarse device data (brand, and Tablet vs Smartphone). | 30 days | ✔ | |
| _dycst | Collects data about the user agent and window size. | ✔ / 30 days | ✔ |
Google Chrome 80 update (SameSite cookie)
Google Chrome 80 (February 4, 2020) introduced a new default cookie attribute setting and new requirements. To comply with their requirements, Dynamic Yield now marks all cross-origin cookies with the SameSite attribute value of none and marks them as Secure. This enables Dynamic Yield to function with no changes in behavior, and does not require any action on your part.
However, if Chrome does flag any cookies, they might be cookies that were created before this change was implemented. If you encounter any issues, check Dynamic Yield in incognito mode.
Updated about 1 month ago