Below is a list of Cookies Squarespace uses (check here often for the most updated version of this list):
Functional and Required Cookies
Name Purpose, type, and duration
_acloggedin · Supports login by Scheduling client if the
client has an account.
· Cookie
· January 1, 2025
_client_acloggedin · Supports login by Scheduling client if the
client has an account.
· Cookie
· January 1, 2025
algoliasearch-client-js · Adds auto-populated suggestions to
address fields in Scheduling to help
clients complete forms faster.
· localstorage
· Persistent
CART · Shows when a visitor adds a product to
their cart
· Cookie
· 2 weeks
CHECKOUT_WEBSITE · Identifies the correct site for checkout
when Checkout on Your Domain is
disabled.
· Cookie
· Session
client_username · Remembers a logged in Scheduling
client's username between visits
· Cookie
· 1 year
Commerce-checkout-state · Stores state of checkout while the visitor
is completing their order in PayPal
· sessionstorage
· Session
Crumb · Prevents cross-site request forgery (CSRF).
· Cookie
· Session
hasCart · Tells Squarespace that the visitor has a
cart
· Cookie
· 2 weeks
Locked · Prevents the password-protected screen
from displaying if a visitor enters the
correct site-wide password.
· Cookie
· Session
PHPSESSID · Securely authenticates a visitor during
their checkout in Scheduling.
· Cookie
· 1 month
RecentRedirect · Prevents redirect loops if a site
has custom URL redirects. Redirect loops
are bad for SEO.
· Cookie
· 30 minutes
remember_client · Remembers Scheduling client’s login
details if they have an account.
· Cookie
· 365 days
siteUserCrumb · Prevents cross-site request forgery
(CSRF) for logged in site users.
· Cookie
· 3 years
SiteUserInfo · Identifies a visitor who logs into
a customer account
· Cookie
· 3 years
SiteUserSecureAuthToken · Authenticates a visitor who logs into a
customer account
· Cookie
· 3 years
squarespace-announcement-bar · Prevents the announcement bar from
displaying if a visitor dismisses it
· localstorage
· Persistent
squarespace-likes · Shows when you've already "liked" a
blog post.
· localstorage
· Persistent
squarespace-popup-overlay · Prevents the promotional pop-up from
displaying if a visitor dismisses it
· localstorage
· Persistent
ss_cookieAllowed · Remembers if a visitor agreed to placing
Analytics cookies on their browser if a
site is restricting the placement of
cookies
· Cookie
· 30 days
ss_sd · Ensures that visitors on the Squarespace
5 platform remain authenticated during
their sessions.
· Cookie
· Session
Test · Investigates if the browser supports
cookies and prevents errors.
· Cookie
· Session
TZ · Allows a Scheduling client’s
appointments to display correctly based
on their time zone preferences.
· localstorage
· Persistent
Cross-site request forgery (CSRF)
CSRF is an attack vector that tricks a browser into taking unwanted action in an application when someone’s logged in.
Analytics and Performance Cookies
Cookie Name Duration Purpose
ss_cid 2 years Identifies unique visitors and tracks a
visitor’s sessions on a site
ss_cpvisit 2 years Identifies unique visitors and tracks a
visitor’s sessions on a site
ss_cvisit 30 minutes Identifies unique visitors and tracks a
visitor’s sessions on a site
ss_cvr 2 years Identifies unique visitors and tracks a
visitor’s sessions on a site
ss_cvt 30 minutes Identifies unique visitors and tracks a
visitor’s sessions on a site