Agent cookies and local storage

Last updated:

As standard, Pendo preferentially uses local storage over cookies. For more information, see What Pendo uses in this article. This article summarizes the agent cookies that we use for Pendo and what the Pendo agent uses these cookies for. This is relevant:

  • For any customers using a Pendo agent version before 2.28.0.
  • In fallback scenarios with a Pendo agent version 2.28.0 and later.

The subscription key in any cookies listed in this article must match the API key listed in your install settings. You can find your install settings in Pendo by navigating to Settings > Subscription Settings, selecting your application, and then opening the Install Settings tab.

Cookies and local storage

There are two ways to store data on the client side in HTML: cookies and local storage. This data is typically information like user preferences and authentication tokens.

Cookies

Cookies are small pieces of data that are sent from the server to the browser and stored in a text file. Cookies can expire or be deleted by the user or the browser.

Cookies can be first-party or third-party. First-party cookies are set by the website that the user is currently visiting. They're primarily used to enhance user experience by remembering things like user preferences and login information. If not using local storage, Pendo relies on first-party cookies, which are considered less invasive and less vulnerable to cross-site scripting attacks than third-party cookies. They are also compliant with GDPR, more adaptable to browser changes, and typically result in faster load times relative to third-party cookies.

Third-party cookies are set by domains other than the website that the user is currently visiting. Typically, these are services embedded into the website that the user is visiting and are commonly used for tracking behavior across websites, creating user profiles, and delivering targeted advertising. Third-party cookies can be blocked or restricted by the user's privacy settings or browser extensions.

Local storage

Local storage is a feature of the HTML5 specification that, unlike cookies, doesn't send data to the server with every request and can persist across sessions and browser tabs. Local storage can store more data per domain than cookies without negatively affecting network performance or bandwidth usage. Local storage can also store complex data types, such as objects or arrays.

What Pendo uses

We use agent cookies for any Pendo agent version before 2.28.0. For Pendo agent versions 2.28.0 and later, we use local storage as standard and use first-party cookies as a fallback when:

  • Your browser doesn’t support local storage.
  • Your browser's local storage is over quota.
  • The agent is configured to use domain cookies, meaning that the values are intended to be used across different domains.

When local storage is unavailable, Pendo falls back on first-party cookies, which are tied to the Pendo website for site-specific purposes. This means that Pendo usage isn't affected by restrictions on third-party cookies, such as those imposed by some regulations (including the GDPR in Europe) and some web browsers that have introduced features or settings to block or limit third-party cookies by default. This includes Google Chrome.

Google's third-party cookie restrictions

As of January 4, 2024, Google Chrome started restricting third-party cookies.

Pendo uses local storage in preference to cookies, and Pendo falls back onto first-party cookies rather than third-party cookies when not using local storage. This means that, whether Pendo uses local storage or first-party cookies, your visitors are unaffected by Google's third-party cookie restrictions. Your visitors still receive guides and your analytics are unaffected. 

However, you can't use the Visual Design Studio or Adopt Studio for tagging or guide creation unless you enable third-party cookies or use a different browser. This is because Google Chrome also blocks access to local storage, which our designers rely on. This is a side effect of Google's third-party cookie restrictions.

To override Google Chrome's third-party cookie restrictions:

  1. Copy and paste the following into your Chrome browser: chrome://settings/cookies.
  2. Select either Allow third-party cookies or Block third-party cookies in Incognito Mode.

Pendo core (Analytics and Guides) customers

This section lists the cookies used for Pendo core customers and what the agent uses these cookies for. Pendo core customers are customers that use Pendo Analytics and Guides. 

Cookie Details If turned off
debug-enabled

Written and read when the following function is triggered: pendo.isDebuggingEnabled(). This gets and uses information from the cookie in several places, such as log.js, guides.js, and exports.js.

Expiration: Session

_pendo_meta.SUB_KEY_VALUE

Written and read to store a hash of the current metadata so that Pendo can see when it's changed and update it.

Expiration: 100 days

_pendo_lastStepAdvanced. SUB_KEY_VALUE,

_pendo_latestDismissedAutoAt. SUB_KEY_VALUE,

and

_pendo_finalDismissedAutoAt. SUB_KEY_VALUE

 

Written and read in the agent to keep guides from showing again after they've been dismissed.

Expiration: 10 seconds

Guides might show more than once.
active-contexts

Written and read in the agent based on what is and isn't logged in the console.

Expiration: 100 days

Pendo might have less control over what's logged in the console.
_pendo_guides_blocked. SUB_KEY_VALUE

Avoid guide errors when we detect the visitor has an ad blocker.

Expiration: 30 minutes; increases to 4 hours if we don't detect an ad blocker.

We send a request to check whether the visitor is running an ad-blocker more frequently. This can impact how long it takes to show a guide.
_pendo_accountId. SUB_KEY_VALUE

Identify and record the visitor's Account ID in Pendo.

Expiration: 100 days

The Account ID isn't recorded with events or xhr events until the visitor is identified again. This can cause issues with analytics and guide delivery.
_pendo_visitorId. SUB_KEY_VALUE

Identify and record the visitor information for use in analytics and guide delivery.

Expiration: 100 days

The Visitor ID isn't recorded on usage data or guide events until the visitor is identified again.
_pendo_launcher-closed.SUB_KEY_VALUE

Identify and record the visitor information for use in analytics and guide delivery.

Expiration: 10 days

In onboarding mode, the Pendo Launcher list doesn't auto-show.
log-enabled

Record additional details for troubleshooting purposes.

Expiration: Session

Pendo Feedback customers

This section lists the additional cookies used for Pendo Feedback customers and what the agent uses these cookies for.

Cookie Purpose If turned off
_pendo_feedback_ping_sent. SUB_KEY_VALUE

When a ping is successful, the agent writes information about the visitor, such as name and value. There is a 5 minute timer that checks whether the cookie is expired. If it is, we send another ping.

Expiration: 60 minutes

Pendo sends a ping every 5 minutes and with every page load.
_pendo_feedback_ping_sent. SUB_KEY_VALUE

The response of the ping includes a notification count. Pendo writes this to a cookie so that it persists across refreshes. It's deletcted when the user opens Feedback.

Expiration: None

If the visitor refreshes the notification icon on the widget tab, it disappears until the next ping.
_pendo_receptive_ping_sent. SUB_KEY_VALUE

Same as above. Renamed to match the Pendo naming when Feedback, formerly known as Receptive, was acquired by Pendo.

Expiration: None

If the visitor refreshes the notification icon on the widget tab, it disappears until the next ping.

 

Was this article helpful?
9 out of 9 found this helpful