Question about _ga cookie

Hi,

we have a legal site with clients that are sensitive towards third party cookies and collecting/tracking user data.

There is one cookie coming from you that I don’t understand what is doing here and what is used for.

It’s the _ga cookie coming from prismic.io

This is google analytics cookie. We currently don’t use google analytics nor we are covering google analytics in privacy/cookie policy.

So you can understand that this is potentially troublesome.

Please explain why you are sending _ga cookie and what you are doing with google analytics on the sites that are using Prismic.

Thanks

Hi,

I’m not 100% sure why we are using GA in this case. I’m going to discuss this with the product team to see what this is for.

Thanks.
@team-tech-support

now when I look at it more closely _ga is not the only cookie that needs explanation

there are also:
intercom-session-xxx
intercom-id-xxx

those are cookies from your support chat system - https://www.intercom.com

__stripe_mid - from Stripe?

_hjid - Hotjar cookie???

Why are you passing this to our sites? This looks shady guys.

X_XSRF - this is Cross-Site Request Forgery - that’s ok
mp_ - what is this for?

I would appreciate you explanations

Another thing, Safari has new policy of blocking those kind of third party cookies, all Prismic cookies are blocked and non existent in Safari and sites with Prismic are working normally.
This confirms that they are totally unnecessary

I also checked if this is maybe only on our sites. It’s not, you are placing those cookies on all other sites that are using Prismic. I’m member of your slack channel so I checked “share” section where people are posting sites they made with Prismic, and indeed cookies are there as well.

So all the cookies that you are seeing are related to your Prismic domain, that is the Dashboard. These cookies are only in the browser of logged in Prismic users, so it doesn’t effect your end users or performance and are not on your website itself. You can test this by visiting your website in incognito mode you will see that they aren’t there.

The reason they appear in the browser of logged in Prismic users is because we use cookies coming from Prismic to build Previews of you draft documents on top of the browser, this method allows you to preview your content with out any unnecessary build costs on your server.

We do this through the Prismic toolbar, which requests any cookies coming from YOUR Prismic domain (i.e. https://your-repo-name.prismic.io/documents/). This is why some of those other cookies, GA, Hotjar etc. appear also, even though they are only relevant to your Prismic domain.

So rest assured we are not doing analytics on sites that use Prismic or using Hotjar or any of the others. You can see a full list of what these cookies are used for in your Prismic domain in our Cookie Policy.

As for Safari, that is correct it blocks third party cookies and is something that we discuss in our Preview Troubleshooting document as this causes Previews to break in Safari.

Hopefully this answers your questions. If you have any further questions just let me know.

Ok, I understand what you are saying. It’s not as bad as it looks at first glance, but it’s still a bad practice in my opinion.

When you log in there are 12 prismic cookies placed on site, when you log out there are still 8 persistent cookies left. So those cookies are there all the time (even when you are not using Prismic.)

To make things worse, you need only one log in to Prismic to have those cookies on every other site ever made with Prismic. Test it out you will see.

I’m not saying that you are doing anything bad with this, but it’s totally unnecessary, confusing and in my opinion a bad practice.

Thanks