Aesthetix CRM gives you the tools to add a cookie consent banner to your websites and landing pages, document the cookies your site uses, and keep your public web presence aligned with messaging-compliance standards. This guide explains the "why" behind each requirement and walks you through configuring the banner and supporting policies.
Informational only. This article describes what Aesthetix CRM's features do and how to use them. It is not legal advice and does not guarantee compliance with any specific law. For your med spa's specific obligations, consult your own compliance or legal advisor.
A cookie policy informs visitors about the types of cookies your website uses, why you use them, and how visitors can manage their preferences. Many privacy laws (such as GDPR and CCPA) expect websites that collect visitor data to disclose this clearly and, in regulated regions, to obtain consent before non-essential cookies are stored.
For a med spa, this matters on two fronts: your public website often collects patient and prospective-patient information, and transparent data practices help build trust with the people who book with you.
A clear cookie policy typically covers:
What are cookies?
Why do we use cookies?
How do we use cookies?
Do we serve targeted advertising?
How often will we update this cookie policy?
For each cookie you should describe its service, purpose, storage duration, and category (Essential, Functional, or Analytics).
The cookies below are set by Aesthetix CRM websites, landing pages, forms, and order pages. Listing the relevant ones in your cookie policy helps keep your disclosures accurate.
These cookies are required for landing pages and websites to work properly.
Key | Stored in |
|---|---|
msgsndr_id | Browser cookies |
_mp | Browser cookies |
tr | Browser cookies |
provider | Browser cookies |
hl_timer_arrival | Browser cookies |
user-email | Browser cookies |
user-billing-id | Browser cookies |
cookie-config | Browser cookies |
am_id | Browser cookies |
am_fingerprint | Browser cookies |
_ud | Local storage |
text-widget-input-values | Local storage |
wl | Local storage |
ln_url | Local storage |
text-widget-i18n-keys | Session storage |
orderResponse | Session storage |
contactResponse | Session storage |
redirect | Session storage |
These cookies use a variable suffix (such as a location, funnel, or session ID).
Key | Stored in |
|---|---|
hl_timer_ | Browser cookies |
mf | Browser cookies |
user_data_ | Browser cookies |
v3_first_session_event_ | Local storage / Browser cookies |
v2_contact_session_ | Local storage / Browser cookies |
v2_user_session_event_ | Local storage / Browser cookies |
v2_session_history_ | Local storage |
v2_history_ | Local storage |
pl | Local storage |
pl_v1 | Local storage |
pl_ecom | Local storage |
address | Local storage |
cart_details_ | Local storage |
couponSessionId_ | Session storage |
location_ | Local storage |
text-widget-prompt-dismissed | Local storage |
live-widget-message-data | Local storage |
Key | Cookie Type and Duration | Purpose | Stored in | Service | Category |
|---|---|---|---|---|---|
storeInfo | No expiry | Stores eCommerce store information like store and location IDs and path | Browser cookies | eCommerce Store | Essential |
token_ | No expiry | Stores the eCommerce login token | Browser cookies | eCommerce Store | Essential (Login Portal) |
pmt_ | No expiry | Stores payment provider information for a specific contact | Local storage | Order forms, product forms | Essential |
user_ | No expiry | Stores form submission data for the current session | Local storage | Calendars and Forms | Functional |
billingaddress | No expiry | Stores billing address for faster eCommerce checkouts | Local storage | Checkout page | Functional |
rc::f | — | Used by reCAPTCHA | Local storage | Order forms | Functional |
_grecaptcha | — | Used by reCAPTCHA for verification | Local storage | Order forms | Functional |
formData- | No expiry | Form submission data with product-related info | Session storage | Order forms | Essential |
submissionResponse- | No expiry | Stores form submission values | Session storage | Order forms | Essential |
rc::b | — | Used by reCAPTCHA | Session storage | Order forms | Functional |
Use these descriptions when documenting each cookie's service, purpose, and storage duration.
msgsndr_id — Service: Funnels. Purpose: identifies visitor contact information; facilitates contact-activity tracking. Persistent (expires after 365 days).
_mp — Service: Funnels. Purpose: stores marketplace information; tracks purchases, especially recurring payments. Persistent (365 days).
provider — Service: Funnels. Purpose: stores the latest payment method type; manages payment options during the session. Session.
hl_timer_arrival, hl_timer_element_id — Service: Funnels. Purpose: stores arrival time and timer elements for user actions. Session (expires in 1 day).
user-email, user-billing-id — Service: Funnels. Purpose: stores a unique identifier, logging emails, and billing information; facilitates user actions and form submissions. Persistent (365 days).
cookie-config — Service: Funnels. Purpose: stores the visitor's cookie consent so the site honors their permission before storing or accessing cookies. Persistent (expires after 6 months).
am_id — Service: Affiliate tracking. Purpose: stores a unique affiliate code for tracking traffic and sales. Persistent (duration varies).
am_fingerprint — Service: Affiliate tracking. Purpose: stores a unique identifier for a visit using an affiliate code; tracks clicks, leads, and sales. Persistent (duration varies).
_ud — Service: Forms / Surveys / Funnels / Calendar. Purpose: stores form/survey details and entered data (excluding credit card info); assists with submission tracking and retention. Persistent.
text-widget-input-values — Service: Chat Widget. Purpose: stores the last chat session's details so visitors don't have to re-enter name, email, etc. Persistent.
text-widget-i18n-keys — Service: Chat Widget. Purpose: internationalization (i18n translation). Session.
wl — Service: Calendar. Purpose: stores the white-label URL for redirects. Persistent.
ln_url — Service: Funnel. Purpose: stores the login URL used by the funnel. Persistent.
orderResponse — Service: Funnel. Purpose: stores the order form response so upsells and order confirmation work. Session.
contactResponse — Service: Funnel. Purpose: stores the contact response for order forms, upsells, and sticky contact. Session.
redirect — Service: eCommerce. Purpose: stores the post-purchase redirect URL. Session.
mf[location_id] — Service: Membership. Purpose: stores membership info once a membership is purchased from an order form; used for membership access. Persistent.
user_data_[calendar_id/location_id] — Service: Calendar. Purpose: stores calendar details and entered data (excluding credit card info); assists with submission tracking and retention. Persistent.
v3_first_session_event__[location_id] — Service: Attribution. Purpose: stores landing-session data (referrer, landing URL, and other parameters) to analyze the first user session. Session (expires after 30 minutes).
v2_contact_session__[location_id]__[session_id] — Service: Attribution. Purpose: stores a unique session ID to identify leads. Persistent (expires after 168 hours / 7 days).
v2_user_session_event_[location_id]__[session_id] — Service: Attribution. Purpose: stores a unique session ID for lead identification. Persistent (168 hours / 7 days).
v2_session_history__[location_id] — Service: Attribution. Purpose: keeps a log of all session details for analytics and user-behavior tracking. Persistent (no expiry).
v2_history__[location_id] — Service: Attribution. Purpose: stores each page visit and time spent on pages to track the user journey. Persistent (no expiry).
pl[funnel_id] — Service: Funnel. Purpose: stores v2 order form product details for order confirmation. Persistent (no expiry).
pl_v1[funnel_id] — Service: Funnel. Purpose: stores v1 order form product details for order confirmation. Persistent (no expiry).
pl_ecom — Service: eCommerce. Purpose: stores product details for the order summary on the thank-you page. Persistent (no expiry).
address[funnel_id] — Service: Funnel / eCommerce. Purpose: stores the contact address shown on order form confirmation. Persistent (no expiry).
cart_details_[funnel_id] — Service: eCommerce. Purpose: persists cart details for the user session. Persistent (no expiry).
couponSessionId_[funnel_id/location_id] — Service: Funnel / eCommerce. Purpose: stores a coupon session for a user (applies to one-time products). Session.
location_ — Service: Funnels. Purpose: stores a unique identifier, logging emails, and billing information; facilitates user actions and form submissions. Persistent (365 days).
text-widget-prompt-dismissed — Service: Chat Widget. Purpose: stores the time a visitor last clicked the chat widget. Persistent (365 days).
live-widget-message-data — Service: Chat Widget. Purpose: stores the last input from the chat widget so the same values reappear next time. Persistent (365 days).
embedCode[surveyId] — Service: Forms. Purpose: maintains embed code configuration for user sessions. Persistent (no expiry).
survey_temp_slides_[surveyId] — Service: Surveys. Purpose: maintains survey slide configurations between sessions. Persistent (no expiry).
tr — Service: Funnel / Forms. Purpose: generates a tracking ID for transactions (order tracking). Persistent (365 days).
redirectUrlOnSuccess — Service: Funnel / Form / Calendar. Purpose: stores the order form success redirect URL for iDEAL, SEPA, and Bancontact providers. Session.
redirectUrlOnFailure — Service: Funnel / Forms. Purpose: stores the order form failure redirect URL for iDEAL, SEPA, and Bancontact providers. Session.
Before configuring anything, identify where your main website actually lives. This determines which banner you use.
Sites you build in Aesthetix CRM (Landing Page Builder / Websites). Aesthetix CRM's built-in Cookie Consent Banner applies only to pages you create in the Aesthetix CRM page builder — landing pages, funnels, and websites hosted in the platform. The instructions in the rest of this guide (enabling the banner, customizing it, managing the cookie list) apply to these in-platform sites.
Sites on WordPress, a custom build, or another platform. Most med spas run their primary website outside of Aesthetix CRM — commonly on WordPress, a custom-coded site, or another website builder. The Aesthetix CRM cookie banner does not control cookies on those sites. To display a consent banner and manage cookie preferences on a non-ACRM site, use a dedicated third-party cookie-consent management tool. Common examples include CookieYes, Cookiebot, Termly, and OneTrust (these are examples for illustration, not endorsements — evaluate and choose what fits your needs).
A third-party consent tool typically handles:
Consent capture — showing the banner and recording each visitor's choice.
Cookie categorization — scanning your site and sorting cookies into categories (Essential, Functional, Analytics, Advertising, etc.).
A preference center — letting visitors review and change which categories they allow.
These tools usually integrate by adding a small script (a snippet of code) to your site, often in the page header or via your site's tag manager. Follow the specific tool's setup instructions for your platform.
If your website is on WordPress, a custom build, or another platform, configure consent in your third-party tool — the in-platform steps below won't apply to that site. You can still use the cookie policy guidance, cookie reference tables in this article for any site.
The Cookie Consent Banner helps you manage visitor consent for cookies on your websites and landing pages. It lets visitors accept or decline cookies, supporting your efforts to comply with privacy regulations. The banner is configured in the page builder. For where to find it while editing a page, see the Landing Page Builder / Websites documentation.
Using this banner does not guarantee compliance with any specific law. You are responsible for ensuring your website's overall compliance with applicable laws.
Open your website or landing page in the page builder.
Go to the page where you want to enable the banner.
Click the Cookie Consent Banner Settings icon.
Toggle the switch to enable or disable the banner.
Accept Essential – Accepts only the cookies necessary for the website to function.
Accept All – Accepts all cookies, including tracking and analytics.
Reject – Accepts only essential cookies.
Cancel – Closes the popup and reopens the main banner.
Save Preferences – Saves the visitor's selected cookie settings.
Enable or disable the cookie list.
Choose the compliance type:
Ask to Opt-In – Displays "Accept Essential" and "Accept All" buttons.
Don't Ask – Shows only an "OK" button.
Add a message description and link to your privacy policy.
Customize the banner's appearance: colors, fonts, text size, and more.
Consent Expiration – Set the number of days before consent needs to be re-requested.
Choose different banner display styles to match your site layout and brand.
You can edit the text for all buttons in both the banner and the preferences popup to match your brand and localization needs.
Editable banner buttons: Accept All, Accept Essential, Customize, OK
Editable popup buttons: Reject, Save Preferences, Cancel
Important: Once you customize these labels, automatic translations (i18n) are disabled. You must manually add translations for all supported languages to ensure a consistent multilingual experience.
You can control where the cookie banner appears based on the visitor's location:
Worldwide – Display the banner to all visitors.
EU & UK – Display only to visitors in the European Union and the United Kingdom.
Select Countries – Manually choose specific countries where the banner should appear.
This helps minimize unnecessary prompts for visitors outside regulated areas, improving the experience while supporting your compliance efforts.
The Cookie List lets visitors enable or disable different types of cookies. When activated, visitors can select which cookies they want to allow.
Essential – Required for website functionality (always enabled).
Functional – Supports features like social sharing and feedback collection.
Analytics – Tracks visitor behavior (e.g., page views, bounce rates).
Performance – Helps optimize site speed and user experience.
Advertising – Used for targeted ads and marketing.
Uncategorized – Any cookies not assigned to the above categories.
For each cookie, specify:
Cookie Key – Name of the cookie (supports regex patterns to match multiple cookies).
Duration – How long the cookie lasts (e.g., 1 day, 30 days, 1 year).
Domain – The domain setting the cookie.
Description – Purpose of the cookie.
You can use regex patterns to match multiple cookies, such as:
ga-* – Matches all cookies starting with "ga-" (e.g., ga-1234, ga-3241).
_fbp – Matches Meta Pixel cookies.
_ga.* – Matches all Google Analytics cookies.
Temporarily disable the Cookie Consent Banner.
Use a free tool like CookieServe to scan your website.
Review the detected cookies and assign them to the correct categories.
Important: Disable the banner before scanning. While enabled, it blocks non-essential cookies, which prevents a complete scan.
To ensure tracking works correctly with consent, categorize your marketing cookies properly:
Advertising – Meta Pixel (_fbp, _fbc) and other ad platform cookies.
Analytics – Google Analytics (_ga, _gid), Google Tag Manager, and other tracking tools.
When integrating these tools, you can check which cookie categories a visitor has consented to and load tools accordingly.
Implementation notes:
Insert the consent-aware tracking code in the page header code (head tracking code) for websites, landing pages, or webinars. It should replace your existing Meta Pixel, Google Tag Manager, or Google Analytics tracking code so the tools respect consent.
Remove any <noscript> tags from your tracking snippets. The cookie banner is a JavaScript-based solution, and <noscript> content can set cookies without consent.
Consent categories are stored in a cookie-categories cookie as a comma-separated list (e.g., "essential,advertising,analytics").
Check consent when loading your marketing tools, and listen for consent-change events to update tool settings.
Regularly scan your website for new cookies.
Provide clear, simple descriptions for each cookie.
Use regex patterns to organize similar cookies.
Ensure marketing tool cookies are correctly categorized.
Keep cookie expiration settings accurate and up to date.
Make compliance links (privacy policy, terms of service) clearly visible and easy to navigate to.
Keep all compliance-related information current and publicly accessible.
If you need to test third-party cookie behavior, some browsers block cross-site tracking by default. To enable it in Safari on macOS:
Launch Safari from the dock or via Spotlight (Cmd + Space).
Open Safari settings — click "Safari" in the top menu, then "Settings" (or "Preferences"), or press Cmd + comma.
Open the Privacy tab at the top of the settings window.
Uncheck "Prevent cross-site tracking" to allow it.
Close the settings window to save your changes.
Why do I need a cookie consent banner?
The banner is designed to help you address compliance with privacy laws like GDPR and CCPA for websites that collect user data.
Can visitors change their cookie preferences later?
No. Once a visitor sets their preferences, they cannot update them later.
What happens if a visitor rejects all cookies?
Only essential cookies are stored. All tracking and analytics cookies are disabled.
Can I customize the appearance of the banner?
Yes. You can adjust colors, fonts, button styles, and text descriptions in the settings.
Does cookie consent apply to all pages on a site?
Yes. Once enabled, the banner applies to all pages in the website or landing page, since cookies are managed at the domain level.
