_xsd Cookie recognized by Cookiebot on Server Container Url

Hello everyone,

I have configured and successfully used the sGTM with Stape for some time. To comply with the GDPR requirements, I am using Cookiebot. Cookiebot scans my website monthly and detects any new cookies.

Since the last scan, a new cookie “_xsd” has been detected. This cookie seems to be set via the server-side subdomain. Therefore, my assumption is that it originates from the sGTM container. The listed country is “FR”, meaning France. Server-side, I am only using GA4 and the Facebook API. The other GA4 cookies are also detected with the country of origin “FR”. So, I assume it has something to do with Google and the server-side implementation. The Cookiebot and Stape support teams cannot identify this cookie. It is also not set when manually accessing my page.

During my research, I used Google Search.

Under the term:

Cookiebot “_xsd”

I find numerous websites that also use Cookiebot and server-side tracking. In these cases, the _xsd cookie is also detected and listed as “unclassified” without any further description. I am at a loss.

Can anyone help me with this?
Thank you very much and best regards,

Hi Sebastian,

This is not a cookie; it is service information stored in sessionStorage to ensure the correct operation of the custom loader and protect against blockers.


Hi Dmytro,

thank you for your reply. Just for my understanding: Where does the whole thing come from? Is this from Google or from Stape?
I’m really happy that someone was finally able to explain it to me.
Many many thanks!

Best regards,

This sessionStorage comes from Stape.