Understanding cookies in Klaviyo

Last updated at:

You will learn

Learn more about how Klaviyo uses cookies as a part of our web tracking to gather information and help improve conversion rates and email performance. This article explains the specific cookie we use and its purposes so that you understand how customers are tracked. This information helps you understand how Klaviyo gathers data, and how this may impact customer privacy and compliance laws.

In order to maintain GDPR compliance, you should display links to your Privacy Policy, Terms of Service, and cookie policy in all of your emails.

Klaviyo tracking cookies

When Klaviyo’s JavaScript is enabled, the __kla_id cookie can track and identify site visitors through an auto-generated ID. This cookie can temporarily hold personally identifiable information. Once a visitor is identified, the cookie can pass their data into Klaviyo. A visitor can be identified when they: 

  • Fill out a Klaviyo signup form 
  • Click a link from a Klaviyo email 

Once a user is identified, this web cookie will last for two years. 

> Due to a Safari update entitled ITP 2.1, cookies gathered while using the Safari web browser expire after seven days rather than lasting the full two years.

Disabling cookies

If the JavaScript option is off, customers will not be cookied, you will not have access to web tracking, and Klaviyo signup forms will not display on your site. The static-tracking.klaviyo.com domain is used to serve all Javascript related to tracking (e.g., analytics.js). If you wish to block all tracking, this domain can also be blocked using cookie consent management tools (e.g., OneTrust or other domain-level blocking tools).

If you want to maintain Klaviyo JavaScript but remove a cookie, there is one workaround. Toggle the Klaviyo tracking on and off by creating a new cookie, __kla_off, and running document.cookie = "__kla_off=true"

Using API to access cookies

Using API to access cookies is useful to check whether or not Klaviyo can identify a customer. You can do this by running JavaScript and typing in _learnq.isIdentified(). The response will then either be true or false.

Email to website tracking

When email to website tracking is enabled, Klaviyo identifies individuals that click through a Klaviyo email and browse your website. You can toggle on and off Klaviyo's ability to track email to website activity in your account's email settings.

With the release of iOS15, macOS Monterey, iPadOS 15, and WatchOS 8, Apple Mail Privacy Protection (MPP) changed the way that we receive open rate data on your emails by prefetching our tracking pixel. With this change, it’s important to understand that open rates will be inflated.

To see if your opens are affected, we suggest creating a custom report that includes an MPP property. You can also identify these opens in your individual subscriber segments.

For complete information on MPP opens, visit our iOS 15: How to Prepare for Apple’s Changes guide.

To navigate to your email settings page click Account > Settings > Email


When this is on, we add an additional parameter to all URLs in your emails to track activity. This is called the _kx parameter, and _kx will appear directly in the URL. The unique encrypted value is then decrypted by our web tracking and allows us to identify the user that clicked through the URL. 

For Shopify stores: Based on your Customer Privacy settings in Shopify, Klaviyo may not track onsite events (including Active on Site, Viewed Product, and Added to Cart) for visitors to your Shopify store in the EU, EEA, UK and Switzerland, unless they have provided consent. Thus, email to website tracking will not identify these individuals.

To learn more, check out our article on Klaviyo onsite tracking.

Additional resources

Was this article helpful?
73 out of 119 found this helpful