HubSpot

HubSpot

All-in-one CRM and marketing platform used by inbound marketing teams. HubSpot scripts load the live chat widget, track page views and form submissions, and attribute visits to marketing campaigns. Sets cookies to identify visitors across sessions and build contact profiles in HubSpot's CRM.

Back to Vendor Library

Overview

HubSpot is an all-in-one CRM, marketing automation, sales, and customer service platform widely used by inbound marketing teams. Its tracking code is one of the most commonly deployed marketing scripts on the web. HubSpot scripts serve multiple functions simultaneously: visitor tracking and identification, marketing attribution, live chat, forms, and CRM contact enrichment.

What This Script Does

HubSpot's tracking code (hs-script-loader) loads multiple subsystems:

Tracking and Analytics

  • Tracks every page view with full URL, referrer, and timestamp
  • Records form submissions (both HubSpot forms and native HTML forms when configured)
  • Captures UTM parameters and marketing attribution data (source, medium, campaign)
  • Monitors CTA clicks and content interactions
  • Fires custom behavioral events when configured via the HubSpot API

Cookies Set

  • __hssc — session cookie tracking current session page view count (30-minute expiry)
  • __hssrc — session cookie detecting new sessions vs. tab reopens
  • __hstc — persistent cookie (13 months) containing visitor ID, first visit timestamp, last visit timestamp, current session timestamp, and session count. This is the primary tracking cookie.
  • hubspotutk — persistent cookie (13 months) storing the visitor's unique identity token. This value is sent to HubSpot when a form is submitted, linking anonymous browsing history to a known contact in the CRM.
  • __hs_opt_out — stores cookie consent banner response
  • __hs_do_not_track — respects Do Not Track settings when enabled
  • __hs_initial_opt_in — tracks initial consent state
  • messagesUtk — persistent cookie for chat widget visitor identification

Live Chat (HubSpot Conversations)

  • Loads the chat widget when configured
  • Sets messagesUtk to identify returning chat visitors
  • Tracks which pages the visitor viewed before starting a conversation
  • Sends browsing context to agents in real time

Forms

  • Renders HubSpot-hosted forms or enhances native forms with tracking
  • Pre-fills form fields for returning visitors when identity is known
  • On submission, links all prior anonymous browsing history to the contact record in HubSpot CRM

Network Requests

  • Sends tracking data to track.hubspot.com and forms.hubspot.com
  • Loads chat widget resources from app.hubspot.com
  • Downloads form definitions and configuration from HubSpot CDN
  • May load additional scripts for A/B testing, ads tracking, or integrations depending on HubSpot portal configuration

Consent & Compliance

  • Consent categories: Marketing (visitor tracking, attribution, CRM identification), Analytics (page views, behavioral events), Functional (live chat, forms)
  • GDPR/ePrivacy: HubSpot sets multiple persistent cookies with long expiration periods (up to 13 months) that track visitors across sessions and link anonymous behavior to identified contacts. Requires explicit opt-in consent under both ePrivacy Directive and GDPR. HubSpot provides a built-in cookie consent banner, but if a third-party CMP is used, the tracking code must be gated behind consent.
  • CCPA: Visitor tracking data, behavioral profiles, and contact enrichment constitute personal information. Requires prominent disclosure. The hubspotutk cookie specifically enables cross-session identification, which falls under PI definitions.
  • Data Processing: HubSpot acts as a data processor. A DPA is available in HubSpot account settings and should be executed.
  • Consent granularity: HubSpot's tracking code loads as a single script that enables all features simultaneously. For granular consent (e.g., allow chat but block tracking), the HubSpot consent API or conditional loading at the CMP level is required.

Because HubSpot serves marketing, analytics, and functional purposes simultaneously, there are several approaches to consent management: (1) Block everything until marketing consent — the simplest approach, treating the entire script as marketing since tracking is its primary function. (2) Use HubSpot's consent API — load the script but call _hsq.push(["doNotTrack"]) until consent is granted. (3) Conditional feature loading — if only chat is needed, the HubSpot Conversations API can be deployed independently without the full tracking code.

Should You Block This Without Consent?

Yes. HubSpot's tracking code sets persistent identification cookies, tracks page views across sessions, and builds behavioral profiles linked to CRM contacts. Even when used primarily for its chat or forms features, the default tracking code includes full visitor monitoring. It should not load until the user has granted at least marketing consent. If chat functionality is needed without tracking, the Conversations widget can be deployed separately using HubSpot's standalone chat embed.

Visit website

Products (8)

HubSpot Forms
HubSpot Forms
HubSpot Forms is HubSpot's embedded lead capture form tool for collecting contact information on websites. Form scripts submit visitor data directly to HubSpot CRM, creating or updating contact records. Sets cookies to identify form submitters on return visits and pre-populate known contact fields for improved conversion rates.
HubSpot Analytics
HubSpot Analytics
HubSpot Analytics is HubSpot's built-in web analytics module tracking visitor behavior across HubSpot-managed websites and landing pages. Scripts record page views, sessions, traffic sources, and conversion events. Sets __hstc and hssc cookies to identify returning visitors and attribute user journeys across sessions for marketing reporting.
HubSpot CMS Hub
HubSpot CMS Hub
HubSpot CMS Hub is HubSpot's website content management platform for building and hosting marketing sites. Sites built on CMS Hub automatically include HubSpot's tracking infrastructure, setting cookies for visitor identification, analytics event collection, and marketing attribution across all pages served by the platform.
HubSpot Conversations
HubSpot Conversations
HubSpot Conversations is HubSpot's live chat and chatbot platform embedded on websites. The chat widget script loads asynchronously on page load, sets cookies to identify returning visitors, and captures conversation data linked to HubSpot CRM contact records for sales and support team follow-up and automated nurturing workflows.
HubSpot Email
HubSpot Email
HubSpot Email is HubSpot's email marketing module for sending and tracking campaigns. Tracking pixels embedded in outbound emails report open events and click-throughs back to HubSpot. Recipients who click through to landing pages have subsequent website sessions tracked by HubSpot's web analytics and attribution cookies.
HubSpot Marketing Hub
HubSpot Marketing Hub
HubSpot Marketing Hub is HubSpot's inbound marketing automation platform. Scripts track website visitor behavior for lead identification and nurturing, set cookies to attribute traffic sources, and enable email, social, and ad campaign automation. Visitor behavioral data feeds into HubSpot CRM contact profiles and lifecycle stage scoring.
HubSpot Sales Hub
HubSpot Sales Hub
HubSpot Sales Hub is HubSpot's CRM and sales intelligence platform. The HubSpot tracking script identifies website visitors, monitors which pages prospects view, and surfaces activity data to sales teams. Sets cookies to recognize returning visitors and tie their browsing sessions to CRM contact records for pipeline management.
HubSpot Service Hub
HubSpot Service Hub
HubSpot Service Hub is HubSpot's customer service platform covering ticketing, knowledge base, and customer feedback tools. Tracking scripts associate support interactions and knowledge base page visits with HubSpot CRM contact records. Session cookies persist visitor identity across service touchpoints for context-aware support experiences.

Consent Categories

Marketing
Analytics
Functional

Also Known As

HubSpot trackingHubSpot cookieHubSpot chat widgetHubSpot CRMHubSpot analyticsinbound marketing

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (12)

hs-analytics.netAnalytics
hs-scripts.comMarketing
hubspot.comMarketing
hsforms.comAnalytics
hsadspixel.netMarketing
hubapi.comMarketing
usemessages.comFunctional
hsleadflows.netAnalytics
hubspotusercontent.comMarketing
hubspotlinks.comAnalytics
hubspot.netMarketing
hscollectedforms.netMarketing

Frequently Asked Questions

Does HubSpot require cookie consent?

Yes. HubSpot's tracking code sets multiple persistent cookies for visitor identification, marketing attribution, and CRM contact profiling. Under GDPR and ePrivacy, these require explicit opt-in consent. The entire tracking script must be blocked until at least marketing consent is granted.

What cookies does HubSpot set?

HubSpot sets __hstc (primary tracking cookie, 13 months), hubspotutk (visitor identity token, 13 months), __hssc (session pageview count, 30 minutes), __hssrc (session), __hs_opt_out (consent banner response), and messagesUtk (chat identity, 13 months). Scripts load from js.hs-scripts.com and send data to track.hubspot.com and forms.hubspot.com.

How does ConsentStack manage HubSpot consent?

ConsentStack detects HubSpot by its hs-script-loader and associated cookie names. It classifies HubSpot as marketing and analytics, blocking the tracking code until consent is granted. ConsentStack supports suppressing tracking via _hsq.push doNotTrack for non-consenting visitors and fully initializes tracking only after opt-in.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Ads
Google Ads
Google Ads is Google's advertising platform for search, display, and remarketing campaigns. Conversion tracking scripts fire on advertiser landing pages to measure actions taken after ad clicks. The remarketing tag builds audience lists for retargeting users across Google's ad network.
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag is the Universal Event Tracking pixel for Microsoft's ad platform, formerly Bing Ads. The JavaScript tag fires on advertiser websites to track page views, conversions, and custom events for campaign optimization. Sets cookies to identify visitors across sessions and attribute conversions to Microsoft Search and Audience Network ad clicks.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.

Manage consent for HubSpot

ConsentStack automatically detects and manages HubSpot trackers so your site stays compliant with global privacy regulations.

Get started free