# iFrame & Cookies This page explains how the Spara chat widget works from a technical perspective, what data it stores in the browser, and how it relates to your website's cookie consent policies. ## How the Spara widget loads When you add the Spara JavaScript snippet to your website, it creates an **iframe** (inline frame) that loads the [chat agent](/agents/chat-agents.md) interface. An iframe is a standard web technology that embeds one webpage inside another — similar to how a YouTube video embed works. The iframe approach means: * **Spara's code runs in isolation** from your website's code. It cannot access your page's JavaScript variables, DOM, or other data unless explicitly passed through the embed snippet. * **Your website's code runs in isolation** from Spara. Your scripts cannot access the contents of the Spara iframe. * **Styling is independent.** Spara's styles do not conflict with your website's CSS, and vice versa. ## What Spara stores in the browser Spara uses **localStorage** (not cookies) to persist a small amount of data in the visitor's browser. localStorage is a browser storage mechanism that keeps data on the user's device, similar to cookies but with key differences: * localStorage data is **not sent to servers** with every HTTP request (unlike cookies) * localStorage is **scoped to your website's domain** — it cannot be read by other websites * localStorage persists until explicitly cleared by the user or your code ### Data stored | Key | Purpose | | ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Prelead UUID** | A randomly generated identifier that associates a visitor with their conversation across page loads and return visits. This is how Spara remembers that a visitor on your pricing page is the same person who chatted on your homepage. | | **Page visit tracking** | A per-day, per-URL hash that prevents duplicate page visit recording. This ensures each unique page view is counted once per day. | Spara does **not** store: * Names, email addresses, or other personally identifiable information in localStorage * Third-party tracking data * Cross-site identifiers ### Cookies Spara does **not** set any cookies on your website. The embed snippet reads (but does not write) certain existing cookies on your site for analytics integration purposes: * **Google Analytics cookies** (`_ga`, `_ga_*`) — If present, Spara reads the GA4 client ID and session ID so that Spara lead activity can be correlated with your Google Analytics data * **Google Click ID cookies** (`_gcl_aw`, `_gcl_au`) — If present, Spara captures these for ad attribution These cookies are set by Google Analytics, not by Spara. Spara will ingest the GA4 client ID and session ID automatically and can read the `gcl_au` and `gcl_aw` cookies if they are mapped as query parameters. See [Query Parameters](/developers/spara-api/query-parameters.md) for more information. ## Cookie consent and Spara A common question is whether Spara needs to be behind your cookie consent banner. The answer depends on your organization's specific compliance requirements, but here are the technical facts: * **Spara does not set cookies** — it uses localStorage only * **Spara does generate a pseudonymous identifier** (the prelead UUID) stored in localStorage, which some privacy regulations may classify similarly to cookies * **Spara does read existing Google Analytics cookies** if present, for attribution purposes ### Common approaches * **Show Spara before consent** — Since Spara does not set cookies, some organizations display the chat widget immediately, even before cookie consent is granted. The prelead UUID is pseudonymous and not linked to personal data unless the visitor voluntarily provides it during conversation. * **Show Spara after consent** — Organizations with stricter consent requirements load the Spara embed snippet only after the visitor accepts cookies. This can be done by conditionally inserting the script tag based on your consent management platform's API. {% hint style="warning" %} Spara does not provide legal advice. Consult your legal or compliance team to determine the correct approach for your organization's privacy policy and applicable regulations (GDPR, CCPA, etc.). {% endhint %} ## Z-index and stacking The Spara chat widget uses a high `z-index` to ensure it appears above most page content. If your cookie consent banner also uses a high `z-index`, both elements can coexist — the banner will typically appear above or alongside the chat widget depending on your CSS. If you need to adjust layering, contact your Spara account manager. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.spara.com/developers/spara-api/iframe-and-cookies.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.