D&D Beyond Cookie Notice
Last updated: June 4, 2025
INTRODUCTION
This Cookie Notice explains how we use cookies and similar tracking technologies on the Site. It details the types of cookies we use, their purposes, and how You can manage Your cookie preferences.
WHAT ARE COOKIES?
Cookies are small text files that are placed on your device by websites and mobile applications that you visit. Cookies are widely used in order to make websites function efficiently, enhance user experience, s, and provide information to the owners of websites.
TYPES OF COOKIES WE USE
We categorize cookies into the following types:
Strictly Necessary Cookies
These cookies are essential for the website to function and cannot be switched off in our systems. They are usually set in response to actions you take, such as setting your privacy preferences, logging in, or access to secure areas, quick page loading time, and shopping and checkout information.
How to refuse / withdraw Strictly Necessary Cookies
Because these cookies are essential for the core functioning of our Website, you cannot refuse them via our cookie banner or Privacy Center. Instead, you can block or delete them by changing your browser settings as described below under the heading "Managing Your Cookies". However, doing so may impair core functionalities of the website, such as secure login, shopping cart operations, or page navigation and may result in suboptimal user experience.
The table below lists the Strictly Necessary Cookies on our Website and why we use them:
| Strictly Necessary Cookies Cookie Name | Description | Duration | Provider | Purpose |
|---|---|---|---|---|
| _cf_bm | The __cf_bm cookie is a cookie necessary to support Cloudflare Bot Management, currently in private beta. As part of our bot management service, this cookie helps manage incoming traffic that matches criteria associated with bots. This is a CloudFoundry cookie. | <1 day | Cloudflare | Essential Services |
| _cq_dnt | Indicates that the browser has opted out of CC Einstein tracking for this site. Session Salesforce Essential Services Commerce Cloud sets it with each page response based on the value of the corresponding session attribute TrackingAllowed. The value of this cookie always matches that of the Storefront dw_dnt cookie. | Session | Salesforce | Essential Services |
| dw_dnt | Controls client- side JavaScript for Salesforce Commerce Cloud tracking features such as Analytics, Einstein, and ActiveData. Commerce Cloud sets it with each page response, based on the value of the corresponding session attribute TrackingAllowed. | Session | Salesforce | Essential Services |
| dwsecuretoken_* | Used with dwsid to secure the session through HTTPS. The * in the cookie name is a value unique to the site. | Session | Salesforce | Essential Services |
| dwsid | Identifies the current browsing session. | Session | Salesforce | Essential Services |
| _pxhd | Stores a hashed identifier that allows PerimeterX to distinguish between legitimate human users and malicious bots. It helps ensure the website is accessed by real users, not automated tools or scripts. | 364 days | Human Security | Essential Services |
| sid | Identifies the current browsing session. The Salesforce Reference Architecture (SFRA) uses this to determine whether to display the cookie hint content asset. | Session | Salesforce | Essential Services |
| AWSELB | Used to distribute traffic to the website on several servers in order to optimize response times. | <1 day | AWS | Essential Services |
| AWSELBCORS | Registers which server cluster is serving the visitor. This is used in context with load balancing to optimize the user experience. | <1 day | AWS | Essential Services |
| cc-nx_DDBUS | Stores values required to authenticate users on D&D Beyond's marketplace | 400 days | Salesforce | Essential Services |
| cc-nx-g_DDBUS | Stores values required to authenticate users on D&D Beyond's marketplace | 400 days | Salesforce | Essential Services |
| token_DDBUS | This cookie is used by Salesforce Commerce Cloud to store the authentication/access token required for secure user authentication & API requests to the website backend. Each call to retrieve website content is authenticated using this token to ensure secure access to content, including user information such as login status, cart, payment information, etc, as well as site information, such as products and pricing. | Session | Salesforce | Essential Services |
| dd_cookie_test_* | This cookie is set by Datadog to test if the browser accepts cookies. It is a temporary cookie used internally during monitoring sessions to verify cookie functionality and does not track users or store personal information. | <1 day | Datadog | Essential Services |
| _ketch_consent_v1_ | Store user ID and consent choices. | 399 days | Ketch | Essential Services |
| optimizelyDomainTestCookie | This cookie is used to test whether the user's browser supports setting cookies on the current domain. It is a temporary cookie created during Optimizely's setup process and is deleted immediately after the test. | 179 days | Optimizely | Essential Services |
| optimizelyOptOut | This cookie is set by Optimizely to indicate that the user has opted out of tracking and participation in experiments. When this cookie is present and set to true, Optimizely disables all data collection, experiment participation, and personalization features for that user. | Session | Optimizely | Essential Services |
| _px2 | Used in context with the website's BotManager. The BotManager detects, categorizes, and compiles reports on potential bots trying to access the website. | <1 day | Human Security | Essential Services |
| pxcts | Used by PerimeterX to detect fraud and bot activity. | Session | Human Security | Essential Services |
| _pxttld | This cookie is used by HUMAN Security's Bot Defender to determine the appropriate domain settings for cookies, enabling site- wide detection functionality. It assists in configuring cookie domains correctly to ensure effective bot detection across the website. | Session | Human Security | Essential Services |
| _pxvid | This cookie is used to distinguish between humans and bots. | 364 days | Human Security | Essential Services |
| receive-cookie-deprecation | This cookie is set by Google's Privacy Sandbox to help detect whether a user's browser supports third-party cookies and to manage the transition to new privacy- preserving technologies. It assists Google in testing and deploying alternatives to third-party tracking, such as Topics API and Protected Audience. | 364 days | Google Privacy Sandbox | Essential Services |
| SM | Registers a unique ID that identifies the user's device during return visits across websites that use the same ad network. The ID is used to allow targeted ads. | Session | Microsoft Clarity | Essential Services |
| _swb | Ketch first party ID to manage consent choices | 729 days | Ketch | Essential Services |
| RequestVerifcationToken | Necessary for protecting against CSRF attacks. | Session | DDB Security | Essential Services |
| CobaltSession | This cookie provides a long- term session for users on D&D Beyond. | 365 days | DDB Authentication | Essential Services |
| cobalt_token | This cookie is used to authenticate requests to D&D Beyond services. | 4 minutes | DDB Authentication | Essential Services |
| AWSALB* | These cookies are set by AWS Application Load Balancer to ensure session persistence (also called sticky sessions). They map the user's session to the same target (server) within a load-balanced pool to maintain consistency during their visit. | 7 days | AWS | Essential Services |
| LoginState | Session | DDB Authentication | Essential Services |
What Are Functional Cookies?
Functional Cookies enable to Website to provide enhanced functionality and personalisation. They will remember your site preferences, including whether or not you accepted or refused certain categories of cookies via our cookie banner or preference center.
How to refuse / withdraw Functional Cookies
You can manage your functional cookie preferences at any time through our Privacy Center which can be accessed via the site's Cookie Banner or the "Your Privacy Choices" link in the footer of this site or via your browser settings as described below in the "Managing Your Cookies" section below.
The below tables lists the Functional Cookies on our Website and why we use them:
| Strictly Necessary Cookies Cookie Name | Description | Duration | Provider | Purpose |
|---|---|---|---|---|
| ar_debug | This cookie is set by Google and is used internally for debugging and diagnostic purposes related to ad delivery. It does not track users for advertising purposes but may be present during test or development scenarios. It is usually only active for users or developers who are testing ads or working in a debug mode. | 364 days | Google Privacy Sandbox | Functional |
| dwanonymous_* | Random ID used to identify an unregistered shopper or a shopper who has not yet logged in | 180 days | Salesforce | Functional |
| cid_DDBUS | Stores values required to authenticate users on D&D Beyond's marketplace | Session | Salesforce | Functional |
| customerGroups | This cookie is set by Amplience to categorize users into predefined customer segments or groups. It is used to deliver personalized content experiences based on the user's group membership. | Session | Amplience | Functional |
| enc-user-id_DDBUS | This cookie is set by Salesforce Einstein Personalization to store an encrypted user identifier. It allows the platform to recognize returning users across sessions and personalize experiences | Session | Salesforce | Functional |
| fbsr_ | This cookie is set by Facebook and used to identify the Facebook user and grant access via Facebook Login. It contains an encoded signature and user ID and is used to authenticate users logging into a site using their Facebook credentials. | Session | Facebook Ads | Functional |
| oid | This cookie is set by Salesforce to identify the organization (tenant) associated with a user session. It is commonly used during authentication flows (e.g., via Salesforce Identity or Commerce Cloud) to route and validate login or session activity. The value usually corresponds to a unique Salesforce Organization ID. | Session | Salesforce | Functional |
| ResponsiveSwitch.DesktopMode | A saved user preference determines whether or not a desktop-sized view should be rendered on smaller viewports. | 360 days | DDB | Functional |
| usid_DDBUS | Stores values required to authenticate users on D&D Beyond's marketplace | Session | Salesforce | Functional |
| Preferences.* | Caches user's preferences for various systems. | 365 days | DDB Forums | Functional |
| Ratings | Stores values required by the ratings feature on D&D Beyond's forum software. | 30 days | DDB Forums | Functional |
| ddb-theme | Stores the user's theme preference for D&D Beyond. | Session | DDB Character Sheet | Functional |
| User.ID | Stores the user's unique id for use within D&D Beyond's forum software. | Session | DDB Forums | Functional |
| User.Username | Stores the user's username for use within D&D Beyond's forum software. | Session | DDB Forums | Functional |
| UserInfo | Stores the user's id and join date for use in D&D Beyond's forum software. | Session | DDB Forums | Functional |
| WarningNotifcation.Lock | Stores a value that is used for moderation on D&D Beyond's forum software. | Session | DDB Forums | Functional |
| NID | Stores user preferences and other information, such as preferred language, how many search results to show per page, and whether to turn on Google SafeSearch. When used in the context of YouTube embeds, it may also support personalization and security features for users interacting with embedded videos. | 6 months | Functional | |
| ddbSiteBanner* | Stores a value that is used to determine if a user has closed an active side- wide banner. | 7 days | DDB | Functional |
What Are Advertising Cookies?
Advertisingcookies are used to deliver advertisements that are more relevant to You and Your interests. They may be set through our Website by Us or our advertising partners to track your browsing habits and online activity across other websites and services. This enables the creation of a profile about You and Your interests so that we can present more personalised and effective advertising.
These cookies can also help limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns. In some cases, these cookies involve the processing of personal data and sharing of information with third-party advertisers or technology providers.
Depending on your location, these cookies may only be set on your device with your prior consent. If you choose to opt-out of advertising cookies, you may still see ads, but they may be less relevant to your interests.
How to Refuse / Withdraw Advertising Cookies?
You can manage your advertising cookie preferences at any time through our Privacy Center which can be accessed via the site's Cookie Banner or the "Your Privacy Choices" link in the footer of this site or via your browser settings as described below in the "Managing Your Cookies" section below.
The below tables lists the Advertising Cookies on our Website and why we use them:
| Advertising Cookies Cookie Name | Description | Duration | Provider | Purpose |
|---|---|---|---|---|
| _fbp | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. | 89 days | Facebook Ads | Advertising |
| _gcl_au | This cookie takes information on clicks and stores it in a first-party cookie so that conversions can be attributed outside the landing page. | 90 days | Google Ads | Advertising |
| IDE | These cookies set by a third party (DoubleClick) and are used for serving targeted advertisements that are relevant to you across the web. Targeted advertisements may be displayed to you based on your previous visits to this website. For example, advertisements about a topic you have expressed an interest in while browsing our site may be displayed to you across the web. In addition, these cookies measure the conversion rate of ads presented to the user. For more information, please visit www.google.com/policies/privacy/partners/. | 729 days | Google Ads | Advertising |
| lidid | This cookie is set by LiveIntent and is used to identify users and track engagement across emails and websites for advertising and personalization purposes. It helps in linking user behavior across different channels to provide targeted ad content and measure campaign performance. | 730 days | Live Intent | Advertising |
| MSPTC | Microsoft User Identifier tracking cookie used by Bing Ads. It can be set by embedded Microsoft scripts. | 389 days | Microsoft Ads | Advertising |
| taboola_session_id | This cookie is set by Taboola to track a user's session on the website. | Session | Taboola | Advertising |
| test_cookie | Used to check if the user's browser supports cookies. | Session | Google Ads | Advertising |
| t_gid | This cookie is set by Taboola to assign a unique and persistent user ID. It allows Taboola to track users across sessions and websites to deliver personalized content and advertising, measure ad performance, and build user profiles based on content engagement. | 365 days | Taboola | Advertising |
| _tt_enable_cookie | Confirm to Tiktok that a user has enabled cookies. | 389 days | TikTok Ads | Advertising |
| _ttp | To measure and improve the performance of your advertising campaigns and to personalize the user's experience (including ads) on TikTok. | 390 days | TikTok Ads | Advertising |
| _uetsid | Collects data on visitor behavior from multiple websites, in order to present more relevant advertisements - This also allows the website to limit the number of times that they are shown the same advertisement. | <1 day | Microsoft Ads | Advertising |
| _uetvid | Used to track visitors on multiple websites, in order to present relevant advertisements based on the visitor's preferences. | 389 days | Microsoft Ads | Advertising |
| guest_id | This cookie is set by Twitter to identify and track users who interact with Twitter content embedded on third-party websites, even if they are not logged in. It helps with authentication, session management, and personalization of Twitter content and ads for non-authenticated users. | 730 days | Twitter Ads | Advertising |
| guest_id_ads | This cookie is set by Twitter to identify users for ad targeting and performance measurement, especially when users interact with Twitter ads or embedded content on third-party sites. It is used even when users are not logged in to Twitter, enabling Twitter to deliver personalized ads and track ad engagement. | 730 days | Twitter Ads | Advertising |
| guest_id_marketing | Identifies and tracks users for the purpose of delivering personalized ads and measuring ad performance, particularly for users not logged into Twitter. | 730 days | Twitter Ads | Advertising |
| _li_ss | This cookie is owned by liadm.com. The company provides a range of marketing and advertising services. | 30 days | Live Intent | Advertising |
| MR | Indicates whether to refresh the MUID cookie. | 6 days | Microsoft Clarity | Advertising |
| muc_ads | Collects data on user behavior and interaction in order to optimize the website and make advertisements on the website more relevant. | 730 days | Twitter Ads | Advertising |
| MUID | Used widely by Microsoft as a unique user ID. The cookie enables user tracking by synchronizing the ID across many Microsoft domains. | 389 days | Microsoft Clarity | Advertising |
| _nccapi_url | Used by Pinterest to track the usage of services. | Session | Advertising | |
| personalization_id | We have an embedded Twitter feed on our support sites so that things like service outages announced on Twitter are surfaced to players seeking help. This cookie is accessed by the embedded Twitter widget, but neither it nor our site sets the cookie. | 730 days | Twitter Ads | Advertising |
| t_pt_gid | Assigns a unique user ID used for attribution, reporting, and personalizing content recommendations based on interactions with specific advertisers or publishers. | 365 days | Taboola | Advertising |
| ttcsid.* | Assigns a unique session ID to track user interactions on the website for advertising and analytics purposes. | 389 days | TikTok Ads | Advertising |
| uuid | This cookie is set by MediaMath to assign a unique, anonymized identifier to users. It allows MediaMath to track browsing behavior across websites and build a profile for delivering personalized advertisements, measuring ad performance, and limiting ad frequency. | 395 days | MediaMath | Advertising |
| sailthru_content | Tracks recent pageviews for all visitors, and can be used to populate a new user profile. | 365 days | Sailthru | Advertising |
| sailthru_visitor | The cookie contains an id that is used to identify a user's pageviews within a session. | 1 hour | Sailthru | Advertising |
| sailthru_hid | Uniquely identifies known users in order to track their onsite activity. | 365 days | Sailthru | Advertising |
| _pin_unauth | Used by Pinterest to track the usage of services. | 364 days | Advertising | |
| _pinterest_ct_ua | Used by Pinterest to track the usage of services. | 364 days | Advertising | |
| taboola_session_id | This cookie is set by Taboola to track a user's session on the website. | Session | Taboola | Advertising |
| ps_n | To serve targeted advertising to Facebook users when logged into its services. | 4 months | Advertising | |
| ps_l | To serve targeted advertising to Facebook users when logged into its services. | 4 months | Advertising | |
| xs | Contains Facebook session identifying information | 3 months | Advertising | |
| sb | Allows Facebook to identify browsers securely and recover user accounts in case of forgotten passwords or potential hacking attempts. | 4 months | Advertising | |
| datr | Identifies the web browser being used to connect to Facebook independent of the logged in user. This cookie plays a key role in Facebook's security and site integrity features. | 4 months | Advertising | |
| c_user | Contains the user ID of the currently logged in Facebook user. | 3 months | Advertising |
What Are Analytics Cookies?
Analytics cookies collect information about how visitors use our Website to help us understand and improve user experience, website performance, and the effectiveness of our marketing efforts. These cookies enable us to measure and analyze metrics such as:
- How users arrive at and interact with our site
- Which pages are visited most often
- How long users stay on a page
Whether users encounter error messages or other technical issues. The data collected is generally aggregated and does not directly identify individuals. However, in some cases, particularly when combined with other data or IP addresses, may constitute personal data under certain global privacy regulations.
Under most global privacy laws, analytics cookies require your consent before being placed on your device unless:
- The data collected is strictly necessary for a service you explicitly request, or
- The analytics is configured to use only anonymized or pseudonymized data that cannot be tracked to an individual
How to Refuse / Withdraw Analytics Cookies?
You can manage your analytics cookie preferences at any time through our Privacy Center which can be accessed via the site's Cookie Banner or the "Your Privacy Choices" link in the footer of this site or via your browser settings as described below in the "Managing Your Cookies" section below.
The below tables lists the Analytics Cookies on our Website that require your consent and why we use them:
| Analytics Cookies Cookie Name | Description | Duration | Provider | Purpose |
|---|---|---|---|---|
| _clsk | Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator. | <1 day | Microsoft Clarity | Analytics |
| _dd_s | This cookie is used by Datadog to monitor performance for a given user across multiple pages | <1 day | Datadog | Analytics |
| _ga | Used to distinguish users for Google Analytics. | 2 years | Google Analytics | Analytics |
| Geo | Stores a user's geographical location. | Session | DDB | Analytics |
| _gid | Used to distinguish users for Google Analytics. | <1 day | Google Analytics | Analytics |
| _gsid | UUID value used to identify multiple interactions from a single device and distinguish between users. | Session | Gamesight | Analytics |
| _hjTLDTest | Used to detect the most generic top-level domain the site can use, enabling other Hotjar cookies to be set across subdomains. | Session | Hotjar | Analytics |
| _rdt_uuid | A Reddit cookie is used to display relevant advertising to visitors. | 89 days | Analytics | |
| sublevel | Used by Google Analytics to determine which subscription level the user has. | Session | DDB | Analytics |
| _clck | Collects data on the user's navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner. | 364 days | Microsoft Clarity | Analytics |
| CLID | Identifies the first time Clarity has seen a user on any site using Clarity. | 364 days | Microsoft Clarity | Analytics |
| _ga_* | Used by Google Analytics to identify and track an individual session with your device. | 729 DAYS | Google Analytics | Analytics |
| _gat_UA-* | This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites. | <1 day | Google Analytics | Analytics |
| _hjSession_* | This cookie is set by Hotjar to identify a user's session. It ensures that actions taken during a single session (e.g. page views, interactions) are associated with the same session ID, even across multiple pages. The * denotes a unique site ID (e.g., _hjSession_123456). | <1 day | Hotjar | Analytics |
| _hjSessionUser_* | This cookie is set by Hotjar to uniquely identify a user across multiple visits to the same site. It ensures that behavior across sessions can be attributed to the same anonymous user without relying on personally identifiable information. The * indicates the Hotjar site ID (e.g., _hjSessionUser_123456). | 364 days | Hotjar | Analytics |
| optimizelyEndUserId | Stores a visitor's unique Optimizely identifier. It's a combination of a timestamp and a random number. No other information about you or your visitors is stored inside. | 179 days | Optimizely | Analytics |
| ddb_vid | Stores a unique value that identifies a user for use in internal analytics. | 1 year | DDB | Analytics |
| ddb_sid | Stores a unique value that identifies a 4-hour user session for use in internal analytics. | 4 hours | DDB | Analytics |
| session_id | Marketing attribution | 365 Days | Gamesight | Analytics |
Third Party Service Providers
Our Website uses cookie and similar tracking technologies that are placed not only by us but also by third-party service providers. These partners support various functions on our Website, such as analytics, personalisation, advertising, performance monitoring and social media integration.
These third-party service provides may set cookies through our website and may collect or receive data about your device, usage behavior, and interactions across different Websites and services. In certain cases, these cookies involve the processing or sharing of Your personal data, including unique identifiers, browser type, location and site activity.
Why We Disclose Our Third Party Service Providers
To comply with global privacy laws, we disclose all third-party service providers that place or access cookies through our Website. You can find the cookie names or identifiers used, the purpose of the cookies, the duration the cookies remain on your device and the service provider's name in the cookie tables above. For Your convenience, we have listed all our Third- Party Service providers below. We encourage you to read their privacy notices and opt-out pages.
Third-party service providers:
- Bing Ads
- Datadog
- Facebook (Connect, Custom Audiences, Social Plugin)
- Gamesight
- Google Ad Trackers (GA Audiences, AdWords Conversion, DoubleClick, Google Dynamic Remarketing)
- Google Tag Manager
- Gravatar
- Hotjar
- Imgur
- Lotame
- Microsoft Clarity
- Optimizely
- Pinterest, Pinterest Converstion Tracker
- PerimeterX
- Sailthru Horizon
- Salesforce
- ScoreCard Research Beacon
- SMART AdServer
- SpotX
- Taboola
- TikTok Analytics
- Twitter (Advertising, Analytics, Conversion, Syndication)
This transparency enables you to make informed decisions about your privacy and how your data is used.
Managing Cookies Set by Third Party Service Providers
You can manage your cookie preference, including those set by third-party service provides through:
- Our Privacy Center
- Your browser's cookie control settings
- Industry tools like YourADChoices, NAI, or EDAA's opt-out platform (for EU users)
Please note that disabling these cookies may affect the performance or personalisation features of our site.
Managing Your Cookies
You have the right to control how cookies are used on your device. We offer you several options to manage your cookie preferences, including opting-in or out of specific categories of cookies that are not strictly necessary for the basic operation of our Website.
Cookie Preference Center
You can update your cookie preferences at any time through our Privacy Center. Through this tool, you can:
- View detailed descriptions of each cookie category
- Enable or disable non-essential cookies based on your preferences
- Withdraw previously given consent at any time
Please note your selections apply only to the specific browser and device You use when setting them. If you use multiple devices or browsers, you must set your preferences on each one.
Browser Settings
Most web browsers allow you to control cookies through their settings. You can configure your browser to:
- Alert you before a cookie is set
- Automatically block some or all cookies
- Delete cookies already stored in your device
Please note that disabling strictly necessary cookies through browser settings may impact the functionality of our site, including the ability to log in, make purchases, or navigate pages smoothly.
Industry-Wide Opt-Out Tools
For advertising cookies, you may also opt‐out through these platforms:
- Network Advertising Initiative (NAI)
- Digital Advertising Alliance (DAA) European Interactive Digital Advertising Alliance (EDAA)
These tools do not block all ads but can prevent participating companies from showing ads tailored to your online behavior.
Retention and Preference Expiry
Your cookie preferences will be stored for a limited period, after which you may be prompted to reconfirm your choices. You may also be prompted again if we change the cookies we use or if you access the Website from a new device or browser.
Legal Basis for Processing
We process personal data collected through cookies based on your consent, except for strictly necessary cookies, which are processed on our legitimate interest in ensuring the Website's functionality.
Changes to this Notice
We may update this Cookie Notice from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Therefore, please visit this Cookie Notice regularly to keep up to date with our use of cookies and related technologies. We will inform you of any significant changes via the Website.
Contact
If you have any questions about this cookie notice, or our use of cookies or other technologies, you can contact us as follows:
Wizards of the Coast LLC
1107 Lake Washington Blvd
N Suite 800
Renton, WA 98055
United States
Email: DPO@hasbro.com