Skip to main content


To make this site simpler, we sometimes place small data files on your computer. These are known as cookies. Most big websites do this too.

They improve things by:

  • Remembering settings, so you don't have to keep re-entering them whenever you visit a new page
  • Protecting against hackers impersonating you on a website
  • Remembering information you've given (eg form fields you've filled in) so you don't need to keep entering it
  • Measuring how people use the website so we can make sure it meets our users' needs.

Our cookies aren't used to identify you personally. They're just here to make the site work better for you. Indeed, you can manage and/or delete these small files as you wish.

To learn more about cookies and how to manage them, visit, or please read on to find out more about how and where we use cookies.

How we use cookies

We use cookies in several places - we've listed each of them below with more details about why we use them and how long they will last. HESA uses cookies which can only be accessed by HESA websites ('first-party' cookies). This ensures your activities on other sites CANNOT be profiled alongside your activities on HESA sites. HESA does NOT track your activities on other people's websites.

Session identifier cookies

On many HESA sites, we use session identifier cookies to ensure a secure browsing experience. These first-party cookies contain no personal data at all - they usually contain only a randomly generated string of numbers and/or letters. They expire when you close your browser. Session identifier cookies protect against malicious 'session hijacking' attacks which would allow a hacker to impersonate you while browsing a website. They are therefore necessary to the proper functioning of websites and we strongly encourage you to allow them to be set.

Cookies set by

The main HESA website uses first-party cookies to perform a few important tasks. No personal data is stored by any of these cookies.

The following cookies are set by

Name Typical content Expires
SSESS25307b2195fef32d31c8dc076620e1df   Within a month
SimpleSAMLSessionID   When you close your browser
has_js Records whether your browser has JavaScript enabled or not When you close your browser
Drupal.tableDrag.showWeight Used by Drupal - our Content Management System - to store viewer preferences After a year
aucp13n Used to support the caching of content on the site Within a month
_utmz Used by Google Analytics (see below) After 6 months
_utma Used by Google Analytics (see below) After 2 years
_cfduid Used by Cloudflare to override any security restrictions based on the IP address the visitor is coming from. After 1 and a half years

Analytics cookies on HESA websites and UK HE Stats apps

HESA uses Google Analytics to help us improve our websites and mobile apps. The cookies used by analytics, like the other cookies HESA sites set, are first-party only: their contents are only available to HESA websites and apps, not to other websites or apps. They contain NO personal data and just tell us that, for example, a page is being accessed by the same person twice in a row, but NOT who that person is. The data generated by analytics is aggregate in nature and we use it only to determine trends and make broad inferences such as 'most people use Internet Explorer to browse this site'. It is an immensely valuable tool for any web developer: without it we are 'flying blind' when it comes to making important design decisions about how we build our sites.

Some of the content on this page is based on content shared under the UK Open Government License by