I’m working with CookieYes as a cookie consent tool, and noticed several cookies that aren’t automatically categorized or are missing a script url (which is required to correctly block them prior to user consent).
I’ve searched for hours now but can’t find reliable information on these cookies. Anyone has a source or knows more about this?
The uncategorized ones are:
_shopify_analytics - I can assume from the name that this is the analytics category, of course, but I’d like to have a reliable source for it
_shopify_marketing - same as above
And missing script URLs are for:
_shopify_s
_shopify_y
Those are apparently both related to the Shopify analytics suite, but I can’t find a clear information on what script url to enter in CookieYes so they can be blocked.
Don’t try to block those via script URLs. _shopify_analytics and _shopify_marketing aren’t actually tracking cookies - they’re the cookies Shopify uses to save the customer’s consent state. If you block them, your consent banner will just keep popping up on every page.
For _shopify_s and _shopify_y, those are Shopify’s core analytics (session and user IDs). They’re injected via trekkie.storefront.min.js and server-side.
Instead of manually blocking scripts, make sure CookieYes is pushing consent states to Shopify’s Customer Privacy API. Once CookieYes tells Shopify “analytics = false”, Shopify automatically suppresses _shopify_s and _shopify_y on its own. I use a different consent app on my store, but they all work the same way now. Check CookieYes docs for Shopify integration — they should be handling the API sync natively so you don’t have to manually map script URLs.