Hello, here in Germany, where data privacy is a huge issue, our attorneys have suggested that we want to put any and all tracking software used by Shopify in our Datenschutzerklärung. Can someone help me with this?
Topic summary
A German merchant needs to list all Shopify tracking technologies in their privacy policy (Datenschutzerklärung) to comply with strict data protection requirements.
Solution Provided:
A comprehensive list of Shopify’s default cookies was shared, organized into two categories:
- Functional cookies: Essential for store operations (cart management, checkout, customer login, admin access)
- Analytics cookies: Track landing pages, referrals, and general Shopify analytics
Cookie persistence varies from 30 minutes to 2 years depending on type.
Follow-up Question:
Another user experiencing bot traffic from Germany and Netherlands asks whether it’s possible to prevent Shopify’s tracking pixel from firing by detecting bot-like screen resolutions through JavaScript (checking screen.width/height properties) and disabling the Shopify Analytics object accordingly.
Status: The original question is resolved, but the bot-blocking inquiry remains unanswered.
This should give you what you need. It is from Shopify’s own default privacy policy and lists all the cookies they set and use for tracking purposes.
We use the following cookies to optimize your experience on our Site and to provide our services.
Cookies Necessary for the Functioning of the Store
Name Function
| _ab | Used in connection with access to admin. |
|---|---|
| _secure_session_id | Used in connection with navigation through a storefront. |
| cart | Used in connection with shopping cart. |
| cart_sig | Used in connection with checkout. |
| cart_ts | Used in connection with checkout. |
| checkout_token | Used in connection with checkout. |
| secret | Used in connection with checkout. |
| secure_customer_sig | Used in connection with customer login. |
| storefront_digest | Used in connection with customer login. |
| _shopify_u | Used to facilitate updating customer account information. |
Reporting and Analytics
Name Function
| _tracking_consent | Tracking preferences. |
|---|---|
| _landing_page | Track landing pages |
| _orig_referrer | Track landing pages |
| _s | Shopify analytics. |
| _shopify_s | Shopify analytics. |
| _shopify_sa_p | Shopify analytics relating to marketing & referrals. |
| _shopify_sa_t | Shopify analytics relating to marketing & referrals. |
| _shopify_y | Shopify analytics. |
| _y | Shopify analytics. |
[INSERT OTHER COOKIES OR TRACKING TECHNOLOGIES THAT YOU USE]
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
Thank you so much! That helped me a lot!
Hi Jon, thank you for repyling to this.
We get a lot of bot traffic from Germany and Netherlands. We have stopped this from triggering our
We are experiencing a significant amount of bot traffic from Germany and the Netherlands. While we have implemented measures to prevent this traffic from triggering our analytics, we are considering an additional approach.
Do you think it is possible to stop the Shopify tracking pixel from firing by checking the screen.width and screen.height properties in JavaScript? If these properties match the typical screen resolutions used by bots, we could then delete or disable the Shopify Analytics object to prevent tracking.