We are using the “Customer Privacy API” to disable cookies before the visitor gives consent. However, it seems like Shopify loads in 3 cookies, even when using the Customer Privacy API. These cookies are: _shopify_analytics, _shopify_s and _shopify_y.
I cannot find any documentation online regarding these cookies. What do these cookies do, are they required to function and if not: How do I disable these? Because right now without information, the site is not GDPR-compliant.
Looking forward to hearing if anybody has more information.
The purpose of _shopify_analytics , _shopify_s and _shopify_y cookies are detailed in our Cookie Policy.
By default, these cookies do not load for regions that require consent until the visitor provides consent.
You can confirm which regions require consent (where the cookie banner is visible) for your shop in the admin: Settings > Customer privacy > Cookie banner > Regions and content.
_shopify_analytics is not mentioned in the Cookie Policy though.
Also, this particular site does have the correct settings set up using Cookiebot, yet these particular cookies still load on the shop before the visitor has given consent.
Here’s a direct link to where the _shopify_analytics cookie is mentioned in our Cookie policy.
I have seen cases where these cookies load due to 3rd Party cookie banners sending incorrect default consent status updates. If you’re not seeing a request being made to update the consent status right as the shop’s storefront loads to cause this, feel reach to reach out to us at help.shopify.com so we can assist with the shop.
