Unrecognized cookies detected by DataGrail - possibly from Shopify Web Pixel / Facebook app

Web Pixels
,
1

Hi everyone,

We recently ran a DataGrail Consent scan on our Shopify storefront and noticed several unmanaged cookies that look like this:

0259cbf4157b98a7e7c05b8bd99d4d6c-dnprince22gmailcom
041acb487d22bb3ade982f2ccc53e8a1-DWCOHALGMAILCOM

Detected by: DataGrail automated scanner

These cookies seem to contain hashed identifiers (sometimes with an email-like suffix) and are not part of Shopify’s standard cookie documentation.

We’re currently using:

  • Shopify’s built-in Facebook & Instagram app (Meta pixel + Conversions API)

  • Shopify Web Pixel infrastructure (shopify_web_pixel events) for marketing tracking

We’re wondering if these cookies are:

  • Automatically generated by Shopify’s Facebook/Meta app integration (e.g., to link web pixel events with the Conversions API), or

  • From another Shopify app/channel that uses the Web Pixels API.

Has anyone else seen these cookie patterns?
Are they part of Shopify’s Web Pixels framework for Facebook, or do they come from an external app?

We’d like to confirm before categorizing them in our DataGrail consent rules

Any insights from the Shopify team or other merchants using the Meta app would be greatly appreciated!

Thanks,

2

Hello Rohan,

I do not believe the cookies you’re seeing are related to Shopify, and I’m not familiar with these being added by the Facebook app either.

Could you provide more details? Cookies are usually a key-value pair, what’s their key or value? On which domain are they appearing?

Shopify is actively trying to reduce the amount of cookies it uses. Shopify’s Web Pixels framework is a generic platform for app developers and merchants, it does not provide any special cookies for facebook, etc. However, the Web Pixels API allows third-party code to read and write cookies.

Hope this helps!

3

Hi @emile ,

As the cookie you can see it contains some parts of username and gmailcom, can we check somewhere in our application cookie that it is set, As recently we did CAPI through Facebook And Instagram App and connected facebook to a partner shopify, after then we are suspecting we are getting is that can be true?