Skip to main content

New Shopify-API for GDPR compliance



  • FC

    Hello Finn,


    That is very relevant question. Have you had any answer regarding this?




  • Spas – vConnect – Community Supporter


    This new feature does not seem very useful, it seems to be a tool for scripts that set tracking and you need to ask Shopify whether or not they are allowed to.
    However, there is a method that lets you set consent to tracking to either true or false, but I don't think that influences what cookies Shopify sets, nor is it granular. Meaning either you accept tracking or you don't.You could add a little script, but I'm doubtful this solves the issue that Cookiebot generally have with Shopify:
    window.addEventListener("CookiebotOnConsentReady", function() {
    var c = Cookiebot.consent,
    p = c.preferences,
    s = c.statistics,
    m =,
    tracking = p && s && m ? true : false;
    window.Shopify.customerPrivacy.setTrackingConsent(tracking, function() {
    console.log("Tracking " + (tracking ? "en" : "dis") + "abled");

    The issue is caused because website builders (like Wix, Shopify, etc) add their own native scripts to the page before any of your own content is added, including third party scripts like Cookiebot. This means that by the time the Cookiebot script loads, cookies or similar trackers will potentially already have been set.
    To avoid tracking by the Website Builder's native scripts prior consent, you would have to mark them up. Unfortunately these scripts aren't accessible to you, making this impossible.

    This makes achieving full GDPR compliance impossible for Website Builder users. That is why Cookiebot encourage users to contact the companies behind their Website Builders and ask them to reach out to Cookiebot, so they can work together on finding a solution that allows the blocking of tracking from native scripts prior consent.


  • Roger Herbert

    Hi Spas,

    Just to add: as part of the change Shopify also added the ability (in online store > preferences) to limit native tracking by default, preventing such scripts from loading until an app like Cookiebot provides consent via the new API mentioned earlier.


Please sign in to leave a comment.