Apple

Apple

Primarily present through Apple Maps JavaScript embeds and Apple Pay JS on e-commerce sites. The Maps script renders interactive maps and may log interaction events. Apple Pay JS checks device eligibility and communicates with Apple servers during checkout to complete payment sessions.

Back to Vendor Library

Overview

Apple's presence on third-party websites arises from two distinct integrations: the Apple Maps JavaScript API for embedding interactive maps, and Apple Pay JS for enabling in-browser payment on e-commerce sites. Both are functional tools serving user-initiated purposes and are architecturally separate from Apple's advertising products.

What This Script Does

Apple Maps JavaScript API Apple Maps JS is loaded from cdn.apple-mapkit.com and renders interactive map tiles for store locators, event venues, contact pages, and location-based features. The script:

  • Contacts tile.maps.apple.com for map tile assets
  • Contacts api.apple-mapkit.com for geocoding, routing, and search queries
  • Authenticates using a MapKit JS token issued by the site operator's server
  • Logs map interaction events (pan, zoom, marker selection) to Apple's infrastructure for service operation
  • Does not set persistent tracking cookies for cross-site advertising or behavioral profiling
  • May store transient session state in memory to support smooth map rendering

Apple Pay JS Apple Pay JS is loaded from applepay.cdn-apple.com and enables in-browser Apple Pay payment flows. The script:

  • Calls ApplePaySession.canMakePayments() to detect whether the user's device and browser support Apple Pay — this occurs without any network request and is local-only
  • Contacts apple-pay-gateway.apple.com (or cn-apple-pay-gateway.apple.com for China) to initiate and validate payment sessions when the user taps Pay
  • Exchanges encrypted payment tokens with Apple's servers — the merchant server never sees raw card data
  • Handles the user's biometric (Face ID, Touch ID) or passcode authentication for payment authorization
  • Sets session-scoped cookies only for the duration of the payment flow
  • Communicates transaction details (merchant ID, amount, currency, domain) to Apple for session creation

Neither Apple Maps nor Apple Pay is used for cross-site behavioral tracking, audience building, retargeting, or advertising profiling.

Domains contacted:

  • Maps: cdn.apple-mapkit.com, tile.maps.apple.com, api.apple-mapkit.com
  • Pay: applepay.cdn-apple.com, apple-pay-gateway.apple.com, cn-apple-pay-gateway.apple.com

No persistent tracking cookies are set by either integration. Session storage during the payment flow is transient and scoped to completing the transaction.

Consent & Compliance

GDPR/ePrivacy: Apple Maps serves a functional purpose directly requested by the user — viewing a location on a map. Apple Pay processes a payment transaction initiated by the user, covered by contractual necessity under GDPR Article 6(1)(b). Neither script performs behavioral profiling or sets advertising cookies. The ePrivacy Directive's strictly necessary exemption applies to cookies and storage used exclusively for completing a user-requested transaction or rendering a user-requested map.

CCPA/CPRA: Apple Pay's payment processing is a necessary transaction function, not a sale or sharing of personal information for advertising purposes. Apple's privacy practices contractually limit data use to service provision.

EU-US Data Transfers: Apple Inc. participates in the EU-US Data Privacy Framework (DPF) and uses Standard Contractual Clauses for international transfers of personal data.

Consent category: Essential (Apple Pay payment processing) and Functional (Apple Maps).

Should You Block This Without Consent?

No. Apple Maps and Apple Pay serve functional purposes directly initiated by users — location display and payment processing respectively. Neither performs advertising tracking or cross-site behavioral profiling. They can load without prior consent under the strictly necessary and contractual necessity grounds. Disclose these services in the site's privacy policy to explain payment processing and mapping service providers.

Visit website

Products (3)

Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.
Apple Pay
Apple Pay
Apple Pay is a digital payment service that enables secure checkout on websites through Safari and supported browsers. Scripts load the Apple Pay button, present the payment sheet, and process tokenized card transactions without exposing raw payment details to the merchant. Handles biometric authentication via Touch ID or Face ID for payment authorization.

Consent Categories

Essential
Functional

Also Known As

Apple PayApple MapsMapKit JSApple Pay JS

Industries

Computers Electronics and TechnologyComputer Hardware

Tracked Domains (1)

cdn-apple.comEssential

Frequently Asked Questions

Do Apple integrations require cookie consent?

Conditionally. Apple Pay (essential) needs no consent as a payment service. Apple Maps JS is functional and may warrant consent due to IP transmission to Apple tile servers. Neither performs advertising tracking or sets cross-site behavioral cookies, so neither falls under marketing consent requirements.

What do Apple Maps and Apple Pay transmit?

Apple Maps JS contacts cdn.apple-mapkit.com, tile.maps.apple.com, and api.apple-mapkit.com for map rendering, geocoding, and routing. It sets no cookies. Apple Pay contacts apple-pay-gateway.apple.com for merchant validation and returns an encrypted payment token. Neither script participates in ad networks or cross-site behavioral profiling.

How does ConsentStack categorize Apple integrations?

ConsentStack classifies Apple Pay as essential and Apple Maps JS as functional. Apple Pay is never blocked. Apple Maps JS may be gated behind functional consent on conservative implementations due to IP transmission to Apple servers. Neither integration receives a marketing or analytics classification in ConsentStack.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Apple

ConsentStack automatically detects and manages Apple trackers so your site stays compliant with global privacy regulations.

Get started free