Heroku

Heroku

Cloud platform as a service for deploying and scaling web applications. Heroku is primarily backend infrastructure with no direct script presence on end-user sites. Applications hosted on Heroku may set standard session and authentication cookies.

Back to Vendor Library

Overview

Heroku is a cloud platform as a service (PaaS) owned by Salesforce, used by developers to deploy, manage, and scale web applications. Heroku is backend infrastructure — it hosts applications but doesn't inject scripts into the websites it serves. Applications running on Heroku may set their own cookies for session management, but these come from the application itself, not from Heroku as a third-party.

If Heroku appears in a third-party script audit, it's because the application is hosted on Heroku's infrastructure, not because Heroku is loading external tracking scripts.

What This Script Does

Heroku itself has no third-party script presence:

  • Application hosting: Runs web applications on Heroku's cloud infrastructure with managed deployment and scaling
  • No client-side scripts: Heroku does not inject scripts, pixels, or tracking code into hosted applications
  • Application cookies: Any cookies set are from the hosted application itself, not from Heroku as a third party

Consent & Compliance

  • GDPR: Heroku as infrastructure doesn't process visitor personal data beyond hosting. The hosted application's own data processing determines consent requirements.
  • ePrivacy Directive: No third-party cookies or scripts from Heroku.

Should You Block This Without Consent?

Heroku does not load third-party scripts on websites. It's infrastructure that hosts applications. There is nothing to block in the context of website consent management.

No.

Visit website

Consent Categories

Essential
Functional

Also Known As

heroku cookiesheroku consentheroku session cookiesheroku gdprheroku privacy complianceheroku app cookie management

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (1)

heroku.comEssential

Frequently Asked Questions

Does Heroku set cookies that require user consent?

No. Heroku is cloud infrastructure for hosting web applications, not a third-party tracking tool. Any cookies on a Heroku-hosted site come from the application itself, not from Heroku as an external vendor. Heroku has no client-side script presence.

Why does Heroku appear in my third-party audit?

Heroku appears because your application is hosted on Heroku infrastructure. The application's domain or API requests route through Heroku's servers. This is backend hosting, not a third-party marketing or analytics script running in the visitor's browser.

Does ConsentStack need to manage Heroku?

No. ConsentStack manages client-side scripts that run in visitor browsers. Since Heroku is server-side hosting infrastructure with no browser script presence, there is nothing for ConsentStack to block or gate. Assess your hosted application's own cookies separately.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Heroku

ConsentStack automatically detects and manages Heroku trackers so your site stays compliant with global privacy regulations.

Get started free