Nosto

Nosto

Nosto is an ecommerce personalization platform that delivers product recommendations, personalized content, and behavioral popups. Scripts track browsing history, cart activity, and purchase events to build visitor profiles used for real-time product recommendation widgets. Used by Shopify, Magento, and custom platform stores to increase average order value.

Back to Vendor Library

Overview

Nosto is an ecommerce personalization platform that delivers AI-driven product recommendations, personalized content, and behavioral popup campaigns. It is purpose-built for online retail and integrates natively with Shopify, Magento, Salesforce Commerce Cloud, and custom storefronts. Nosto builds real-time visitor profiles from browsing and purchase behavior and uses these profiles to power recommendation widgets on product pages, category pages, cart pages, and post-purchase flows. The platform is used by thousands of Shopify and Magento merchants to increase average order value and reduce bounce rates.

What This Script Does

The Nosto script (connect.nosto.com/include/<account-id>/shopify.js or equivalent) bootstraps the personalization engine on page load and initializes communication with Nosto's recommendation API.

Cookies set:

  • 2c.cId — first-party persistent cookie, typically 1-year expiry, stores Nosto's unique visitor identifier for personalization continuity across sessions
  • 2c.cAnon — tracks anonymous visitor state before any purchase or account activity
  • Session cookies for cart state and current-session behavioral signals
  • Recommendation impression cookies to prevent repeat display of the same product sets

Behavioral data collected per interaction:

  • Product views: Product ID, category, price point, brand — recorded on every product detail page load
  • Search queries: Search terms entered on-site, mapped to categories browsed
  • Cart additions and removals: Product IDs, quantities, and order values — used to refine real-time recommendations
  • Purchase events: Complete order data (product IDs, quantities, revenue) used to update the visitor's purchase history profile
  • Exit-intent signals: Cursor movement toward browser chrome triggers behavioral popup evaluation

Script behavior:

  • On page load, transmits current page context (page type, product category, cart contents) to Nosto's API at api.nosto.com
  • Receives personalized recommendation payloads and renders them into configured placement slots on the page
  • Evaluates behavioral popup rules (exit intent, time on page, cart value thresholds) and displays overlays accordingly
  • Sends behavioral events to Nosto's servers for real-time profile updates and model training

IAB TCF purposes: Purpose 1 (Store and/or access information on a device), Purpose 3 (Create a personalised ads profile), Purpose 4 (Select personalised ads), Purpose 5 (Create a personalised content profile), Purpose 6 (Select personalised content) — relevant for personalization use cases.

Consent & Compliance

Nosto combines functional and marketing processing. The product recommendation widgets provide functional ecommerce value, but they are powered by persistent behavioral profiling that tracks individual visitors across multiple sessions. Under GDPR and ePrivacy, the persistent visitor identifier cookie (2c.cId) and behavioral profiling require consent — these are non-essential cookies used for personalization and potentially marketing optimization.

Under CCPA/CPRA, behavioral profiling for personalized product recommendations and exit-intent marketing popups may qualify as "sharing" of personal information for cross-context behavioral advertising, requiring opt-out rights. Nosto is headquartered in Helsinki with US operations and relies on SCCs for EU-US data transfers.

Should You Block This Without Consent?

Conditional. Nosto provides functional value through product recommendations but also performs persistent behavioral profiling. Basic recommendation display driven by current-session context only may be considered functional. However, cross-session profiling via the persistent visitor ID cookie and behavioral popup targeting require consent. If possible, load Nosto in a consent-gated mode — or suppress the persistent identifier — until marketing consent is granted.

Visit website

Consent Categories

Marketing
Functional

Also Known As

NostoNosto personalizationecommerce recommendationsShopify personalizationNosto script

Industries

Computers Electronics and Technology

Tracked Domains (2)

connect.nosto.comMarketing
cdn.nosto.comMarketing

Frequently Asked Questions

Does Nosto require consent on my website?

Consent is required for Nosto's cross-session behavioral profiling. Basic product recommendations driven by current-session context only may be considered functional. However, the persistent visitor identifier cookie and exit-intent popup targeting require marketing consent before loading.

What cookies and data does Nosto collect?

Nosto sets the 2c.cId persistent cookie (one-year expiry) as a unique visitor identifier, plus session cookies for cart state. The script transmits page context, product views, cart events, and purchase data to api.nosto.com to build individual visitor profiles for personalization.

How does ConsentStack handle Nosto?

ConsentStack classifies Nosto under both functional and marketing categories. It can load Nosto in a restricted mode for session-only recommendations, then unlock full cross-session personalization and behavioral popups only after marketing consent is obtained.

Related Vendors

Google Ads
Google Ads
Google Ads is Google's advertising platform for search, display, and remarketing campaigns. Conversion tracking scripts fire on advertiser landing pages to measure actions taken after ad clicks. The remarketing tag builds audience lists for retargeting users across Google's ad network.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag is the Universal Event Tracking pixel for Microsoft's ad platform, formerly Bing Ads. The JavaScript tag fires on advertiser websites to track page views, conversions, and custom events for campaign optimization. Sets cookies to identify visitors across sessions and attribute conversions to Microsoft Search and Audience Network ad clicks.
LinkedIn Ads
LinkedIn Ads
LinkedIn Ads is LinkedIn's advertising platform for B2B marketing and professional audience targeting. Conversion tracking scripts and pixels fire on advertiser websites to measure sign-ups, downloads, and purchases driven by LinkedIn ad campaigns. Sets cookies for audience matching, retargeting list building, and cross-device attribution reporting.

Manage consent for Nosto

ConsentStack automatically detects and manages Nosto trackers so your site stays compliant with global privacy regulations.

Get started free