Salesforce Commerce Cloud

Salesforce Commerce Cloud

Salesforce Commerce Cloud is an enterprise e-commerce platform powering online storefronts. Platform scripts manage shopping cart state, product catalog browsing, and checkout flows. Session cookies maintain cart contents and authentication state. Analytics integrations capture purchase events and browsing behavior for merchandising and personalization.

Back to Vendor Library

Overview

Salesforce Commerce Cloud (formerly Demandware) is an enterprise e-commerce platform that powers the entire storefront experience for many large retailers. When detected on a website, it indicates the site's product catalog, shopping cart, checkout, and order management are all running on Salesforce's infrastructure. The platform combines essential e-commerce functionality with built-in analytics and personalization capabilities.

What This Script Does

Commerce Cloud serves as the application layer for the entire storefront, so its scripts handle both essential transactional functions and optional analytics tracking.

Essential functions:

  • Session cookies (typically dwsid or similar) maintain shopping cart state, product selections, and checkout progress. These are first-party session cookies that expire when the browser closes or after a short inactivity period.
  • Authentication cookies (dwanonymous_*, dwsecuretoken_*) manage logged-in user state, saved addresses, payment method tokens, and order history access. Persistent variants may last 30-180 days.
  • CSRF protection tokens and platform security cookies are set to prevent cross-site request forgery during form submissions and checkout.

Analytics and personalization functions:

  • Commerce Cloud's built-in analytics module (sometimes referred to as Commerce Cloud Einstein) tracks product views, search queries, category browsing, cart additions, and purchase events. This data feeds into merchandising reports and product recommendation algorithms.
  • Einstein Product Recommendations scripts collect behavioral signals to power "customers also bought" and "recommended for you" widgets.
  • A/B testing infrastructure may load to test different product layouts, pricing displays, or promotional content.

Data is transmitted to Salesforce's analytics endpoints for processing. Third-party integrations (payment gateways, analytics tools) are loaded by the platform but are typically separate vendors in their own right.

Consent & Compliance

Commerce Cloud straddles the essential and analytics categories. The core e-commerce session management — cart state, authentication, checkout CSRF protection — qualifies as strictly necessary under the ePrivacy Directive and does not require consent. Under GDPR, these functions can be justified under Article 6(1)(b) as necessary for the performance of a contract (completing a purchase the user initiated).

However, the Einstein analytics and recommendation engine components go beyond what is strictly necessary. Behavioral tracking for product recommendations and merchandising insights constitutes analytics processing that requires consent under both the ePrivacy Directive (for cookie storage) and GDPR (legitimate interest is arguable but consent is the safer legal basis for profiling).

Under CCPA/CPRA, purchase transaction data has specific exemptions, but behavioral browsing data used for personalization and recommendations is personal information subject to disclosure and opt-out requirements.

Should You Block This Without Consent?

Conditional. The core e-commerce session management (cart, authentication, checkout) is essential and should not be blocked. However, the Einstein analytics, product recommendation tracking, and behavioral merchandising features should be blocked until the visitor consents to analytics cookies. Configure your consent management to allow the platform's essential cookies while gating the analytics and personalization scripts.

Visit website

Consent Categories

Essential
Analytics

Also Known As

salesforce commercedemandwaresfcccommerce cloudsalesforce ecommercesalesforce storefront

Industries

Computers Electronics and TechnologyProgramming and Developer Software

Tracked Domains (1)

demandware.netEssential

Frequently Asked Questions

Does Salesforce Commerce Cloud require cookie consent?

Conditional. Core session cookies like dwsid and dwanonymous_* are strictly necessary for cart and checkout and require no consent. Einstein Analytics scripts tracking browsing behavior for recommendations require analytics consent.

What cookies does Salesforce Commerce Cloud set?

Essential cookies include dwsid (session, cart state), dwanonymous_* and dwsecuretoken_* (authentication, 30-180 days). Einstein Analytics sets behavioral tracking cookies for product recommendation algorithms and A/B test assignments.

How does ConsentStack handle Salesforce Commerce Cloud?

ConsentStack splits Commerce Cloud into essential and analytics categories. Core session and auth cookies load without consent. Einstein Analytics and recommendation tracking scripts are blocked until the visitor grants analytics consent.

Related Vendors

Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Salesforce Commerce Cloud

ConsentStack automatically detects and manages Salesforce Commerce Cloud trackers so your site stays compliant with global privacy regulations.

Get started free