Salesforce Experience Cloud

Salesforce Experience Cloud

Salesforce Experience Cloud is a digital experience platform for building branded portals, communities, and customer-facing websites. When detected, it indicates the site runs on Salesforce's application framework. Platform scripts handle user authentication, content rendering, and CRM data integration. Sets session cookies for authenticated user state management.

Back to Vendor Library

Overview

Salesforce Experience Cloud (formerly Community Cloud) is a digital experience platform used to build branded customer portals, partner communities, help centers, and public-facing websites on Salesforce's application framework. When detected, it indicates the website or portal is running on Salesforce's infrastructure, with CRM data integration powering authenticated user experiences like account management, case submission, and knowledge base access.

What This Script Does

Experience Cloud's scripts primarily handle platform-level functionality required to render and operate the site:

  • Session management cookies — the platform sets session cookies (typically Salesforce-standard session identifiers) to maintain authenticated user state across page navigation. These are essential for logged-in experiences like viewing account details, submitting support cases, or accessing partner resources.
  • CSRF tokens — anti-forgery tokens are set as cookies to protect form submissions and API calls from cross-site request forgery attacks.
  • Lightning framework scripts — the Salesforce Lightning Web Runtime loads JavaScript bundles that handle component rendering, client-side navigation, and API communication with the Salesforce backend. These scripts are required for the site to function.
  • Content delivery — static assets (stylesheets, images, JavaScript) are served from Salesforce CDN domains.

Experience Cloud does not independently set marketing or analytics tracking cookies. However, site administrators may add Salesforce Marketing Cloud, Google Analytics, or other tracking scripts through the platform's configuration — those would be separate vendors. The platform itself is focused on content delivery and authenticated user session management.

Consent & Compliance

Experience Cloud falls into the essential category. Its scripts and cookies serve the core platform infrastructure required to render pages, maintain user authentication, and protect form submissions. Under GDPR Article 6(1)(b), session management for authenticated portals is necessary for the performance of the service the user is accessing. The ePrivacy Directive exempts strictly necessary cookies from the consent requirement, and Experience Cloud's session and security cookies qualify for this exemption.

Under CCPA/CPRA, the session data processed by Experience Cloud is functional in nature and falls within the service provider relationship. No additional opt-out obligations arise from the platform's core operation, though any additional tracking scripts layered on top by the site operator would need separate assessment.

Should You Block This Without Consent?

No. Experience Cloud's scripts and cookies are essential platform infrastructure for rendering the website and maintaining user sessions. Blocking them would break the site entirely. Any marketing or analytics tracking added on top of the platform should be managed as separate vendors.

Visit website

Consent Categories

Essential

Also Known As

Salesforce Community CloudSalesforce portalsSalesforce digital experienceSalesforce communities

Industries

Computers Electronics and TechnologyProgramming and Developer Software

Tracked Domains (1)

salesforce.comEssential

Frequently Asked Questions

Does Salesforce Experience Cloud require cookie consent?

No. Experience Cloud scripts and cookies are essential platform infrastructure for rendering pages and maintaining authenticated user sessions. Session management and CSRF protection cookies qualify for the strictly necessary exemption under ePrivacy. No marketing or analytics tracking cookies are set by the platform itself.

What does Salesforce Experience Cloud set in the browser?

Experience Cloud sets session management cookies to maintain authenticated user state and CSRF anti-forgery tokens for form security. It loads Salesforce Lightning Web Runtime JavaScript bundles required for page rendering. No persistent tracking cookies are set. Static assets are served from Salesforce CDN domains.

How does ConsentStack handle Salesforce Experience Cloud?

ConsentStack classifies Experience Cloud as essential infrastructure and does not block its scripts. Since the platform sets only session and security cookies necessary for the site to function, ConsentStack treats it as consent-exempt. Any marketing or analytics scripts added on top of the platform are assessed separately as distinct vendors.

Related Vendors

Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Salesforce Experience Cloud

ConsentStack automatically detects and manages Salesforce Experience Cloud trackers so your site stays compliant with global privacy regulations.

Get started free