SAP

SAP

SAP's enterprise software ecosystem includes SAP Customer Data Cloud (formerly Gigya), SAP Emarsys (marketing automation), and SAP Commerce Cloud. On-site scripts handle identity management, consent collection, and behavioral event tracking for enterprise marketing workflows.

Back to Vendor Library

Overview

SAP's web-facing product portfolio includes SAP Customer Data Cloud (formerly Gigya) for identity and consent management, SAP Emarsys for omnichannel marketing automation, and SAP Commerce Cloud for enterprise e-commerce. These products collectively handle user authentication, consent orchestration, behavioral tracking, and personalized marketing for large enterprise brands.

What This Script Does

SAP's client-side presence depends on which products are deployed. Each product has a distinct script footprint and data collection profile.

SAP Customer Data Cloud (formerly Gigya)

  • gigya.js — Loaded from cdns.gigya.com. Handles social login (Google, Facebook, Apple, LinkedIn), user registration flows, and screen-sets (embeddable UI components for login/registration).
  • Sets gig_bootstrap_* cookies — Short-lived cookies used during the authentication flow to maintain state.
  • Sets gig_canary cookie — Tracks A/B testing assignments for Gigya UI experiments.
  • API calls to accounts.{datacenter}.gigya.com for account operations, social token exchange, and consent recording.
  • Stores user profiles, consent preferences, and identity graph data in Gigya's cloud.

SAP Emarsys

  • scarab.js or the Emarsys Web Extend script — Loaded from recommender.scarabresearch.com or Emarsys CDN endpoints.
  • Tracks product page views, category browsing, cart additions, and purchases.
  • Sets scarab.visitor cookie — Persistent visitor identifier used to build behavioral profiles for email campaign personalization and on-site recommendations. Persists for 1 year.
  • Sets scarab.session cookie — Session-level behavioral tracking. Expires on session end.
  • Sends behavioral events to Emarsys' recommendation engine to generate personalized product recommendations and trigger automated email flows.

SAP Commerce Cloud

  • Hybris-based frontend JavaScript handles product catalog rendering, cart management, and checkout flows.
  • Session cookies for cart state and checkout continuity — typically JSESSIONID or SAP-specific session tokens.

Domains Contacted

  • cdns.gigya.com, accounts.us1.gigya.com, accounts.eu1.gigya.com — Customer Data Cloud CDN and API
  • recommender.scarabresearch.com, cdn.scarabresearch.com — Emarsys Web Extend tracking
  • SAP Commerce endpoints vary by customer deployment (typically customer-specific subdomains)

Consent & Compliance

Consent category: Marketing / Functional (varies by product)

  • GDPR/ePrivacy: Emarsys behavioral tracking (scarab.visitor) requires explicit consent — it profiles users across sessions for marketing personalization. Gigya's core authentication is functional, but progressive profiling and analytics features require separate consent. Under ePrivacy, all non-essential cookies (Emarsys tracking, Gigya analytics) require prior opt-in consent.
  • CCPA/CPRA: Emarsys behavioral profiles constitute personal information used for targeted marketing, which is subject to opt-out rights. Gigya identity data is personal information subject to access and deletion requests.
  • IAB TCF: Emarsys is a registered IAB TCF vendor (Vendor ID varies). Relevant TCF purposes include Purpose 1 (store/access device information), Purpose 3 (create personalised ad profile), and Purpose 4 (select personalised ads).
  • EU-US transfers: SAP is a German company (EU-headquartered). Gigya data centers are available in the EU (eu1, eu2, eu5 data centers). Emarsys (headquartered in Austria) processes EU data within the EU. US deployments rely on SCCs.

Should You Block This Without Consent?

Conditional. SAP Customer Data Cloud's core authentication and consent collection scripts are functional and can load without marketing consent. SAP Emarsys' behavioral tracking scripts (scarab.js) should be blocked until marketing consent is obtained. Evaluate each SAP product independently — the presence of one SAP product does not imply all SAP products are deployed.

Visit website

Products (3)

SAP Commerce Cloud
SAP Commerce Cloud
SAP Commerce Cloud is an enterprise e-commerce platform powering online storefronts and headless commerce deployments. Storefront scripts manage product catalog rendering, cart state, checkout flows, and user account management. Session cookies and browser storage are used to maintain cart persistence and authentication state across shopping sessions.
SAP Customer Experience
SAP Customer Experience
SAP Customer Experience is SAP's integrated CX platform encompassing commerce, sales, customer service, and marketing modules. Browser-side scripts support personalization engines, storefront components, and customer data collection. Behavioral data, session identifiers, and profile attributes may be collected across channels for customer journey orchestration.
SAP Marketing Cloud
SAP Marketing Cloud
SAP Marketing Cloud is an enterprise marketing automation platform for campaign management, audience segmentation, and customer journey orchestration. Scripts enable web tracking and behavioral data collection to build customer profiles and trigger personalized campaign responses. Sets cookies and pixels to identify visitors and attribute marketing interactions.

Consent Categories

Marketing
Functional

Also Known As

SAP Customer Data CloudSAP EmarsysSAP Commerce CloudGigya SAPSAP CDCenterprise marketing automation

Industries

Computers Electronics and TechnologyProgramming and Developer Software

Tracked Domains (2)

scarabresearch.comMarketing
sap.comMarketing

Frequently Asked Questions

Does SAP require consent on my website?

Conditional. SAP Emarsys behavioral tracking requires marketing consent. SAP Customer Data Cloud authentication is functional. SAP Commerce Cloud session cookies are essential. Evaluate each SAP product independently — detecting one does not mean others are active on the same site.

What cookies does SAP set?

SAP Emarsys sets scarab.visitor (visitor ID, 1 year) and scarab.session (session tracking). Customer Data Cloud sets gig_bootstrap_*, gig_canary, and glt_{apiKey} cookies. SAP Commerce Cloud sets cart and session cookies including JSESSIONID or SAP-specific tokens. Scripts load from cdns.gigya.com and recommender.scarabresearch.com.

How does ConsentStack manage SAP consent?

ConsentStack identifies SAP products by their script domains and cookie signatures. Emarsys scripts from scarabresearch.com are blocked until marketing consent is granted. Customer Data Cloud authentication is classified as functional. Commerce Cloud core scripts are classified as essential. Each product receives its own independent consent gate.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Ads
Google Ads
Google Ads is Google's advertising platform for search, display, and remarketing campaigns. Conversion tracking scripts fire on advertiser landing pages to measure actions taken after ad clicks. The remarketing tag builds audience lists for retargeting users across Google's ad network.
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag is the Universal Event Tracking pixel for Microsoft's ad platform, formerly Bing Ads. The JavaScript tag fires on advertiser websites to track page views, conversions, and custom events for campaign optimization. Sets cookies to identify visitors across sessions and attribute conversions to Microsoft Search and Audience Network ad clicks.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.

Manage consent for SAP

ConsentStack automatically detects and manages SAP trackers so your site stays compliant with global privacy regulations.

Get started free