SAP Commerce Cloud

SAP Commerce Cloud

SAP Commerce Cloud is an enterprise e-commerce platform powering online storefronts and headless commerce deployments. Storefront scripts manage product catalog rendering, cart state, checkout flows, and user account management. Session cookies and browser storage are used to maintain cart persistence and authentication state across shopping sessions.

SAP
Part of SAP
Back to Vendor Library

Overview

SAP Commerce Cloud (formerly SAP Hybris) is an enterprise e-commerce platform used by large retailers and B2B organizations to power their online storefronts. When detected, it typically means the entire website is built on SAP's commerce infrastructure rather than SAP being a third-party embed. The platform manages product catalogs, shopping carts, checkout flows, customer accounts, order management, and personalization — serving as the foundational technology stack for the online store.

What This Script Does

SAP Commerce Cloud operates as the storefront platform, with its scripts handling core e-commerce functionality.

  • Platform scripts: The storefront's JavaScript framework (typically Angular-based Spartacus or a custom accelerator) loads from the site's own domain, managing product browsing, search, filtering, cart operations, and checkout flows
  • Session management: Session cookies maintain the shopping cart contents, authentication state, and user preferences across page navigations. These are first-party cookies set on the storefront domain.
  • Cookies set:
    • Cart session cookies linking the visitor's browser to their server-side shopping cart
    • Authentication cookies for logged-in customer accounts
    • Language and currency preference cookies for internationalized storefronts
    • CSRF protection tokens for secure form submissions
  • Browser storage: localStorage and sessionStorage may be used for cart caching, recently viewed products, search history, and UI state
  • Data collected: Product views, search queries, cart additions/removals, and checkout form data (shipping address, payment details) — all standard e-commerce interactions processed by the platform to complete transactions
  • Personalization: SAP Commerce Cloud's built-in personalization engine may track browsing behavior to display recommended products, targeted promotions, and personalized content. This component extends beyond strictly necessary e-commerce functionality.

Consent & Compliance

SAP Commerce Cloud falls under the essential consent category for core e-commerce functionality.

Under GDPR and ePrivacy, the platform's core functions (cart management, checkout, authentication) are strictly necessary for the e-commerce service explicitly requested by the user. Session cookies maintaining cart state and login sessions fall under the ePrivacy Directive's exemption. However, the personalization engine that tracks browsing behavior to recommend products may require separate consent as it goes beyond strictly necessary functionality. SAP provides GDPR compliance tools including consent management integration points, data subject request handling, and data processing agreements.

Under CCPA/CPRA, customer account data, order history, and browsing behavior collected by the platform constitute personal information. SAP Commerce Cloud's personalization features may require disclosure of profiling activities. Transaction data processing is necessary for the requested service.

Should You Block This Without Consent?

No. SAP Commerce Cloud is the storefront platform itself — blocking it would make the entire e-commerce site non-functional. Core e-commerce cookies (cart, authentication, CSRF) are strictly necessary. If the personalization engine is active and tracks browsing behavior for product recommendations, that component should be managed under analytics or functional consent separately from the essential platform.

Visit website

Consent Categories

Essential

Also Known As

sap commerce cloudsap hybrishybris commercesap storefrontsap ecommercesap commerce

Industries

Computers Electronics and TechnologyProgramming and Developer Software

Frequently Asked Questions

Does SAP Commerce Cloud require visitor consent under GDPR?

No for core e-commerce functions. Cart session, authentication, language preference, and CSRF cookies are strictly necessary under the ePrivacy Directive. The personalization engine tracking browsing behavior for product recommendations goes beyond strictly necessary and should be evaluated separately under analytics or functional consent.

What cookies does SAP Commerce Cloud set?

SAP Commerce Cloud sets first-party session cookies for cart state, authenticated sessions, language and currency preferences, and CSRF protection tokens. LocalStorage and sessionStorage are used for cart caching, recently viewed products, and UI state. Specific cookie names vary by deployment configuration and are set on the storefront domain.

How does ConsentStack handle SAP Commerce Cloud?

ConsentStack classifies SAP Commerce Cloud as essential for core storefront functions — cart, authentication, CSRF — and does not block these cookies. The personalization engine is identified separately and can be blocked pending analytics or functional consent. Detection is based on Hybris-specific script patterns and session cookie signatures.

Other SAP Products

SAP Customer Experience
SAP Customer Experience
SAP Customer Experience is SAP's integrated CX platform encompassing commerce, sales, customer service, and marketing modules. Browser-side scripts support personalization engines, storefront components, and customer data collection. Behavioral data, session identifiers, and profile attributes may be collected across channels for customer journey orchestration.
SAP Marketing Cloud
SAP Marketing Cloud
SAP Marketing Cloud is an enterprise marketing automation platform for campaign management, audience segmentation, and customer journey orchestration. Scripts enable web tracking and behavioral data collection to build customer profiles and trigger personalized campaign responses. Sets cookies and pixels to identify visitors and attribute marketing interactions.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for SAP Commerce Cloud

ConsentStack automatically detects and manages SAP Commerce Cloud trackers so your site stays compliant with global privacy regulations.

Get started free