Segment

Overview

Segment is a customer data platform (CDP) that collects behavioral events from websites and routes them to analytics, CRM, and advertising destinations. It acts as a single data collection layer that replaces the need for multiple vendor-specific tracking scripts. Rather than managing separate integrations for Google Analytics, Mixpanel, HubSpot, and Facebook Ads, teams instrument Segment once and configure data routing to downstream destinations from Segment's dashboard. Twilio acquired Segment in 2020, and the platform is now part of Twilio's customer engagement stack.

What This Script Does

Analytics.js is the primary browser SDK, loaded from cdn.segment.com (or a proxied first-party domain if the site uses Segment's custom domain feature). The script is typically around 50–100 KB and initializes with the site's write key embedded in the snippet.

Automatic data collection: On load, Analytics.js fires a page() call capturing the URL, referrer, page title, and UTM parameters. Subsequent page navigations in single-page applications trigger additional page() calls if the site uses Segment's history API integration.

Identity and cookies: Segment sets a first-party cookie named ajs_anonymous_id (2-year expiry) containing a UUID that persists across sessions to identify the same browser over time. When a user logs in or signs up, a identify() call links the anonymous ID to a known user ID, email, or other traits. A ajs_user_id cookie stores the resolved identity. These cookies are set under the site's own domain when using the default configuration.

Track events: Custom track() calls instrument business events — "Product Viewed," "Added to Cart," "Order Completed" — with associated properties (product ID, price, category). These events are sent to api.segment.io (or events.eu1.segmentapis.com for EU-hosted workspaces) and fanned out to configured destinations.

Destination routing: Downstream integrations connected to Segment may include Google Analytics 4, Amplitude, Mixpanel, HubSpot, Salesforce, Facebook Conversions API, Customer.io, Braze, and hundreds of others. Some integrations load additional client-side scripts ("device-mode destinations") bundled into the Analytics.js payload, while others operate server-side ("cloud-mode destinations") where data flows from Segment's servers to the destination without additional browser-side code.

Segment Personas / Twilio Engage: Sites using Segment's CDP capabilities build user profiles from accumulated event data, enabling audience segmentation and personalized marketing automation.

Consent & Compliance

Segment is classified under the analytics consent category, though its effective scope extends to marketing when advertising or marketing automation destinations are configured. Because Segment is infrastructure for routing data to any downstream tool, its consent requirements are at least as broad as the most sensitive destination connected to it.

Under GDPR, Segment processes personal data (browser identifiers, behavioral events, linked user identities) and routes it to third-party controllers and processors. This requires a lawful basis — typically consent under Article 6(1)(a) — before the ajs_anonymous_id cookie is set and before data is transmitted. The ePrivacy Directive requires consent before any non-strictly-necessary cookies are set. Segment provides a consent management integration that can gate event collection until consent is obtained.

Under CCPA/CPRA, the fan-out of user behavioral data to advertising platforms (Meta, Google Ads, etc.) may constitute a sale or share of personal information, requiring opt-out mechanisms. Segment is enrolled in the EU-US Data Privacy Framework and offers EU-region data residency (events.eu1.segmentapis.com) for workspaces that require EEA data to stay in Europe. Segment's DPA is available on their website and covers standard SCCs for international transfers where DPF does not apply.

IAB TCF purposes relevant to connected marketing destinations typically include Purpose 1 (Store and/or access information on a device), Purpose 7 (Measure ad performance), and Purpose 8 (Measure content performance).

Should You Block This Without Consent?

Yes. Segment sets persistent identity cookies and routes behavioral data to third-party services before the user has had an opportunity to consent. Even if Segment itself is analytics infrastructure, blocking it until consent is obtained is required because it immediately sets the ajs_anonymous_id cookie and begins data collection on load. Use Segment's built-in consent tooling or your CMP's integration to delay initialization until the user grants at least analytics consent.