Sitecore

Sitecore

Sitecore loads scripts on enterprise websites to handle content personalization, visitor analytics, and session tracking. Scripts collect behavioral data to drive real-time content targeting and support digital experience management workflows.

Back to Vendor Library

Overview

Sitecore is an enterprise digital experience platform (DXP) used by large organizations to manage website content, run personalization rules, and collect visitor analytics. Its scripts appear on websites built on Sitecore's CMS infrastructure, where client-side components handle real-time content targeting, session analytics, and experience personalization. Sitecore serves enterprise clients across retail, financial services, healthcare, and government sectors.

What This Script Does

Sitecore loads its analytics and personalization scripts from the organization's own Sitecore server or Sitecore's cloud delivery infrastructure (Sitecore XM Cloud, Sitecore Experience Edge). Key scripts include:

  • Sitecore Analytics (xDB): The experience database tracking script records page views, goals achieved, engagement value scores, campaign attributions, and session metadata. A persistent analytics cookie (commonly SC_ANALYTICS_GLOBAL_COOKIE or sitecore_*) with a 13-month expiry stores the visitor identifier used to build behavioral profiles.
  • Personalization engine: Client-side rules evaluate visitor segment membership (based on accumulated behavioral history) to select and render targeted content variations in real-time.
  • Campaign tracking: UTM parameters and campaign attributes are recorded per-session and associated with the visitor's xDB profile.
  • Goals and events: Custom goal completion events (form submissions, downloads, video plays) are fired to the Sitecore analytics pipeline.

The SC_ANALYTICS_GLOBAL_COOKIE is particularly significant — it persists for up to 13 months and links all site visits by the same browser into a unified behavioral profile in Sitecore's Experience Database. This profile can include hundreds of page views, goal completions, and personalization segment memberships accumulated over time.

Domains contacted are typically the operator's own Sitecore infrastructure endpoints, though cloud deployments may contact Sitecore's CDN and cloud APIs.

Consent & Compliance

Sitecore's persistent analytics cookie (SC_ANALYTICS_GLOBAL_COOKIE) is a behavioral tracking cookie that accumulates a long-term profile of visitor interactions. Under the ePrivacy Directive, this requires prior consent — it is not functionally necessary for content delivery. Under GDPR, the creation of a behavioral visitor profile for personalization and analytics constitutes processing of personal data under Article 4(1) (the visitor ID cookie linked to behavioral history is personal data), requiring a lawful basis.

For analytics, legitimate interest may be argued for aggregate measurement, but the long-term individual-level profiling in xDB goes beyond aggregate analytics and strengthens the case for consent under Article 6(1)(a). For personalization that materially alters the user's experience, consent is the most defensible basis.

Under CCPA/CPRA, behavioral data collection and personalization based on personal data must be disclosed. Sitecore acts as a data processor; the site operator is the controller.

The consent category is mixed — analytics and personalization components require consent; content delivery does not.

Should You Block This Without Consent?

Conditional. Sitecore's content management functionality (rendering CMS content) can load without consent. The analytics tracking script and personalization engine — which set persistent cookies and build behavioral profiles — must be gated on consent. Sites using Sitecore purely for content delivery without xDB analytics enabled may load without a consent gate, but most production deployments include analytics.

Visit website

Consent Categories

Analytics
Functional

Also Known As

sitecoresitecore analyticssitecore personalizationsitecore DXPsitecore trackingsitecore experience platform

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (1)

sitecore.comFunctional

Frequently Asked Questions

Does Sitecore require cookie consent?

Yes. Sitecore uses analytics and functional scripts that track visitor behavior, build user profiles, and personalize content. Under GDPR and ePrivacy regulations, the analytics tracking component requires explicit consent. The personalization features that rely on behavioral profiling also fall under consent requirements for data processing.

What cookies and tracking data does Sitecore collect?

Sitecore sets persistent cookies like SC_ANALYTICS_GLOBAL_COOKIE with a 13-month expiry to identify visitors across sessions. Its xDB module records page views, engagement scores, campaign attributions, and session metadata. The personalization engine evaluates visitor segments based on browsing history to deliver targeted content.

How does ConsentStack manage Sitecore scripts?

ConsentStack detects Sitecore analytics and personalization scripts loading from Sitecore cloud infrastructure or self-hosted instances. It classifies them under analytics and functional categories. When a visitor denies consent, ConsentStack blocks Sitecore's tracking scripts while allowing essential CMS content delivery to continue uninterrupted.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Analytics
Google Analytics
Google Analytics is the world's most widely deployed web analytics platform. Scripts track page views, sessions, user demographics, traffic sources, and conversion events. Drops cookies to identify returning visitors and attribute user journeys across sessions.
Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.

Manage consent for Sitecore

ConsentStack automatically detects and manages Sitecore trackers so your site stays compliant with global privacy regulations.

Get started free