Spotify

Spotify

Global music streaming platform with embedded player capabilities and an ad-tech network. Spotify Ad Analytics pixels track marketing campaign performance for brands advertising on the Spotify platform. The web embed loads an interactive player and may set authentication cookies for logged-in users.

Back to Vendor Library

Overview

Spotify operates both an embeddable audio player for websites and an advertising analytics platform with conversion tracking pixels. The embed allows publishers to surface Spotify content directly on their pages, while Spotify Ad Analytics serves brands and agencies measuring campaign performance across the Spotify advertising ecosystem.

What This Script Does

Spotify Embedded Player The Spotify embed player is loaded via an iframe from open.spotify.com/embed/. The embedding page includes a small JavaScript snippet from open.spotify.com that resizes the iframe and handles messaging between the player and the host page. The player itself:

  • Streams audio via Spotify's CDN infrastructure (audio-ak-spotify-com.akamaized.net, audio4-ak-spotify-com.akamaized.net)
  • Contacts open.spotify.com and api.spotify.com for track metadata, album art, and playback control
  • For logged-in users, sets authentication cookies under spotify.com to maintain session state and sync playback history to the user's Spotify account
  • For anonymous users, sets a transient session cookie scoped to the embed interaction
  • Sends playback events (play, pause, skip, seek) to Spotify's analytics infrastructure
  • Does not set third-party tracking cookies on the host page domain for advertising purposes

Cookies potentially set in the Spotify origin (iframe):

  • sp_t (third-party within Spotify iframe, 1 year) — Spotify anonymous tracking identifier
  • sp_ab (third-party, 1 year) — A/B testing bucket assignment
  • sp_landing (third-party, 1 day) — landing attribution cookie

Spotify Ad Analytics Pixel Spotify Ad Analytics (formerly Spotify Pixel) is a conversion tracking product for brands advertising on the Spotify platform. The pixel loads from pixel.byspotify.com and fires on advertiser pages — typically landing pages or post-conversion destinations. It:

  • Records that a user who was exposed to or clicked on a Spotify ad subsequently visited the advertiser's site
  • Sets a third-party tracking cookie on byspotify.com (1 year) to maintain attribution windows
  • Collects IP address, User-Agent, page URL, referrer, and custom conversion event data
  • Sends attribution data to Spotify's measurement infrastructure for campaign reporting

Podcast Embed Spotify podcast embeds use the same open.spotify.com/embed/episode/ iframe infrastructure as music embeds. Behavior is identical in terms of data collection and cookie setting.

Domains contacted:

  • Embed player: open.spotify.com, api.spotify.com, audio-ak-spotify-com.akamaized.net
  • Ad Analytics: pixel.byspotify.com, spclient.wg.spotify.com

Consent & Compliance

GDPR/ePrivacy: The Spotify embedded player serves a functional purpose — providing audio content directly requested by the user. However, the iframe sets cookies under spotify.com that may qualify as non-essential if they track users beyond the immediate playback session. For logged-in users, playback data synced to Spotify accounts constitutes personal data processing. Spotify Ad Analytics pixels are marketing tools requiring explicit opt-in consent. The ePrivacy Directive requires consent for advertising tracking cookies set by byspotify.com.

CCPA/CPRA: Spotify Ad Analytics pixels that share conversion data with Spotify qualify as selling or sharing personal information under CCPA.

EU-US Data Transfers: Spotify AB (Swedish entity) processes data under GDPR directly. US data transfers to Spotify's infrastructure are covered by Standard Contractual Clauses.

IAB TCF: Spotify Ad Analytics maps to IAB TCF Purposes 1, 2, 3, and 4.

Consent category: Functional (embedded player) and Marketing (Ad Analytics conversion pixel).

Should You Block This Without Consent?

Conditional. The embedded Spotify player serves a functional content purpose and can load without consent, though operators should disclose that the iframe may set cookies for logged-in Spotify users. Spotify Ad Analytics pixels are marketing tools that track advertising conversions and must be blocked until marketing consent is granted. Implement these as separate scripts with separate consent conditions — do not bundle the embed and the pixel under a single consent toggle.

Visit website

Consent Categories

Functional
Marketing

Also Known As

Spotify Ad AnalyticsSpotify embedSpotify pixelSpotify advertisingSpotify iframe

Industries

Arts and EntertainmentMusic

Tracked Domains (2)

spotify.comEssential
spotifycdn.comEssential

Frequently Asked Questions

Is consent required for Spotify?

Conditional. The embedded Spotify player is functional and may load without consent, but the Spotify Ad Analytics pixel at pixel.byspotify.com tracks ad conversions and requires explicit marketing consent.

What does Spotify track?

The embed sets sp_t (1 year) and sp_ab (1 year) cookies within the Spotify iframe. The Ad Analytics pixel sets a byspotify.com tracking cookie (1 year) and collects IP, User-Agent, and page URL for attribution.

How does ConsentStack manage Spotify consent?

ConsentStack separately handles the Spotify embed and Ad Analytics pixel. The embed is categorized as functional and may load without consent. The pixel.byspotify.com script is blocked until marketing consent is granted.

Related Vendors

Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.
Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.

Manage consent for Spotify

ConsentStack automatically detects and manages Spotify trackers so your site stays compliant with global privacy regulations.

Get started free