Squarespace

Squarespace

E-commerce website builder used by entrepreneurs and small businesses. Squarespace's scripts handle storefront rendering, checkout, and form submissions on Squarespace-hosted sites. Also loads analytics, scheduling (Acuity), and e-commerce tracking scripts as part of its integrated platform.

Back to Vendor Library

Overview

Squarespace is a website builder and all-in-one e-commerce platform hosting millions of businesses, creators, and portfolios. On Squarespace-built sites, its scripts are the foundational layer — they render the entire site template, manage routing, power the e-commerce storefront, and bundle analytics and scheduling (via Acuity) into the core platform. Unlike WordPress or other open platforms, Squarespace is a closed system: the site cannot function without its core scripts.

What This Script Does

Core Site Infrastructure

  • Bootstraps the entire site: template rendering, responsive layout, navigation, and page transitions
  • Manages client-side routing for single-page application navigation between Squarespace pages
  • Scripts are loaded from static1.squarespace.com (CDN) and assets.squarespace.com
  • Handles media delivery: images served through Squarespace's Imgix-backed image processing pipeline

E-Commerce and Checkout

  • Powers Squarespace Commerce: product catalog rendering, inventory display, shopping cart session management, and checkout flow
  • Processes payments via Squarespace Payments (Stripe-backed), PayPal, and Apple Pay integrations
  • Sets cart session cookies to persist cart state across page navigation

Cookies Set

  • crumb — CSRF protection token, first-party, session
  • squarespace-announcement-bar — tracks whether the visitor has dismissed the announcement bar, first-party, persistent
  • SQ_LANGUAGE_SESSION — language preference for multilingual sites, first-party, session
  • SS_MID / SS_CVRT — Squarespace's built-in visitor analytics identifiers, first-party, persistent (up to 2 years); powers the Squarespace Analytics dashboard for site owners
  • _orig_referrer — captures the initial referral source for traffic attribution, first-party, session
  • Cart cookies: session-scoped identifiers for cart persistence on commerce sites

Built-In Analytics (Squarespace Analytics)

  • Every Squarespace site includes built-in analytics that cannot be disabled — tracking page views, unique visitors, traffic sources, and sales data
  • The SS_MID cookie provides persistent visitor identification for this analytics system
  • Data is sent to Squarespace's analytics pipeline and displayed in the site owner's Squarespace dashboard
  • This analytics cannot be selectively blocked without breaking the site

Acuity Scheduling Integration

  • Sites using Acuity Scheduling (a Squarespace product) load additional scripts from acuityscheduling.com
  • Acuity scripts are treated as functional (see Acuity Scheduling vendor entry)

Consent & Compliance

Consent category: Essential / Functional

Squarespace's core rendering scripts, CSRF protection, and cart cookies are essential for any Squarespace-hosted site to function and are exempt from consent under the ePrivacy Directive. The SS_MID persistent analytics cookie is more nuanced — it is set by default for Squarespace's built-in analytics and persists for up to 2 years, technically requiring consent under a strict ePrivacy interpretation. However, because it cannot be disabled without breaking the platform, sites using Squarespace must disclose it in their privacy policy and cookie notice. Under GDPR, Squarespace acts as a data processor; the site operator is the controller. Squarespace is a US company and participates in the EU-US Data Privacy Framework.

Should You Block This Without Consent?

No. Squarespace scripts are the essential foundation of Squarespace-hosted sites. Blocking them would render the site non-functional. Squarespace's built-in analytics (SS_MID) cannot be disabled, so disclosure and a clear cookie notice are the appropriate compliance approach on Squarespace-built sites.

Visit website

Consent Categories

Essential
Functional

Also Known As

squarespace cookiessquarespace GDPRsquarespace trackingsquarespace analytics privacysquarespace e-commerce consentAcuity scheduling consent

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (1)

squarespace.comEssential

Frequently Asked Questions

Do Squarespace scripts require visitor consent on Squarespace-built sites?

No for core scripts. Squarespace's rendering, routing, cart, and CSRF scripts are essential infrastructure that cannot be blocked without breaking the site entirely. The SS_MID persistent analytics cookie requires disclosure in your cookie notice, and any third-party marketing integrations enabled in Squarespace settings require their own consent.

What cookies does Squarespace set by default?

Squarespace sets crumb (CSRF, session), SS_MID (2-year visitor analytics ID), SS_CVRT (conversion tracking), _orig_referrer (initial traffic source, session), and SQ_LANGUAGE_SESSION (language preference). SS_MID cannot be disabled — it is bundled into the platform and powers the analytics dashboard.

How does ConsentStack work with Squarespace sites?

ConsentStack on Squarespace sites manages optional third-party tools added via Squarespace's integrations panel, such as Google Analytics, Meta Pixel, or Klaviyo. Core Squarespace scripts are essential and cannot be gated. ConsentStack surfaces these integrations and ensures SS_MID is disclosed in your cookie notice.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Squarespace

ConsentStack automatically detects and manages Squarespace trackers so your site stays compliant with global privacy regulations.

Get started free