Yext Pixel and Cookies in Pages Product Offerings | Yext Hitchhikers Platform

Optional Technologies

At a client’s request, the following optional pixel and optional cookie may be deployed with Pages:

Analytics Pixel

An optional analytics pixel (called the Pages pixel), which consists of an <img> tag that sends data to the following endpoint: www.yextevents.com (or www.yext-pixel.com if you are on Classic Pages ).

The Pages pixel processes pageview events and click events and is used to determine how many times a page has been viewed, and by how many unique visitors. The pixel is able to integrate with any CMP (consent management platform), and can be opted-out via CMP as needed. The Pages pixel lasts for a session and is considered to be first party.

Yext Analytics Pixel to Integrate with Your CMP

You can integrate the Yext Analytics pixel with your CMP by calling the function to enable the Yext Analytics pixel. As a summary, this process would go as follows:

  • The site implementer must ensure their website is explicitly opted out of Analytics; for website implemented using Pages, this can be done by setting requireOptIn to true on the AnalyticsProvider component (refer to the component props ).
  • After user’s relevant consent, enable the Yext analytics pixel by calling the function window.enableYextAnalytics();.
  • In other words, a tag to call the function is triggered within your tag manager based on conditional logic on whether the user has consented via your CMP or not.

An optional analytics tracking cookie _yfpc (Yext First-Party Cookie), which can be used to associate user events with a unique cookie ID (refer to our training for more information). This sends data to the following endpoint: realtimeanalytics.yext.com/conversiontracking. When this tracking cookie is enabled, a cookie will be set in the browser called _yfpc, and it will send the cookie value to the Pages analytics system along with all tracked events. This tracking cookie is able to integrate with any CMP, and can be opted-out via CMP. This first party cookie lasts for 90 days.

Automatically Deployed Cookies

The following cookies are automatically deployed:

  1. Cloudflare session cookie (__cf_bm) from Cloudflare is deployed with all Pages products to help protect against bot traffic. Refer to Cloudflare’s documentation for more details. The __cf_bm cookie from Cloudflare is present in all domains as you go through our Cloudflare setup. For EU-hosted clients, below is a list of possible hostnames. Note wildcards are used so as not to enumerate every subdomain. The most relevant domains for a Pages or Search setup are bolded. The descriptions may help you filter down to a list which is relevant for the client.

    • *.eu.mktgcdn.com (Photo/Assets Serving)
    • *.eu.yextevents.com (Yext Analytics)
    • *.eu.yextapis.com (Yext APIs)
    • *.eu.yext.com (Yext platform, legacy API endpoints)
    • *.eu.yext-static.com (Yext platform static assets)
    • *.eu.yextstatic.com (Yext platform static assets)
    • *.eu.optimizelocation.com (Yext white labelled platform)
    • *.eu.optimizelocationstatic.com (Yext white labelled platform static assets)
    • *.eu.pgsdemo.com (Sites placeholder domains)
    • *.eu.leavefeedback.app (Yext Reviews endpoints)
    • *.pagescdn.com (Sites preview links, bridge domains)
    • *.sitescdn.com (Classic Pages, legacy bridge domains)
    • *.eu.yextpages.net (Classic Pages preview links)
    • *.eu.landingpagespreview.com (Classic Pages/Page Builder previews)
    • Any client provided domains/subdomains that are powering a Pages or Search experience
      • For example, branches.[clientDomain].ie
  2. Cloudflare rate limiting cookie (_cfuvid) is deployed only when Rate Limiting Rules are configured for a site. This cookie is used by Cloudflare’s WAF (Web Application Firewall) to distinguish individual users who share the same IP address, which is necessary for proper rate limiting functionality.

    1. This cookie is strictly necessary for security purposes when rate limiting is enabled, as it helps prevent abuse while ensuring legitimate users can access the site even when sharing an IP address with other visitors.
    2. Note: Pages 2.0 sites in the EU currently do not have rate limiting rules configured, so this cookie is not present on those sites. Refer to Cloudflare’s documentation for more details.
  3. When a client wants a site to be private and gated behind security settings (refer to our Authentication documentation to learn more), Yext “Secure Sites” session cookie (securesites) is deployed to identify user sessions. This cookie is strictly necessary in order for the security settings to work properly.

    1. For sites protected by password protection, cookie expiration occurs after 7 days.
    2. For sites protected by OIDC, expiration occurs after 2 hours, but can be renewed via refresh token transparently with the relevant OIDC provider.

Treatment of IP Addresses for Yext Pages

The Yext Pages Pixel collects IP address information in order to determine the user’s approximate city and country as well as to calculate user sessions. We employ the use of a hashing algorithm to ensure that these IP addresses are obscured after receipt of the analytics event.

Yext also collects IP address information from Cloudflare, Yext’s content distribution network provider, in order to enforce bot-blocking against known malicious bots. To obscure the IP addresses, Cloudflare drops the last octet before Yext ingests the logs into its internal database.

With this treatment of IP addresses, Yext wants to ensure that IP addresses cannot be traced back to individual users. Similarly, Yext does not match IP addresses to other personal data of users, nor does Yext use IP addresses to construct user profiles. Furthermore, this data is only available in Yext’s backend databases to a limited number of employees who have a need to have access to it.