Yext Pixel and Cookies in Pages Product Offerings | Yext Hitchhikers Platform
Optional Technologies
At a client’s request, the following optional pixel and optional cookie may be deployed with Pages:
Analytics Pixel
An optional analytics pixel (called the Pages pixel), which consists of an <img>
tag
that sends data to the following endpoint: www.yextevents.com (or www.yext-pixel.com if you are on
Classic Pages
).
The Pages pixel processes pageview events and click events and is used to determine how many times a page has been viewed, and by how many unique visitors. The pixel is able to integrate with any CMP (consent management platform), and can be opted-out via CMP as needed. The Pages pixel lasts for a session and is considered to be first party.
Analytics Tracking Cookie
An optional analytics tracking cookie (_yfdc), which can be used to associate user events with a unique cookie ID (refer to our
training
for more information). This sends data to the following endpoint: realtimeanalytics.yext.com/conversiontracking. When this tracking cookie is enabled, a cookie will be set in the browser called _yfdc, and it will send the cookie value to the Pages analytics system along with all tracked events. This tracking cookie is able to integrate with any CMP, and can be opted-out via CMP. This first party cookie lasts for 90 days.
Automatically Deployed Cookies
The following cookies are automatically deployed:
- Cloudflare session cookie (
__cf_bm) from Cloudflare is deployed with all Pages products to help protect against bot traffic (refer to Cloudflare’s documentation for more details).- As this cookie should be considered to be strictly necessary (it is used for security purposes, specifically detecting and protecting against malicious bots and preventing DdoS attacks), it should not require consent. The cookie notably contains information related to the calculation of a bot score, which is used to detect malicious bots.
- When a client wants a site to be private and gated behind security settings (refer to our
Authentication
documentation to learn more), Yext “Secure Sites” session cookie (
securesites) is deployed to identify user sessions. This cookie is strictly necessary in order for the security settings to work properly.- For sites protected by password protection, cookie expiration occurs after 7 days.
- For sites protected by OIDC, expiration occurs after 2 hours, but can be renewed via refresh token transparently with the relevant OIDC provider.
The __cf_bm cookie from Cloudflare is present in all domains as you go through our Cloudflare setup. For EU-hosted clients, below is a list of possible hostnames. Note wildcards are used so as not to enumerate every subdomain. The most relevant domains for a Pages or Search setup are bolded. The descriptions may help you filter down to a list which is relevant for the client.
*.eu.mktgcdn.com(Photo/Assets Serving)*.eu.yextevents.com(Yext Analytics)*.eu.yextapis.com(Yext APIs)*.eu.yext.com(Yext platform, legacy API endpoints)*.eu.yext-static.com(Yext platform static assets)*.eu.yextstatic.com(Yext platform static assets)*.eu.optimizelocation.com(Yext white labelled platform)*.eu.optimizelocationstatic.com(Yext white labelled platform static assets)*.eu.pgsdemo.com(Sites placeholder domains)*.eu.leavefeedback.app(Yext Reviews endpoints)*.pagescdn.com(Sites preview links, bridge domains)*.sitescdn.com(Classic Pages, legacy bridge domains)*.eu.yextpages.net(Classic Pages preview links)*.eu.landingpagespreview.com(Classic Pages/Page Builder previews)- Any client provided domains/subdomains that are powering a Pages or Search experience
- For example,
branches.[clientDomain].ie
- For example,
Treatment of IP Addresses for Yext Pages
The Yext Pages Pixel collects IP address information in order to determine the user’s approximate city and country as well as to calculate user sessions. We employ the use of a hashing algorithm to ensure that these IP addresses are obscured after receipt of the analytics event.
Yext also collects IP address information from Cloudflare, Yext’s content distribution network provider, in order to enforce bot-blocking against known malicious bots. To obscure the IP addresses, Cloudflare drops the last octet before Yext ingests the logs into its internal database.
With this treatment of IP addresses, Yext wants to ensure that IP addresses cannot be traced back to individual users. Similarly, Yext does not match IP addresses to other personal data of users, nor does Yext use IP addresses to construct user profiles. Furthermore, this data is only available in Yext’s backend databases to a limited number of employees who have a need to have access to it.