Bloomreach

Bloomreach

Bloomreach is a digital experience platform combining AI-powered search, merchandising, and content management for ecommerce. Scripts power on-site search autocomplete and product listing page merchandising using Bloomreach's relevance engine. Behavioral signals collected during browsing are used to personalize search rankings and product recommendations.

Back to Vendor Library

Overview

Bloomreach is a digital experience platform (DXP) combining AI-powered site search, product discovery, merchandising, content management, and customer data capabilities for e-commerce. Its product suite includes Bloomreach Discovery (search and recommendations), Bloomreach Engagement (CDP and marketing automation — formerly Exponea), and Bloomreach Content (headless CMS). Large e-commerce retailers use Bloomreach to replace native platform search, personalize category pages, and build unified customer profiles that drive multi-channel marketing.

The browser-side JavaScript footprint is primarily associated with Bloomreach Discovery (the search and merchandising layer) and Bloomreach Engagement (the CDP and behavioral tracking layer). These are separate products with distinct data collection behaviors and consent implications, though they may both be present on the same site.

What This Script Does

Bloomreach Discovery (search & merchandising):

  • Loads from cdn.bloomreach.com or the merchant's CDN proxy
  • Powers autocomplete search suggestions, keyword search results pages, and product listing page (PLP) merchandising
  • Collects behavioral signals per search session: search queries entered, products clicked from results, add-to-cart events, and purchase completions — transmitted to Bloomreach's relevance engine to improve result ranking in real time
  • Sets first-party cookies (e.g., _br_uid_2) — persistent, up to 1 year — to identify returning visitors and build personalized search ranking models based on individual browsing history
  • Sends events to api.exponea.com or cdp.bloomreach.com endpoints for the Engagement integration

Bloomreach Engagement (CDP / Exponea):

  • Loads as exponea.min.js or sdk.bloomreach.com/sdk.js
  • Operates a full behavioral event stream: page views, product views, category views, search queries, cart events, checkout steps, and purchase completions
  • Sets the __exponea_etc__ cookie (first-party, up to 3 years) as a persistent unique visitor identifier powering the customer profile
  • Sets the __exponea_time2__ cookie (first-party, session) for session management
  • Builds a unified customer profile linking anonymous browsing behavior to identified customer records when a visitor logs in, registers, or submits an email form
  • Enables email, SMS, and push notification campaigns triggered by on-site behavioral events
  • IAB TCF Purposes (Engagement): Purpose 1 (Store/access information), Purpose 3 (Create personalised ads profile), Purpose 4 (Select personalised ads), Purpose 5 (Create personalised content profile), Purpose 7 (Measure ad performance), Purpose 8 (Measure content performance), Purpose 9 (Apply market research)

Consent & Compliance

Bloomreach is categorized as functional and analytics.

  • Bloomreach Discovery (functional aspect): Basic search functionality — returning results, rendering PLPs — can qualify as functional/legitimate interest since it directly serves the visitor's navigation intent. However, the _br_uid_2 persistent cookie used for personalized ranking constitutes cross-session behavioral profiling and requires analytics consent.
  • Bloomreach Engagement (analytics/marketing): The Exponea CDP component requires explicit consent before firing. The 3-year __exponea_etc__ identifier is a persistent tracking cookie that builds long-horizon behavioral profiles and enables downstream marketing automation. This is unambiguously an analytics and marketing tool requiring prior consent.
  • GDPR/ePrivacy: The persistent visitor identifiers require consent under Article 5(3) ePrivacy. Bloomreach is available as a GDPR-compliant data processor; a DPA and Standard Contractual Clauses are required for EU deployments.
  • CCPA/CPRA: The behavioral data collected by Engagement, particularly when shared with advertising integrations, may constitute sharing of personal information for cross-context behavioral advertising, triggering opt-out obligations.

Should You Block This Without Consent?

Conditional. Bloomreach Discovery can operate in a consent-free mode if configured to use only session-scoped signals without persistent visitor identification — verify this with your Bloomreach implementation. The Bloomreach Engagement / Exponea CDP component must be blocked until analytics consent is granted, as it sets multi-year tracking cookies and builds cross-session behavioral profiles.

Visit website

Consent Categories

Functional
Analytics

Also Known As

BloomreachBloomreach DiscoveryExponeaecommerce searchBloomreach CDP

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (2)

cdn.exponea.comMarketing
api.exponea.comMarketing

Frequently Asked Questions

Does Bloomreach require consent on my site?

It depends on which Bloomreach product is active. Discovery's basic search can operate without consent, but the persistent _br_uid_2 visitor cookie used for personalized ranking requires analytics consent. The Bloomreach Engagement (Exponea) CDP component always requires explicit consent before firing.

What tracking does Bloomreach Engagement perform?

Bloomreach Engagement sets the __exponea_etc__ cookie — a first-party identifier lasting up to 3 years — to build a unified customer profile linking anonymous browsing to identified customers. It tracks page views, searches, cart events, and purchases to power multi-channel marketing automation.

How does ConsentStack handle Bloomreach?

ConsentStack separates Bloomreach Discovery and Engagement into distinct consent requirements. Basic search loads functionally, but the Engagement CDP and persistent visitor identification cookies are blocked until analytics consent is granted. ConsentStack manages this split automatically.

Related Vendors

Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.
Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.

Manage consent for Bloomreach

ConsentStack automatically detects and manages Bloomreach trackers so your site stays compliant with global privacy regulations.

Get started