ShipStation

ShipStation

ShipStation is an e-commerce shipping and order fulfillment management platform. It operates primarily as a backend service; order tracking page embeds may appear on retailer websites, allowing customers to look up shipment status using their order details.

Back to Vendor Library

Overview

ShipStation is a cloud-based shipping and order fulfillment platform used by e-commerce businesses to manage multi-carrier shipping, print labels, automate fulfillment workflows, and track deliveries. It integrates with over 300 selling channels and carriers including Shopify, WooCommerce, BigCommerce, Amazon, USPS, UPS, FedEx, and DHL. ShipStation operates primarily as a backend SaaS tool used by merchants internally; its customer-facing web presence is limited to branded tracking pages and customer notification emails. When detected on a website, ShipStation typically appears through embedded order tracking pages where customers look up shipment status.

What This Script Does

ShipStation's customer-facing web presence is limited to order tracking embeds. There is no behavioral analytics or marketing tracking script that ShipStation deploys on retailer websites.

Order tracking page embeds:

  • ShipStation provides branded tracking pages hosted at tracking.shipstation.com or similar, which can be embedded on retailer websites via iframe
  • These pages display: shipment status, carrier name, tracking number, estimated delivery date, and package event history
  • Retailers often link directly to the ShipStation tracking URL from order confirmation emails rather than embedding it on-site

Script behavior when embedded:

  • The tracking page iframe loads from ShipStation's domain; all script execution is sandboxed within the iframe context
  • A tracking lookup is performed against ShipStation's API using the order number or tracking ID provided by the visitor
  • Results are rendered within the iframe displaying carrier-reported shipment events

Cookies set:

  • Session cookies within the iframe, scoped to shipstation.com — these maintain the tracking lookup result state during the current browser session
  • No persistent tracking cookies are set on the retailer's domain
  • No cookies used for behavioral tracking, advertising, or cross-site identification

Data collected:

  • Order tracking lookups: the visitor submits an order number or email/ZIP combination to retrieve their shipment
  • Carrier-reported tracking events are fetched and displayed (no visitor behavioral data is collected)
  • No browsing behavior on the retailer's host website is monitored or recorded

No marketing tracking: ShipStation does not deploy advertising pixels, retargeting tags, or behavioral analytics scripts on retailer websites. Its integration is purely backend order management.

Consent & Compliance

ShipStation falls under the functional consent category. Under GDPR and ePrivacy, order tracking embeds serve a functional purpose — providing shipment status information that the customer explicitly requests by navigating to a tracking page. Session cookies within the iframe are scoped to ShipStation's domain and are required for the tracking lookup interaction. The ePrivacy Directive's exemption for services directly requested by the user applies.

Under CCPA/CPRA, order tracking data (order numbers, shipping addresses, delivery status) constitutes personal information processed for the requested fulfillment service. ShipStation acts as a data processor for the merchant; merchants should have a DPA in place. ShipStation is a US-based company (owned by Auctane); EU data transfers rely on Standard Contractual Clauses.

Should You Block This Without Consent?

No. ShipStation's customer-facing components serve a functional purpose — order tracking that customers explicitly use. The platform has no marketing or analytics tracking scripts on the retailer's website. Blocking it would remove order tracking capability. Session cookies within the iframe are technically necessary for the lookup interaction and are exempt from consent requirements.

Visit website

Consent Categories

Functional

Also Known As

ShipStation shippingShipStation trackingShipStation e-commerceorder fulfillment platform

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (1)

shipstation.comFunctional

Frequently Asked Questions

Does ShipStation require consent on my website?

No consent is required for ShipStation's order tracking embeds. The tracking page serves a functional purpose — providing shipment status that customers explicitly request. Session cookies within the iframe are technically necessary for the lookup interaction and fall under the ePrivacy strictly necessary exemption.

What cookies does ShipStation set?

ShipStation's order tracking page loads inside an iframe from tracking.shipstation.com. All scripts run in the sandboxed iframe context with session cookies scoped to ShipStation's domain. No persistent tracking cookies are set on the retailer's domain, and no browsing behavior is monitored.

How does ConsentStack handle ShipStation?

ConsentStack classifies ShipStation as functional and does not block its order tracking embed. Because ShipStation sets no marketing or analytics cookies on the host domain and the interaction is explicitly requested by the customer, no consent gate is applied.

Related Vendors

Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.
Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.

Manage consent for ShipStation

ConsentStack automatically detects and manages ShipStation trackers so your site stays compliant with global privacy regulations.

Get started