TL;DR
Around 2,300 merchants a month search for _shopify_sa_p and _shopify_sa_t, expecting to find two Shopify cookies that drive marketing attribution. They will not find them in Shopify's documentation. These names are absent from Shopify's current cookie policy [1], absent from Shopify's developer changelog, and the only places they survive are a stale 2021-era third-party cookie database and one uncited vendor blog. What Shopify actually uses to attribute an order is the landing_site field, which stores the HTTP referrer recorded at the moment the order is created, plus a referring_site field and the attribution models in your admin Marketing reports [2][3]. This piece resolves the question honestly: what the third-party sources claim, why that claim is unverified, and what mechanism really credits your channels.
Key Takeaways
-
_shopify_sa_pand_shopify_sa_tare not listed in Shopify's current cookie policy at shopify.com/legal/cookies as of June 2026 [1], and they do not appear in Shopify's developer changelog. - Third-party sources claim
sastands for "source attribution" and that these were short-lived marketing-touch cookies, but that claim traces back to one 2021-era cookie database and is unverified [4]. - Shopify's real attribution signal is the order's
landing_sitefield, which records the HTTP referrer captured at order creation [2]. - The companion
referring_sitefield and the admin Marketing reports apply attribution over a 30-day lookback window [3]. - Shopify's current documented cookies include
_shopify_essential,_tracking_consent,_landing_page, and_orig_referrer, none of which are namedsa_porsa_t[1]. - Shopify's
landing_sitecredit often differs from what Google Ads, Meta, or GA4 report, because each system reads a different signal at a different moment. - A server-side tracker reconciles the completed order back to the real campaign session, so the sale reaches each ad platform with consistent transaction IDs even when Shopify's referrer reads differently.
Are _shopify_sa_p and _shopify_sa_t real Shopify cookies?
The short answer is that they are not in Shopify's current documentation. I checked Shopify's published cookie policy at shopify.com/legal/cookies in June 2026, and neither _shopify_sa_p nor _shopify_sa_t appears anywhere in it [1]. They are also absent from Shopify's developer changelog, which is where Shopify announces and deprecates platform behavior. There is no farewell post retiring them, which is unusual for a cookie that was once a documented part of the platform.
The cookies that Shopify does document by name in that policy include _shopify_essential for core store function, _tracking_consent for the visitor's privacy preferences, _landing_page for the landing page URL of an incoming visit, and _orig_referrer for the HTTP referrer of that visit [1]. Two more, _shopify_y and _shopify_s, were marked for retirement as Shopify moved visitor identity onto the Web Pixels API. The _shopify_y visitor token has its own full breakdown in Shopify cookies explained: what _shopify_y actually tracks. What you will not find on that documented list is anything named sa_p or sa_t.
So the honest position is this. If a guide tells you to inspect _shopify_sa_p in your browser to debug attribution, that guide is pointing you at a cookie Shopify does not currently document as setting. You can open your storefront, look in the application storage panel, and confirm it for yourself.
What do third-party sources claim about them?
The claim that floats around is specific and plausible-sounding, which is why it spread. Third-party cookie databases describe _shopify_sa_p and _shopify_sa_t as short-lived marketing-touch cookies, with sa read as "source attribution," p as a parameter or first-touch value, and t as a timestamp or last-touch value [4]. One vendor blog repeats roughly the same framing without citing a Shopify source.
When you trace that claim to its root, it lands on a 2021-era cookie database entry, not on Shopify's own documentation [4]. A cookie database is a crawl-and-catalog service. It records what it observed on some store at some point and infers a purpose from the name. That is useful signal, but it is not authoritative, and an entry from 2021 says nothing reliable about what Shopify sets in 2026. The platform has moved its tracking architecture twice since then, including the shift to the Web Pixels API.
I am labeling that "source attribution" reading as unverified on purpose. It may describe a cookie that genuinely existed on older Shopify checkouts and was retired quietly. It may be a misread of a different field. Either way, I have no Shopify-published document that confirms _shopify_sa_p is a live, currently-set attribution cookie, so I will not tell you it is one.
How does Shopify actually attribute a sale?
Here is the mechanism that real Shopify attribution runs on, and it is not a named cookie you can read. When an order is created, Shopify records the HTTP referrer for that visit and stores it on the order in a field called landing_site [2]. That landing_site value, often a full URL with its UTM parameters intact, is the durable attribution signal. There is a companion referring_site field that captures the referrer of the session as well [2].
Your admin Marketing reports then apply an attribution model on top of those stored referrers. Shopify credits orders over a 30-day lookback window, so a session that drove a visit can still get credit for a purchase that completes up to 30 days later [3]. The model mechanics, first click versus last click versus the default Last non-direct click, are their own topic. I cover all of them in how Shopify attribution works: first click, last click, and direct orders, so I will not re-teach the five models here. The one-line version: Shopify reads the order's stored referrer and assigns channel credit through whichever model your reports use.
The distinction that matters for this article is mechanism. Attribution does not read a sa_p cookie value at report time. It reads order metadata that was captured at order creation. That is why you cannot fix a misattributed order by clearing a cookie, and why there is no sa_p value to inspect when a sale lands in the wrong channel.
Why does Shopify's credit differ from Google Ads and Meta?
Because each system reads a different signal at a different moment. Shopify reads the landing_site referrer stored on the order. GA4 reads its own _ga cookie and session. Google Ads and Meta credit clicks through their own click windows and pixel data. None of these share a single cookie, which is exactly why their numbers rarely line up.
This is the root cause behind the most common attribution complaint, that Google Ads reports fewer conversions than Shopify does. The two are counting different events with different rules. I walk through that specific gap in why Google Ads reports fewer conversions than Shopify. The takeaway for sa_p searchers is that there was never going to be one cookie that reconciles all four systems, because the systems were never built to share one.
The other place this surfaces is the broader question of first-party identity on Shopify, including which cookies persist under tracking prevention and what survives a post-cookie checkout. That ground is covered in first-party cookies on Shopify: customer identity in a post-cookie world, which lists sa_p and sa_t among historical cookie names without claiming they are current.
Verify the cookie reality on your own store
You do not have to take my word for any of this. Three checks settle it in about five minutes.
- Open your live storefront in Chrome, then open DevTools and go to Application → Storage → Cookies. Scan the list for any cookie whose name starts with
_shopify_sa. On a current Shopify storefront you will not see_shopify_sa_por_shopify_sa_tset. - Place a test order or open an existing one through the Admin API, and look at the order payload for the
landing_siteandreferring_sitefields. Thelanding_sitevalue is the referrer Shopify actually stored for that order [2]. - In your admin, open Analytics → Reports → Sessions by referrer and Marketing → attribution reports, and confirm the channel credit traces to the stored referrer, not to any cookie you can inspect [3].
If you only do one of these, do the first. The empty _shopify_sa result in your own cookie jar is the fastest proof that the search query you started with is chasing a cookie that is not there.
FAQ
Is _shopify_sa_p a current Shopify cookie?
It does not appear in Shopify's current cookie policy at shopify.com/legal/cookies as of June 2026 [1], and it is absent from Shopify's developer changelog. The name survives only in a 2021-era third-party cookie database and one uncited vendor blog [4], so treat any "it tracks source attribution" description as unverified.
What does the "sa" in _shopify_sa_p supposedly stand for?
Third-party sources read sa as "source attribution" and frame p and t as first-touch and last-touch or timestamp values [4]. That reading is not confirmed by any Shopify document, so I label it as a third-party claim, not a fact.
If not a cookie, how does Shopify track where my orders come from?
Through the order's landing_site field, which stores the HTTP referrer captured when the order is created, plus the referring_site field [2]. Your admin Marketing reports then apply an attribution model over a 30-day lookback to assign channel credit [3].
Why do my Shopify, GA4, and Google Ads numbers disagree?
Each system reads a different signal. Shopify reads the stored landing_site referrer, GA4 reads its _ga cookie and session, and ad platforms credit clicks through their own windows. There is no shared cookie, which is why the totals differ [2][3].
Where can I see the landing_site value for an order?
Open the order through the Admin API or a server-side tracking app and read the landing_site field on the order object [2]. It usually contains the full landing URL with UTM parameters, which is the referrer Shopify recorded for that sale.
Track the real campaign session behind every order
Shopify's landing_site credit frequently differs from what Google Ads, Meta, or TikTok report on the same sale, because each platform reads a different signal at a different moment. WeltPixel Conversion Tracking reconciles the completed order back to the real campaign session and sends it server-side to GA4, Meta, TikTok, Google Ads, and Reddit with consistent transaction IDs, so a purchase still reaches each platform even when Shopify's stored referrer reads differently.
Install WeltPixel Conversion Tracking on the Shopify App Store
Sources
- Shopify. "Cookie Policy." https://www.shopify.com/legal/cookies (checked June 2026;
_shopify_sa_pand_shopify_sa_tare not listed) - Shopify Dev Docs. "Order object: landing_site and referring_site." https://shopify.dev/docs/api/admin-rest/latest/resources/order
- Shopify. "Marketing Attribution: Definition and Different Models." https://www.shopify.com/blog/marketing-attribution (Shopify-official; covers the attribution models and session-based credit, with the order's stored referrer as the underlying signal)
- Third-party cookie database entry (2021-era) describing
_shopify_sa_p/_shopify_sa_tas source-attribution cookies. Unverified against Shopify's own documentation; included only to identify where the claim originates.