Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Yahoo! Web Analytics was a free web analytics product retired by Yahoo in 2012; legacy tags can still load defunct beacons and dropped cookies that should be removed.
Yahoo! Web Analytics was a free site analytics product launched in 2008 after Yahoo acquired IndexTools. It was retired by Yahoo in 2012, with users invited to migrate to other tools. Despite the shutdown, the JavaScript tag is still found on long lived sites, mostly because the snippet was never removed during a CMS migration.
Where the tag still loads, it tries to write cookies named WEB_ID and WT_FPC and to beacon page view data to a Yahoo endpoint that no longer accepts traffic for most accounts. Even when the beacon fails, the cookies are still written, and the JavaScript loads a third party script from a Yahoo controlled domain.
The cookies and the third party script are non essential, so article 5(3) of the ePrivacy Directive still applies. Asking visitors to consent to a dead service is poor practice and risks complaints. The privacy notice must either reflect the residual processing or, preferably, the tag should be removed.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Search the codebase for d.yimg.com, web-analytics.yahoo.com or the WEB_ID cookie. Remove the inline snippet, purge cached versions in your CDN, and flush any remaining cookies via a small script that deletes them on the first matching domain visit.
Yahoo (now part of Apollo Global Management as Yahoo Inc.) operates from the United States. Even residual beacon attempts therefore qualify as a transfer to a third country. Removing the tag is the simplest way to eliminate the transfer.
Treat any detection of Yahoo! Web Analytics as a tag hygiene incident. Remove the snippet, document the cleanup in your records of processing activities, scan for similar dead tags such as Google Urchin or Compete, and add a periodic audit to your privacy review.
Websites using Yahoo! Web Analytics must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is largely moot for a product that no longer accepts new data, but the residual cookies and beacons still trigger ePrivacy obligations. Operators should remove the tag and document the cleanup; the broader risk is that legacy code shows lack of governance.
Sample consent text
A legacy Yahoo! Web Analytics tag was detected on this page. The product has been discontinued, but the tag may still set cookies. By accepting, you allow these residual cookies; we recommend removing the tag rather than asking visitors to consent to a dead service.
Third-party domains contacted
web-analytics.yahoo.comd.yimg.comyahoo.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| WEB_ID | Analytics | 2 years | Yahoo! Web Analytics first party visitor identifier; still written by legacy tags even though Yahoo no longer processes the data. |
| WT_FPC | Analytics | 2 years | Yahoo! Web Analytics first party session tracker, also a remnant of the legacy IndexTools heritage. |
Yahoo! Web Analytics collects user analytics data — you legally need a consent banner. Try FlowConsent free.
When the legacy tag still loads, it tries to set WEB_ID and WT_FPC cookies plus session cookies on the visitor browser, even though the underlying service no longer accepts new traffic for most accounts.
Yes if any cookie is still set or any third party script still loads. The service is discontinued, so the simplest answer is to remove the tag rather than gather consent for a defunct product.
Consent is the only realistic basis if the tag remains active. Legitimate interest is hard to argue when the destination platform no longer exists and the operator has no business need.
Yes by design. Yahoo Inc. is US based, so even residual beacon attempts go to US infrastructure. Removing the tag is the cleanest way to end the transfer.
In practice no, because the service is dead. The expected response is to remove the tag and document the cleanup, not to perform a full DPIA on a non functional product.
Search the codebase for d.yimg.com or web-analytics.yahoo.com references, remove the snippet, purge CDN caches, drop residual WEB_ID and WT_FPC cookies, and document the cleanup in your tag inventory.
Modern analytics that fit a privacy aware EU posture include Matomo, Plausible, Fathom, Cabin, Piwik PRO, Google Analytics 4 with a strict consent setup or Adobe Analytics with EU residency.
Remove all references to Yahoo! Web Analytics from the cookie policy, confirm the cookies are no longer set, replace with the documentation of the analytics platform you use today, and add a periodic dead tag audit.