Custom Pixels are Shopify's sanctioned replacement for checkout scripts, but they run inside a sandboxed web worker, not on the page itself. If your Additional Scripts do more than fire a tracking beacon, you need to know what survives the move and what doesn't.
No DOM access
The sandbox has no document of the host page. Scripts that read or modify the page are dead on arrival:
- Post-purchase survey widgets injected into the thank-you page
- Scripts scraping order details from the page HTML
- Referral pop-ups and custom UI of any kind
Workaround: data-reading scripts should switch to the event payload (it carries the full checkout object). UI widgets need a different surface entirely — usually a checkout UI extension or a post-purchase page app.
No Liquid variables
Every {{ checkout.* }} reference must be mapped to the checkout_completed event payload:
{{ checkout.total_price | money_without_currency }}→checkout.totalPrice.amount{{ checkout.currency }}→checkout.totalPrice.currencyCode{{ checkout.order_number }}→checkout.order.id(orcheckout.tokenas fallback){{ checkout.line_items }}loops →checkout.lineItemsarray
Consent is built in
Pixels declare which consent categories they need (analytics, marketing). If the visitor declined that category under GDPR/CCPA banners, Shopify simply doesn't deliver events to your pixel. That's correct behavior — but it also means a pixel can go quiet for legitimate reasons, which makes distinguishing "consent-limited" from "broken" harder.
Timing and lifecycle differences
Legacy scripts ran once on page load. Pixel subscriptions fire when the event happens — which can be earlier than the thank-you page render, and exactly once per checkout rather than on every page refresh. Deduplication logic guarding against refresh double-fires is no longer needed.
The practical takeaway
For 80% of scripts — ad platform tags, affiliate postbacks — conversion is mechanical: swap Liquid for payload fields, wrap in analytics.subscribe. Tools like PixelWard automate exactly that and flag the other 20% (DOM access, unknown vendors) so you know what needs human attention instead of finding out in September.