Documentation

All instructions about how to set up Cookie-Script properly

After installing Cookie-Script on your website you might notice a change in Google Analytics counting direct traffic on your website or the number of visitors drops dramatically. This is actually a case with many third-party systems, not just Google Analytics, and depends a lot on your cookie popup settings. But let's start from the beginning.

Two ways third-party scripts use cookies

There are two ways third-party scripts (like Google Analytics) can track a visitor from one page to another with cookies.

Tracking user on third-party domain cookies

In some cases, cookies are placed under a third-party domain (like google.com). Using this method, third-party service providers can track users between different websites. Such cookies cannot be controlled by your website or scripts like Cookie-Script.

Those cookies cannot be deleted by Cookie-Script and you must make sure such third-party scripts are not included until the user allowed such cookie types.

We have prepared instructions on how this can be done.

Tracking user with your website domain cookies

In other cases, cookies are placed under your website domain (like example.com). With this method, third-party service providers cannot track users between different websites, only between pages under your domains.

Such cookies can be fully controlled by scripts on your domain and there is no need to do any extra actions for such scripts.

Cookie-Script automatically deletes those cookies if the user hasn't agreed to them.

Why does analytics data mess up?

Some website visitors won't agree to the cookie policy and will reject all cookies except strictly necessary. In other words, they will click I disagree button or simply ignore the cookie banner without making any choice. Let's see what happens under the hood in each case.

In case of third-party domain cookies

The third-party script was modified to be included only after the user gave consent. This means the script does not fire if no consent was given, no third-party functionality will be included.

For Google Analytics this means the visitor will not be counted at all.

As a result, the number of visitors on your website will drop significantly according to Google Analytics since all cookie rejecting/ignoring visitors won't be counted.

In case of your website domain cookies

This one is a bit more tricky. No third-party scripts are modified, so third-party functionality does fire.

For Google Analytics this means the visitor is counted. However, since Cookie-Script can (and does) clear third-party cookies for cookie rejecting/ignoring visitors, a third-party script cannot trace the user from one page to another.

As a result, each new page visit for such users is considered as a fresh new website visitor coming from outside. So if the same user visited 10 different pages on your website, it will be counted as 10 different visitors coming to your website for the first time.

I just want my Google Analytics back!

Well, here is the tricky part: one of the main points for all privacy regulations is to allow the user not to be tracked if he doesn't want to be tracked. This also includes third-party scripts like Google Analytics. In other words, you are not allowed to track visitors that rejected your cookie policy, and this what privacy regulations are for.

Well, there is a way around it...

You can always set some third-party cookies (or scripts) as strictly necessary for your website to function. Such cookies won't be deleted and services like Google Analytics will work as usual. However, in this case, it's quite questionable if your website is still compliant with regulations like GDPR since you might need to prove third-party services (like Google Analytics) are strictly necessary for your website.

Some regulations do not require prior consent and only a small part of users (who actively reject cookies) will mess up analytics data, which might be acceptable. For those regulations, you can use Implied consent mode to track everyone unless they reject cookie policy.