How to block third-party cookies

If you don't know what third-party cookies are, consider reading our explanation first.

Important: Blocking third party cookies is only possible by blocking whole third-party functionality. This means Google Analytics / YouTube videos / Facebook buttons / AdSense or anything else that you block WILL NOT WORK until user agrees with cookie policy (manually or automatically). Our statistics show that only ~10% of visitors actively agree with cookie policy, so remaining 90% will not be able to use third-party functionality on your website.
Note: This update was introduced on 13th of June 2015. If you last saved your Cookie-Script item before that date and want to use functionality below, you have to re-save your Cookie-Script item.


Blocking JavaScript third-party cookies

To block third-party cookies, find a JavaScript code that is setting third-party cookies and:

  • change type attribute from text/javascript to text/plain (if type attribute missing, just add it)
  • add data-cookiescript attribute and set it to accepted

All JavaScript with such attribute changes will only execute if user agreed with Cookie Policy.

Note: JavaScript will be executed when user clicks "I agree" button, without page refresh.

Example of standard Google Analytics code

Change code from:

<script type="text/javascript">
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-XXXXXXXX-X', 'auto');
ga('send', 'pageview');
</script>

Change code to:

<script type="text/plain" data-cookiescript="accepted">
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-XXXXXXXX-X', 'auto');
ga('send', 'pageview');
</script>

Example of included JavaScript file

Change code from:

<script src="/js/myscript.js"></script>

Change code to:

<script type="text/plain" data-cookiescript="accepted" src="/js/myscript.js"></script>


Blocking iframe third-party cookies

To block third-party cookies set with iframe (like YouTube videos), find an iframe code that is setting third-party cookies and:

  • change src attribute name to data-src
  • add data-cookiescript attribute and set it to accepted

All iframes with such attribute changes will only show up if user agreed with Cookie Policy.

Note: Iframe will be updated when user clicks "I agree" button, without page refresh.

Example of standard YouTube video iframe

Change code from:

<iframe width="560" height="315" src="https://www.youtube.com/embed/xxxxxxxxx" frameborder="0" allowfullscreen></iframe>

Change code to:

<iframe width="560" height="315" data-src="https://www.youtube.com/embed/xxxxxxxxx" data-cookiescript="accepted" frameborder="0" allowfullscreen></iframe>

You can also add a text explaining user that he must accept cookie policy in order to see the video. Use "alt" attribute for thet:

<iframe width="560" height="315" data-src="https://www.youtube.com/embed/xxxxxxxxx" data-cookiescript="accepted" alt="Please accept cookie policy first" frameborder="0" allowfullscreen></iframe>


Blocking embed / object / link third-party cookies

In the same manner you can block embed / object / link elements from setting third-party cookies

Example of embed element

Change code from:

<embed src="somefile.swf">

Change code to:

<embed data-src="somefile.swf" data-cookiescript="accepted" >

Example of object element

Change code from:

<object src="somefile.swf"></object>

Change code to:

<object data-src="somefile.swf" data-cookiescript="accepted" ></object>

Example of link element

Change code from:

<link href="http://fonts.googleapis.com/css?family=Roboto:100" rel="stylesheet" type="text/css">

Change code to:

<link data-href="http://fonts.googleapis.com/css?family=Roboto:100" data-cookiescript="accepted" rel="stylesheet" type="text/css">

Example of image element

Change code from:

<img src="http://example.com/image.jpg" />

Change code to:

<img data-src="http://example.com/image.jpg" data-cookiescript="accepted" />