In today's world almost every website uses some kind of third-party services like Google Analytics, Facebook like buttons, or any other third-party service provider. In this case, those service providers might set a third-party cookie to track your visitors.
In other words, Third-Party Cookies are cookies that are set by a website other than the one you are currently on. You can also read our detailed explanation about how third-party cookies work.
If you want your website to comply with the latest regulations, you might want to block those Third-Party Cookies unless the user specifically agreed to use them. This article explains how that can be done using CookieScript as a cookie compliance solution.
Blocking Third-Party Cookies with Google Tag Manager
In case you are using Google Tag Manager to include third-party scripts to your website, you can use our build-in Google Tag Manager Events to set up your third-party scripts. You can find a detailed explanation in this article.
Blocking third-party cookies set with JavaScript
To block third-party cookies, find a JavaScript code that is setting third-party cookies and:
- change
type
attribute fromtext/javascript
totext/plain
(iftype
attribute missing, just add it) - add
data-cookiescript
attribute and set it toaccepted
- if you have scanned your website cookies, add
data-cookiecategory
attribute. Below is a list of available values for this attribute. If you don't have cookie category choices, you can skip adding this attribute.
Blocking third-party script by cookie category
If all cookies from a third-party script are assigned to a certain category, you should include that category in data-cookiecategory
the attribute of the script.
data-cookiecategory
the attribute should have a value of the cookie category that this third-party JavaScript is assigned to. This means that whole third-party service cookies should be assigned to one of the following categories (which is usually the case). Possible category values are:
- Strictly Necessary cookies:
strict
- Functionality cookies:
functionality
- Marketing cookies:
targeting
- Performance cookies:
performance
- Unclassified cookies:
unclassified
All JavaScript with such attribute changes will only execute if the user agreed with Cookie Policy.
To use multiple categories, list them all separated by space. In this case, a third-party script will be included if the user agrees to all categories listed in the data-cookiecategory
attribute:
<script type="text/plain" data-cookiescript="accepted" data-cookiecategory="targeting functionality">
Example of standard Google Analytics code
Change code from:
<script type="text/javascript">
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-XXXXXXXX-X', 'auto');
ga('send', 'pageview');
</script>
Change code to:
<script type="text/plain" data-cookiescript="accepted" data-cookiecategory="targeting"> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-XXXXXXXX-X', 'auto'); ga('send', 'pageview'); </script>
Example of included JavaScript file
Change code from:
<script src="/js/myscript.js"></script>
Change code to:
<script type="text/plain" data-cookiescript="accepted" data-cookiecategory="functionality" src="/js/myscript.js"></script>
Blocking third-party cookies set with an iframe
To block third-party cookies set with iframe (like YouTube videos), find an iframe code that is setting third-party cookies and:
- change
src
attribute name todata-src
- add
data-cookiescript
attribute and set it toaccepted
- if you have scanned your website cookies and have category checkboxes in Cookie Consent popup, add
data-cookiecategory
attribute. Use the same list of categories as described in the previous section of this article. If you don't have cookie category choices, you can skip adding this attribute.
All iframes with such attribute changes will only show up if the user agreed with Cookie Policy.
Example of standard YouTube video iframe
Change code from:
<iframe width="560" height="315" src="https://www.youtube.com/embed/xxxxxxxxx" frameborder="0" allowfullscreen></iframe>
Change code to:
<iframe width="560" height="315" data-src="https://www.youtube.com/embed/xxxxxxxxx" data-cookiescript="accepted" alt="" data-cookiecategory="functionality" frameborder="0" allowfullscreen></iframe>
You can also add a text explaining to the user that he must accept the Cookie Policy to see the video. Use alt
attribute for that:
<iframe width="560" height="315" data-src="https://www.youtube.com/embed/xxxxxxxxx" data-cookiescript="accepted" alt="Please accept cookie policy first" frameborder="0" allowfullscreen></iframe>
Or you can add an image/YouTube thumbnail while the YouTube video is blocked until the user accepts the cookie policy.
<iframe width="560" height="315" data-src="https://www.youtube.com/embed/xxxxxxxxx" data-cookiescript="accepted" data-alt-img="https://img.youtube.com/vi/xxxxxxxxx/maxresdefault.jpg" frameborder="0" allowfullscreen></iframe>
Blocking embed / object / link third-party cookies
In the same manner, you can block embed/object/link elements from setting third-party cookies
Example of the embed element
Change code from:
<embed src="somefile.swf">
Change code to:
<embed data-src="somefile.swf" data-cookiescript="accepted" data-cookiecategory="functionality">
Example of the object element
Change code from:
<object src="somefile.swf"></object>
Change code to:
<object data-src="somefile.swf" data-cookiescript="accepted" data-cookiecategory="functionality"></object>
Example of the link element
Change code from:
<link href="http://fonts.googleapis.com/css?family=Roboto:100" rel="stylesheet" type="text/css">
Change code to:
<link data-href="http://fonts.googleapis.com/css?family=Roboto:100" data-cookiescript="accepted" data-cookiecategory="functionality" rel="stylesheet" type="text/css">
Example of the image element
Change code from:
<img src="http://example.com/image.jpg" />
Change code to:
<img data-src="http://example.com/image.jpg" data-cookiescript="accepted" data-cookiecategory="functionality"/>