How to Implement Prior Consent and Cookie Auto-Blocking

Under GDPR, you need to take consent for any cookies that are not necessary for the technical functionalities of a website. This means any cookie that does not fall under the category strictly necessary cookies should not be set on the users’ browser until they have given their consent to use it.

So, until the users have not given prior consent until then all the cookies should be blocked and there should be no data collected from the users. Also, the cookies should also not be set, if the users have rejected the use of cookies.

If you are new to CookieYes, sign up here.

CookieYes enables you to block cookies automatically on your website until the users have given consent. CookieYes identifies most of the commonly used third-party service scripts used on a website and block their cookies from being set on the browser.

For those cookies that are not automatically blocked by CookieYes, there are two ways in which you can block the scripts that install cookies on your website using CookieYes.

1. Adding blocking code to the script
2. Rendering scripts via CookieYes

1. Adding Blocking Code to the Script

In order to block the script that is setting cookies prior to the consent, apply the attribute “data-cookieyes” to cookie-setting script tags on your website.

Set the value of this attribute to one of the cookie categories “cookieyes-performance”, “cookieyes-functional” and “cookieyes-analytics” in accordance with the types of cookies being set by the script.

Example of modifying an existing Google Tag manager-script tag:

To Block a Custom Script on Your Website

To block any custom scripts that install cookies, to which the ‘data-cookieyes’ attribute cannot be added, can be blocked as below.

You may use the below script to render your script based on visitor consent with CookieYes banner.

This script can be pasted into your base HTML file and add your custom script inside this wrapper as in the example.

In addition to this, you can also create a js file with the name as /cky-categoryname.js/ and add the script in that file. For example, if you have an analytics code that is not blocked by CookieYes automatic script blocking, then what you need to do is create a file named /cky-analytics.js/ and add the code in that file. CookieYes will automatically block the scripts added in that file and consequently the cookies.

Note: The category names to be added in the blocking code above are pre-defined in CookieYes. They are ‘functional’, ‘performance’, ‘analytics’, and ‘advertisement’.

2. Adding script URL

You can also block scripts before consent using CookieYes’ settings. 

Click on Manage Cookies on the dashboard sidebar. Here, you can see different categories of cookies – necessary, non-necessary (functional, analytics, performance, advertisement), and other. Cookies that are not categorized yet are listed in Other.

To add a Cookie that needs to be blocked prior to consent, you can go to Other and click Add New Cookie. 

Here you can give the details such as Cookie ID, domain, duration and description. To block the script, go to Show advanced options at the bottom and add the script URL pattern of the third party to block cookies from them. 

You can edit the cookie details and change the category of cookies in Other (recommended).

CookieYes allows you to classify cookies into categories according to their purpose. This allows the users of the website to enable and disable cookies in each category, giving granular control over the cookies based on their purpose.

For example, if your website has cookies in three categories namely Advertisement, Analytics, and Performance, and the user decides to allow only the Performance cookies, then the scripts for only the “Performance” cookies will be installed on the website when they click on Accept.

But to ensure that the cookies of only the selected category are used when given consent, make sure that the scripts of that cookies are added in the right category. Or if the ‘data-cookieyes’ attribute is used, assign the right attribute value according to the category based on the type of cookies being set by the scripts.

For example, the scripts for Google Analytics should be added in the scripts section of the Analytics category. This will ensure that if the user turns off the Analytics category the Google Analytics scripts will not be rendered and vice versa.

Note: The users cannot disable the cookies that are categorized as type Necessary. The website does not need to have user consent to be using them.

To ensure that the cookies are blocked, and added when the consent is recorded, you can use your the developer console of your user. First, load your website after clearing all the current cookies on the browser, or checking from a private browser window. After the site has been loaded, check the developer console if any cookies have been set.

Follow the steps to identify cookies set on the browser for Chrome:

Right-click on the page, and click on inspect. This will open up the developer console. From the developer console, go to the Applications tab and then click on the cookies dropdown. This will show all the cookies that are being set on the browser by the website.

Read this article to read how to check cookies on different browsers.

If all the configurations are done, then there will be no cookies set on the browser. Now, click on the website and reload the website. This will add the third-party scripts in your website source code and the cookies will be set.

Note: Cookies are only blocked according to consent in the “Explicit” and “Implicit” consent type. In the Info consent type, cookies are not blocked at all.

You can read more about setting up the CookieYes in the setup guide.

If you need any help with CookieYes, reach out to our support team at support@cookieyes.com