How to Implement Prior Consent Using CookieYes
Last updated on December 13th, 2019.
Under GDPR, you need to take consent for any cookies that are not necessary for the technical functionalities of a website. This means any cookie that does not fall under the category strictly necessary should not be set on the users' browser until they have given their consent to use it.
How to Block Cookies Using CookieYes?
CookieYes enables you to block cookies automatically on your website until the users have given consent. CookieYes identifies most of the commonly used third-party service scripts used on a website and block their cookies from being set on the browser.
For those cookies that are not automatically blocked by CookieYes, there are two ways in which you can block the scripts that install cookies on your website using CookieYes.
- Adding blocking code to the script
- Rendering scripts via CookieYes
1. Adding Blocking Code to the Script
In order to block the script that is setting cookies prior to the consent, apply the attribute "data-cookieyes" to cookie-setting script tags on your website.
Set the value of this attribute to one of the cookie categories "cookieyes-performance", "cookieyes-functional" and "cookieyes-analytics" in accordance with the types of cookies being set by the script.
Example of modifying an existing Google Tag manager-script tag:
To Block a Custom Script on Your Website
To block any custom scripts that install cookies, to which the 'data-cookieyes' attribute cannot be added, can be blocked as below.
You may use the below script to render your script based on visitor consent with CookieYes banner.
This script can be pasted into your base HTML file and add your custom script inside this wrapper as in the example.
In addition to this, you can also create a js file with the name as /cky-categoryname.js/ and add the script in that file. For example, if you have an analytics code that is not blocked by CookieYes automatic script blocking, then what you need to do is create a file named /cky-analytics.js/ and add the code in that file. CookieYes will automatically block the scripts added in that file and consequently the cookies.
Note: The category names to be added in the blocking code above are pre-defined in CookieYes. They are 'functional', 'performance', 'analytics', and 'advertisement'.
2. Rendering Scripts via CookieYes
In this method, you need to remove that scripts from your website source code and add it to the Scripts section in CookieYes under the right category.
For example, if you have Google Analytics being used on your website, they will install cookies name _ga, _gid, and _gat. After scanning the website on CookieYes, these cookies will be added in the "Analytics" category.
So, what you need to do is remove the script from the website source code. Then click on Cookies on the dashboard sidebar and go to the Manage Cookies page.
Then click on the Analytics category and go to the Scripts tab.
Click on Add new script and add the script on either the Head script or Body Script field.
After adding all the scripts to CookieYes, all the scripts and subsequently the cookies will only be rendered when the users give their consent.
Giving Granular Control Over the Cookies.
CookieYes allows you to classify cookies into categories according to their purpose. This allows the users of the website to enable and disable cookies in each category, giving granular control over the cookies based on their purpose.
For example, if your website has cookies in three categories namely Advertisement, Analytics, and Performance, and the user decides to allow only the Performance cookies, then the scripts for only the "Performance" cookies will be installed on the website when they click on Accept.
But to ensure that the cookies of only the selected category are used when given consent, make sure that the scripts of that cookies are added in the right category. Or if the 'data-cookieyes' attribute is used, assign the right attribute value according to the category based on the type of cookies being set by the scripts.
For example, the scripts for Google Analytics should be added in the scripts section of the Analytics category. This will ensure that if the user turns off the Analytics category the Google Analytics scripts will not be rendered and vice versa.
Note: The users cannot disable the cookies that are categorized as type Necessary. The website does not need to have user consent to be using them.
How to Ensure That the Cookies are Being Blocked?
To ensure that the cookies are being blocked, and added when the consent is recorded, you can use your the developer console of your user. First, load your website after clearing all the current cookies on the browser, or checking from a private browser window. After the site has been loaded, check the developer console if any cookies have been set.
Follow the steps to identify cookies set on the browser for Chrome:
Right-click on the page, and click on inspect. This will open up the developer console. From the developer console, go to the Applications tab and then click on the cookies dropdown. This will show all the cookies that are being set on the browser by the website.
Read this article to read how to check cookies on different browsers.
If all the configurations are done, then there will be no cookies set on the browser. Now, click on the website and reload the website. This will add the third-party scripts in your website source code and the cookies will be set.
Note: Cookies are only blocked according to consent in the "Explicit" and "Implicit" consent type. In the Info consent type, cookies are not blocked at all.
If you need any help with CookieYes, feel free to contact our support team.