IntroductionGetting StartedTechnical DocumentationGet help

Blocking cookies

This guide will show you how to manually block all your current cookies, such they are only activated when users have given the correct consent.

legal.js currently uses manual categorisation to properly block cookies that are set on your website, so you must make changes to your HTML for blocking to work. In future, an automatic option will be available that will not require this step. This guide outlines the concept of blocking cookies manually, by example of a Google analytics script, but the concept should be easily transferrable to any other script.

Necessary cookies will always be enabled, so there is no need to categorise scripts that set them, unless those scripts also set cookies in another category. If that applies to a script on your website, you should categorise the script appropriately (e.g. as setting analytics cookies).

Step 1: Get an overview

To ensure that cookies set by scripts are properly blocked or allowed, you must update how you include scripts on your website. They will normally look something like this example for the Google analytics snippet:

<!-- Google Analytics -->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

ga('create', 'UA-XXXXX-Y', 'auto');
ga('send', 'pageview');
</script>
<!-- End Google Analytics -->

Step 2: Edit scripts

Now that you know which scripts you have on your site, you must edit each one to the following:

  • Add the type attribute with value text/plain (or changing it, if already present)

  • Add a data-cookieconsent attribute with a value of either analytics or marketing based on the type of cookie the scripts set.

Both these changes are applied to the <script>-tag, like so:

<script type="text/plain" data-cookieconsent="analytics">
...
</script>

The example above would look like this when correctly updated to add the extra attributes for analytics to the scripts:

<!-- Google Analytics -->
<script
    type="text/plain"
    data-cookieconsent="analytics"
>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

ga('create', 'UA-XXXXX-Y', 'auto');
ga('send', 'pageview');
</script>
<!-- End Google Analytics -->

Done!

Congratulations on completing your first step towards collecting compliant cookie consent. Pat your self on the back and know that our privacy mascot Li is proud of you.

PreviousCollect cookie consentNextBlocking embedded media

Last updated