Introduction to the Prior Blocking of Cookie Scripts
In accordance with the general principles of privacy law, which do not permit the processing of data prior to consent, the cookie law does not allow the installation of cookies before obtaining the user’s consent, except for exempt categories. In practice, this means that scripts that recall banners or even scripts that handle live chat or a Facebook Like button can’t be executed before obtaining prior consent from the user.
The iubenda Cookie Solution includes all the necessary tools to facilitate compliance with the cookie law.
Some cookies are exempted from prior consent and therefore do not require compliance with the instructions contained in this guide. In particular:
Technical cookies, i.e. those needed to provide the service. These include preference cookies, session cookies, load balancing cookies etc.
Statistical cookies, directly managed by you, such as through software like Matomo/Piwik. This exemption does not apply if these statistical cookies are used for profiling.
Statistical third-party cookies (e.g. Google Analytics), in cases where the data is anonymized before being recorded by the third party service and if the third party is obligated to not cross-check the information gathered with other data in its possession. If you’d like to know how to set up Google Analytics for this purpose, please refer to this dedicated article. *
*This exemption may not be applicable to all regions and is therefore subject to specific local regulations.
Some details regarding this may differ slightly from one EU Member State to another. This guide takes a comprehensive look at requirements, however, we still suggest that you inform yourself of the privacy authority guidelines applicable to you.
How to block cookies prior to consent with the iubenda Cookie Solution
First of all, you’ll need to make sure that the prior blocking/consent feature is enabled (it is by default). The Cookie Solution dashboard provides two prior blocking/consent checkboxes:
one in the flow page (right above the code snippet)
one in the configurator (advanced view)
Both have the same effects on prior blocking, billing and analytics, however:
the flow page checkbox (“Prior blocking and asynchronous re-activation“, right above the code snippet) turns off prior consent server side for the entire site, while
the prior blocking toggle “Enable prior consent” within the configurator (advanced view) turns off prior consent only on the pages where the Cookie Solution snippet contains"priorConsent":false. This is useful for testing purposes, or if, for example, you’re working on your site/app locally and don’t want to affect your cookie solution analytics or to have your pageviews counted. Please note that if the prior blocking setting has been disabled server side (see above), this (local) configurator-based parameter will be ineffective.
For the methods described below to work, both the options have to be enabled (therefore, both checkboxes must be selected).
Our Cookie Solution plugins for WordPress, Magento, Joomla! and PrestaShop allow you to automate the blocking of scripts drastically reducing the necessity for direct interventions in the site’s code.
The plugin simplifies the blocking of scripts in several ways:
Auto-block list. By default, the plugin detects and blocks the most popular server-side scripts (you can find the full list in the dedicated plugin guides listed below).
Manual wrapping method. You can also directly modify your site’s code and wrap the scripts that you need to block in the plugin’s block tags.
Shortcodes. There are shortcodes available for elements installed directly within WordPress posts (as opposed to elements integrated at the template level – example footer.php). Currently, the shortcodes are only available for the WordPress plugin.
Once installed and set-up, the plugin automatically recognizes and blocks scripts prior to consent.
For platform-specific details, please choose from the dedicated guides listed below:
Drupal users, please see the section on prior-blocking via the PHP class below.
Google Tag Manager
This method has the advantage of being quite fast but with the limit of working only for scripts that don’t require a specific position. Google Tag Manager is therefore not effective for all scripts that display a specific element in a specific position of the page (such as the Facebook Like button).
Google Adsense is different in that it can be blocked through Google Ad Manager (previously DFP – DoubleClick for Publishers). In this case, it is also a kind of manual tagging – like the one described below – but with the difference of the use of Google Ad Manager.
With this feature enabled, the Cookie Solution automatically blocks the scripts of advertisers that are a part of the IAB Vendor List (provided that the individual advertisers adhere to the standards of the network), prior to receiving user consent.
This means that you can avoid having to manually set-up the prior blocking mechanism for the particular third parties that are a part of the IAB Vendor List.
If you’re running other scrips related to third-parties that are not included on the IAB Vendor List, you’ll still need to set up prior blocking for those scripts using another method.
For more general information on the IAB Transperancy & Consent Framework and how to enable it, read the dedicated guide.
This method requires you to identify the scripts that are subjected to the requirement of prior consent. Once that’s done, the scripts must be manually modified so they can be recognized, stopped and then released by our software depending on what the user chooses.
You can also use the iubenda PHP class for parsing/replacing scripts that generate cookies. This is the class on which our WordPress and Joomla! plugins are based and you can use it to build your own plugin independently for a platform other than those for which we have already developed a dedicated solution.
If you’d like to use the same logic of our WordPress or Joomla! plugin on other systems, you can refer to the guide for our PHP class.
*You can access the class via direct download or Packagist, and find full instructions in the PHP class guide linked above.
The fastest way to preventively block the scripts that require prior consent is to install a module on your own server that we have developed for Apache, IIS and NGNIX. After the initial configuration, the module will autonomously block all the resources that are subject to prior consent, on all sites on that server that are using the Cookie Solution.
The webserver module is available upon request. For further information please write to firstname.lastname@example.org