Iubenda logo
Start generating

Documentation

Table of Contents

Introduction to the Prior Blocking of Cookie Scripts

In accordance with the general principles of privacy law, which do not permit the processing of data prior to consent, the cookie law does not allow the installation of cookies before obtaining the user’s consent, except for exempt categories. In practice, this means that scripts that recall banners or even scripts that handle live chat or a Facebook Like button can’t be executed before obtaining prior consent from the user.

The iubenda Privacy Controls and Cookie Solution includes all the necessary tools to facilitate compliance with the cookie law.

Exempted cookies

Some cookies are exempted from prior consent and therefore do not require compliance with the instructions contained in this guide. In particular:

  • Technical cookies, i.e. those needed to provide the service. These include preference cookies, session cookies, load balancing cookies etc.
  • Statistical cookies, directly managed by you, such as through software like Matomo/Piwik. This exemption does not apply if these statistical cookies are used for profiling.
  • Statistical third-party cookies, in cases where the data is anonymized before being recorded by the third party service and if the third party is obligated to not cross-check the information gathered with other data in its possession.
Note

Some details regarding this may differ slightly from one EU Member State to another. This guide takes a comprehensive look at requirements, however, we still suggest that you inform yourself of the privacy authority guidelines applicable to you.

How to block cookies prior to consent with the iubenda Privacy Controls and Cookie Solution

Our cookie management solution offers various tools for the prior blocking of codes that may install cookies.

Automatic Blocking (auto-blocking)

With this feature, our Privacy Controls and Cookie Solution takes care of automatically blocking third-party scripts that install cookies and trackers, saving you time and effort, so you don’t have to do it manually.

iubenda automatically blocks selected sources from setting cookies on the user’s browser based on the results from the site scanner with consideration to the cookie classifications listed in the Cookie Policy, as well as commonly used scripts and tracking technologies.

On the site info section “Block scripts prior to consent” under “Automatic blocking” you can find these two checkboxes (enabled by default):

✅ Do not block vendors that adhere to the TCF when the TCF is enabled:

When TCF is enabled, ad delivery is driven by the TCF consent string reflecting user choices. We suggest not blocking these vendors with automatic blocking to ensure optimal site performance and uninterrupted ad display.

✅ Do not block Google’s services that adhere to Consent Mode:

When this option is enabled, our Privacy Controls and Cookie Solution will automatically set the default consent state for Google services, allowing you to manage them directly through ‘Consent Mode‘ without any further action.

checkboxes google consent mode

👉 For more information, read our dedicated guide Prior Blocking of Cookies: Automatic Blocking (auto-blocking)

Plugins

Our Privacy Controls and Cookie Solution plugins for WordPress, Magento, Joomla! and PrestaShop allow you to automate the blocking of scripts drastically reducing the necessity for direct interventions in the site’s code.

The plugin simplifies the blocking of scripts in several ways:

  • Auto-block list. By default, the plugin detects and blocks the most popular server-side scripts (you can find the full list in the dedicated plugin guides listed below).
  • Custom field with the plugin console. You can block scripts that are directly inserted into the page via javascript by simply identifying the scripts you need to block within the plugin’s custom fields.
  • Manual wrapping method. You can also directly modify your site’s code and wrap the scripts that you need to block in the plugin’s block tags.
  • Shortcodes. There are shortcodes available for elements installed directly within WordPress posts (as opposed to elements integrated at the template level – example footer.php). Currently, the shortcodes are only available for the WordPress plugin.

Once installed and set-up, the plugin automatically recognizes and blocks scripts prior to consent.

For platform-specific details, please choose from the dedicated guides listed below:

Drupal users, please see the section on prior-blocking via the PHP class below.

Google Tag Manager

This method has the advantage of being quite fast but with the limit of working only for scripts that don’t require a specific position. Google Tag Manager is therefore not effective for all scripts that display a specific element in a specific position of the page (such as the Facebook Like button).

For more information read the How to Use Google Tag Manager to Simplify the Blocking of Cookies guide.

Google Adsense and Ad Manager

Google Adsense is different in that it can be blocked through Google Ad Manager (previously DFP – DoubleClick for Publishers). In this case, it is also a kind of manual tagging – like the one described below – but with the difference of the use of Google Ad Manager.

The method in question is therefore only valid for Google Adsense, the complete guide is available here.

IAB Consent Management Provider Framework

With this feature enabled, the Privacy Controls and Cookie Solution automatically blocks the scripts of advertisers that are a part of the IAB Vendor List (provided that the individual advertisers adhere to the standards of the network), prior to receiving user consent.

This means that you can avoid having to manually set-up the prior blocking mechanism for the particular third parties that are a part of the IAB Vendor List.

If you’re running other scripts related to third-parties that are not included on the IAB Vendor List, you’ll still need to set up prior blocking for those scripts using another method.

Caution

Please consider that using this method means that you do not directly block the vendor scripts yourself, therefore, the success of this method depends heavily on the individual vendors’ adherence to regulation. For more hands-on control, please use one of the other methods described in this guide. You can find more information about blocking vendor scripts with the TCF here.

For more general information on the IAB Transparency & Consent Framework and how to enable it, read the dedicated guide.

Manual tagging

This method requires you to identify the scripts that are subjected to the requirement of prior consent. Once that’s done, the scripts must be manually modified so they can be recognized, stopped and then released by our software depending on what the user chooses.

Manual tagging is explained in detail in this guide. The guide explains the processes for manual blocking, together with many practical examples (i.e. how to set up the blocks for a Facebook Like Button, Google Analytics, Adsense and so on).

PHP Class

You can also use the iubenda PHP class for parsing/replacing scripts that generate cookies. This is the class on which our WordPress and Joomla! plugins are based and you can use it to build your own plugin independently for a platform other than those for which we have already developed a dedicated solution.

If you’d like to use the same logic of our WordPress or Joomla! plugin on other systems, you can refer to the guide for our PHP class.

*You can access the class via direct download or Packagist, and find full instructions in the PHP class guide linked above.

Google Consent Mode

To help advertisers manage cookies for analytics and advertising purposes, Google has introduced Consent Mode, a feature that allows you to avoid prior blocking for Google Analytics and Google Ads (including Google Ads Conversion Tracking and Remarketing).

Learn how to implement it with our Privacy Controls and Cookie Solution.

Manage cookie consent with the Privacy Controls and Cookie Solution

Generate a cookie banner

See also