Privacy Controls and Cookie Solution – Magento Extension Installation Guide

Running your store on Magento and need to manage cookies? In this guide, you’ll learn when you need a cookie policy or consent management platform (CMP) for Magento and how to add iubenda’s Privacy Controls and Cookie Solution to your Magento site using the official extension.

Jump directly to How to add iubenda’s Privacy Controls and Cookie Solution to your Magento site.

This guide covers Magento 2.x (Magento Open Source / Community, Magento Commerce / Enterprise, and Magento Commerce Cloud). Magento 1.9 reached end-of-life on June 30, 2020 and is no longer supported, so this guide doesn’t cover it. If you’re still on Magento 1.9, we recommend upgrading to Magento 2 before installing the extension.

Yes, and here’s why.

If you have EU-based users and your website uses cookies (which it most likely does), you need to manage cookie consents according to the ePrivacy Directive and GDPR. This means you need to block cookie scripts and similar technologies until the user gives consent.

Also, for the consent to be considered valid, you need to make certain disclosures via a cookie banner and link to a more detailed cookie policy. See our getting started guide.

Ecommerce sites like Magento stores also typically process payment, order, and marketing data, which brings additional obligations under privacy laws worldwide. Managing cookie consent properly is a foundational part of that setup.

Need to add a privacy policy to your Magento site? See our Magento privacy policy integration guide.

What the solution supports

When you install the iubenda extension for Magento, you get access to the full feature set of the iubenda cookie management platform:

Before adding the cookie banner, generate a cookie policy for your Magento store. Head over to your iubenda dashboard and click on [Your website] > Privacy and Cookie Policy > Edit. Add each service your store uses (e.g. Google Analytics, payment gateways, embedded videos, social buttons, marketing pixels) so that your cookie policy accurately reflects your data processing activities.

Once your cookie policy is ready, the Privacy Controls and Cookie Solution will automatically link to it from your cookie banner.

Generate a cookie policy in the iubenda dashboard

If you already host your cookie policy at a custom URL, you can link to it manually in the Privacy Controls and Cookie Solution settings under Edit > Privacy and cookie policy > Edit > Link your own .

Not sure what privacy documents you need for your Magento site? Take this quick quiz to see which laws apply to you and your business.

Once you’ve generated and customized your Privacy Controls and Cookie Solution, follow the steps below to install the iubenda extension on your Magento 2.x store. The extension supports Magento Open Source (Community Edition), Magento Commerce (Enterprise Edition), and Magento Commerce Cloud, and works best on PHP 7.4 or later.

Install the extension on Magento 2.x

  1. “Purchase” our free extension from the Magento Marketplace. Once done, it will appear on your purchases page.
  2. Connect to the server’s console log using SSH.
  3. Install our extension with composer require iubenda/module-cookiesolution command. If you need a version different than the latest release, add the version number to the command, for example iubenda/module-cookiesolution:2.2.0.
  4. When requested, use the Magento Marketplace Public key for login and Private key for password (note that you are requested to purchase the extension to continue installation using composer).
  5. Once the extension is installed, check the status with php bin/magento module:status command.
  6. The extension should have a disabled status. Enable it with php bin/magento module:enable Iubenda_CookieSolution and register it with php bin/magento setup:upgrade.
  7. If your store is in production mode, compile the build with php bin/magento setup:di:compile.
  8. Check if the extension is active again with php bin/magento module:status. If so, purge the cache with php bin/magento cache:clean.

Configure the extension

Once installation is complete, go to Stores > Configuration > iubenda > iubenda Privacy Controls and Cookie Solution in the Magento admin panel.

Magento admin panel showing the iubenda configuration menu

In a separate tab, open your iubenda Dashboard and go to [Your website] > Privacy Controls and Cookie Solution > Embed. Copy your Privacy Controls and Cookie Solution JavaScript snippet.

Paste the snippet into the extension configuration in Magento, click Save Config, and then clear the store cache.

Make sure you paste a valid JavaScript snippet. An empty or malformed snippet will prevent the banner from loading.

Once configured, the extension will display the cookie banner to first-time visitors and automatically link to your cookie policy. There’s no need for further code edits on your site.

Block custom scripts from the extension console

The extension includes Custom scripts and Custom iframes fields that let you block third-party scripts and iframes without editing your site’s code.

In the admin panel, go to Stores > Configuration > iubenda > iubenda Privacy Controls and Cookie Solution and scroll to the section titled Custom.

iubenda cookie solution custom scripts fields in Magento

Enter your script or iframe sources as needed, then click Save Config at the top of the page. For example:

  • Script: to block a social button that inserts scripts into the page via JavaScript, enter the script source (e.g. connect.socialwebsite.net/en_US/track.js) into the Custom scripts field.
  • iframe: to block scripts inserted via an iframe such as <iframe src="https://www.videowebsite.com/embed/xxFhMChxx">, enter videowebsite.com/embed/ into the Custom iframes field. Be careful not to include the component id (e.g. xxFhMChxx) so that all scripts from that source are blocked.
About automatic blocking on Magento

The Magento extension automatically blocks scripts generated on the server side (returned by Magento via PHP). Scripts inserted into the page via JavaScript after the page has loaded aren’t blocked automatically. You can block them by adding their source to the Custom scripts / Custom iframes fields above, or by using the manual tagging method described in the next section.

Few categories of cookies are exempt from the consent requirement. Therefore, almost all scripts that install or can install cookies must be blocked before consent is obtained.

Simplify your cookie-blocking process with auto-blocking

There’s a simpler option available for the prior blocking of cookies and trackers. Our auto-blocking feature automates the process, saving you time and effort.

If you prefer to manually tag your scripts that install or may install cookies, you can still follow the process below for step-by-step instructions and practical examples. However, we highly recommend considering the auto-blocking feature for a more streamlined approach.

Learn more about auto-blocking and how it can simplify your cookie-blocking process.

How to implement prior blocking via manual tagging on your Magento site

Manual tagging is the method of prior blocking we’ll be using for the tutorial below. You can view other methods here.

To set up prior blocking, you need to make some minor changes to your site’s scripts. Here’s what to do:

  1. Identify the script/iframe for any additional services running on your store (e.g., a Twitter follow button, a live chat widget, a marketing pixel)
  2. Add some simple text to the HTML code (we’ll show you how below)
  3. Save

In this tutorial, we are going to block a Twitter follow button.

Not sure which services you need to block? If you’re using a cookie policy generated by iubenda, the services listed in your cookie policy are most likely the ones you need to modify now.

In your Magento admin panel, locate the template, CMS block, or theme file that contains the script you need to modify (search for the service you want to block, in this case, the Twitter follow button).

Common places to look include Content > Blocks, Content > Pages, and your theme’s PHTML files. Open the file or block in the code editor.

Now, we’re going to change the script. To do this, we will make 3 simple changes:

  • Add this class: _iub_cs_activate to the script tags, and change the “type” attribute from text/javascript to text/plain
  • Replace the src with data-suppressedsrc or suppressedsrc
  • Specify the categories of the scripts/iframes with a special comma-separated data-iub-purposes attribute, e.g. data-iub-purposes="2" or data-iub-purposes="2, 3"

More about categories and purposes

Purposes are your legal reasons for processing the particular type of user data. Different scripts on your site will fall into different categories and serve different purposes. For example, Google Analytics may be used for Measurement, while the Pinterest button may be used for Experience (Purpose 3 below). Purposes are grouped into 5 categories, each with an id (1, 2, 3, 4, and 5):

  • Necessary (id: 1)
  • Functionality (id: 2)
  • Experience (id: 3)
  • Measurement (id: 4)
  • Marketing (id: 5)

For even more detailed info on categories and purposes, see our guide here.

Let’s take the Twitter follow button as an example:

We need to 1. Add the class and change the “type” attribute, 2. replace the src and 3. specify the categories.

The code structure should look like this:

<p>Twitter follow button:</p>

        <!-- please note type="text/plain" class="_iub_cs_activate" data-suppressedsrc="..." (manual tagging) and data-iub-purposes="3" (per-category consent) -->
<a href="https://twitter.com/iubenda" class="twitter-follow-button" data-show-count="false">Follow @iubenda</a>
  <script async type="text/plain" class="_iub_cs_activate" data-suppressedsrc="https://platform.twitter.com/widgets.js" data-iub-purposes="3" charset="utf-8"></script>

If you’d rather wrap a block of code (for example, an inline script or an iframe embedded in a CMS block) instead of tagging individual attributes, you can use the wrapping comments recognized by the Magento extension:

<!--IUB-COOKIE-BLOCK-START-->
<script>
    (function(d, s, id) {
        var js, fjs = d.getElementsByTagName(s)[0];
        if (d.getElementById(id)) return;
        js = d.createElement(s);
        js.id = id;
        js.src = "//connect.socialwebsite.net/en_US/sdk.js#xfbml=1&version=v2.3&appId=808061959224601";
        fjs.parentNode.insertBefore(js, fjs);
    }(document, 'script', 'socialwebsite-jssdk'));
</script>
<!--IUB-COOKIE-BLOCK-END-->

To wrap HTML, IMG, or IFRAME elements:

<!--IUB-COOKIE-BLOCK-START-->
      <iframe src="...
      <img src="...
<!--IUB-COOKIE-BLOCK-END-->

If you’ve enabled the per-category consent feature, assign the purpose (in this example, the “Experience” purpose, id 3):

<!--IUB-COOKIE-BLOCK-START-PURPOSE-3-->
<script>
    ...
</script>
<!--IUB-COOKIE-BLOCK-END-PURPOSE-3-->

To stop automatic parsing/replacing on an iframe or script that contains a defined src:

<!--IUB-COOKIE-BLOCK-SKIP-START-->
      <script type="text/javascript">...</script>
<!--IUB-COOKIE-BLOCK-SKIP-END-->

Save your template, CMS block, or theme file, then clear the Magento cache (php bin/magento cache:clean or System > Cache Management > Flush Cache) so that your changes appear on the storefront.

Not sure if you’ve set up correctly? Check out the live example and FAQs below.

Live example

This is an example that shows everything we have described above. You can use this CodePen as a guide to see what happens before and after blocking scripts via manual tagging.

(see the example)

To demonstrate the cookie blocking feature, we’ve embedded a YouTube video and a Twitter follow button:
Follow @iubenda

Both scripts are blocked through manual tagging. Since both the YouTube video widget and the Twitter follow button are part of the Experience purpose (id 3), we’ve added data-iub-purposes="3" to their scripts so that the Privacy Controls and Cookie Solution can properly identify them for release.

Click on the Accept button, or just activate the “Experience” toggle, to release these scripts (refresh the page to return to the starting point).

How can I tell if I’ve set prior blocking up properly?

As you can see in the CodePen example, the YouTube and Twitter scripts do not load if you do not consent. (You can test this again by opening this link in incognito mode in your browser.)

After you have saved your changes and cleared the Magento cache, open your store in incognito mode and check if the scripts you have blocked via manual tagging stay blocked until you consent.

For other blocking options, see Google Consent Mode as an alternative to prior blocking, Google Tag Manager to simplify the blocking of cookies, or the IAB Transparency & Consent Framework and how to enable it.

Good to know: Magento-specific considerations

Keep these points in mind when using Privacy Controls and Cookie Solution on Magento:

  • Clear the cache after every change. Magento aggressively caches configuration and content. After updating the iubenda snippet, editing a template, or tagging a script, run php bin/magento cache:clean (or use System > Cache Management > Flush Cache) so that your changes appear on the storefront.
  • Automatic vs. dynamic scripts. The extension automatically blocks server-side scripts rendered by Magento (via PHP). Scripts injected into the page via JavaScript after page load aren’t blocked automatically. Use the Custom scripts / Custom iframes fields, or the manual tagging method, to cover those.
  • Production mode. If your store runs in production mode, remember to run php bin/magento setup:di:compile after enabling the extension, and to redeploy static content when required.
  • Google Tag Manager on Magento. If you manage marketing pixels and analytics through GTM, you can load the iubenda snippet through GTM instead. This gives you centralized control over all your tags and works well with Google Consent Mode.
  • Magento 1.9 isn’t supported. Magento 1.9 reached end-of-life on June 30, 2020. Running a live store on an unsupported version poses security and compliance risks. If you’re still on Magento 1.9, we recommend upgrading to Magento 2 before installing the extension.

Manage cookie consent for your Magento site

Generate a cookie banner

or

Get the Magento 2.x extension

See also