Support » Plugin: Cookie Notice for GDPR » How to identify scripts for blocking

  • Resolved waywrdsmeansgns

    (@waywrdsmeansgns)



    I am trying to add the Javascript code for non functional cookies into the “script blocking” field. But I am having difficulty determining which scripts to include.

    Can someone explain how to identify scripts associated with a particular cookie?

    Using Chrome DevTools, I can find a list of my cookies under Application > Cookies. But how do I find the relevant scripts associated with each particular cookie?

    I have found a couple answers to this question which use the example of GA script. But this is not my concern – it is the other plugins scripts which I am trying to block.

    Any suggestions would be much appreciated!

    The page I need help with: [log in to see the link]

Viewing 12 replies - 1 through 12 (of 12 total)
  • Ambyomoron

    (@josiah-s-carberry)

    That’s a good question. If you have a plugin that creates or uses a cookie, then the script to do so must be in the source code of the plugin. You could use grep in the plugin directory to look for strings that are related to creating cookies. The script for Google might give you some hints on what to look for.

    But note that this exercise is pointless unless you can also configure the plugin to NOT use cookies. The Cookie Notice plugin has no effect at all on what other plugins do. It only gives you a means to run the scripts or not, based on the visitors’ choices.

    • This reply was modified 2 months, 2 weeks ago by  Ambyomoron.

    Ah, thanks @josiah-s-carberry !
    When looking through the plugin source code, is it reasonable to assume that the “cookie name” and “value” (as found/listed in DevTools) will also be contained with the relevant script? I.e. can I search for the cookie name to find and confirm the relevant script?

    Can you explain further about that next step: configuring the plugin to not use the cookies.

    Perhaps that involves using this code in some way? (found here)

    if ( function_exists(‘cn_cookies_accepted’) && cn_cookies_accepted() ) {
    // Your third-party non functional code here
    }

    Ambyomoron

    (@josiah-s-carberry)

    When looking through the plugin source code, is it reasonable to assume that the “cookie name” and “value” (as found/listed in DevTools) will also be contained with the relevant script? I.e. can I search for the cookie name to find and confirm the relevant script?

    Maybe, but not necessarily. Consider the case where the javascript is hosted elsewhere and you don’t see the names of the cookies in the plugin’s code.

    Can you explain further about that next step: configuring the plugin to not use the cookies.

    It’s hard to say, as every plugin is liable to be different. But I’ll give an example. I have a plugin that manages the maintenance mode and allows you to track via Google Analytics visits while the site is in maintenance. To do this, you must add the Google tracking code in a certain field in the plugin configuration. If you enter a tracking code there, then this will work completely independently of the Cookie Notice plugin, whether the visitor accepts cookies or not. So don’t enter the tracking code. Any tracking will be done if and only if the relevant script is entered in the Cookie Notice plugin field AND the visitor accepts cookies.
    Maybe some other plugins have a checkbox to enable or disable its use of cookies.

    Ah, got it. Thanks @josiah-s-carberry !

    Based on your really helpful explanations, and my growing understandings, I think I have a good plan to proceed on. I post it here, in case it’s helpful to anyone, and I welcome any feedback or suggestions:

    I think the best solution is to review the documentation for all the plugins I use, and contact individual plugin authors, as needed, to ask whether their plugin will give cookies to my site users. Since I only use popular and actively updated plugins, this shouldn’t be too tricky to get answers. Once I have a list of cookies from them, I will ask for the associated scripts, or get to work finding them myself.

    (While I’m at it, I’m also asking plugin authors “is your plugin GDPR compliant?” in case that generates any important info in reply.)

    Ambyomoron

    (@josiah-s-carberry)

    It would be nice if there were a central place where this sort of information were recorded so that everyone could benefit from it. Any ideas?

    Agreed. We could create a new post within this specific forum, or perhaps there is a more general forum that this should be (cross) posted in – what do you think?

    Ambyomoron

    (@josiah-s-carberry)

    A forum thread might be too difficult to use for this purpose. How about a document like this one: https://docs.google.com/spreadsheets/d/1Eg7D8dWdsynd7Se1tTyghRWU6cmfs6Hy2TCwBmwRng4/edit?usp=sharing

    How about a document like this one

    That would be very helpful for lay people!

    Yes, that could work

    after the 2nd column, I would suggest a new column “Uses cookies?” – because some plugins won’t use cookies, and that is just as useful to know – and maybe 2 more columns- one for comments from the plugin authors and another for any relevant urls or documentation

    Josiah, do you have thoughts about how to spread the word on this doc? and would you make it open, so anyone can edit, or do you imagine there being a few admins who oversee and accept submissions?

    Ambyomoron

    (@josiah-s-carberry)

    Columns added. Thanks for the suggestion.
    About access rights, I imagine a few admins and anyone can add comments, including suggestions for additions and corrections.
    About publicity:
    – announcements on support forums for all cookie plugins
    – announcements of Everything else WordPress Forum
    – announcements on Facebook wordpress groups
    – announcements on LinkedIn wordpress groups
    – announcements on other platforms???
    – creation of a group somewhere to give the list a home (?)
    – need an “official” shortened version of the link

    It’s a great idea, and I’d certainly contribute any information I have – which is just a handful popular plugins. I’m not sure how much, if any, I could commit to the admin or publicity work but if you have the time and energy it would be a great thing!

    One more column (or clarification in the A column) would be to identify scripts associated with non-plugins as well. For instance, if someone is using the CrazyEgg script in their header.php – while not technically a plugin, the users will receive cookies.

    And one more (minor) suggestion, that the C column be “uses cookies?”

    In the meantime, I’m still trying to figure out how to use this plugin correctly…! maybe you have insight Josiah? https://wordpress.org/support/topic/has-anyone-successfully-blocked-google-analytics-script/#post-10487554

Viewing 12 replies - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.