Script Blocking – Explained

ollybach
(@ollybach)

5 years, 11 months ago
First of all, let me say I am in no way affiliated with this plugin other than that I’m using it and the below might not be accurate in every scenario. It’s simply a report of what seems to be the case from what I can ascertain in my particular setup.

I did however try to make sense of the description under the script blocking section and searched high and low regarding how to – in my case – deal with a google analytics implementation.
So the below only refers to that , but I would assume it’s applicable to all sorts of things.

In short: the description (as it stands in the current version of the plugin anyway) says: “Enter non functional cookies Javascript code here…etc”

That’s somewhat misleading from what I can make out and to me seems to be something that’s got “lost in translation” so to speak (why would I possibly want to put non functional code anywhere ?!)

I think a better description would be (something like):
“Put your javascript code here you want to be executed when ‘third party non functional cookies’ have been accepted”

Because what seems to happen is the code you can put in that textarea will only get added to the/a page if a user accepted those 3rd party cookies (Note: I have not tested what happens when using caching plugins as that might well throw some “spanners in the works” so to speak)

as a real world example (works for me anyway – mileage might vary)

I had a google analytics plugin installed on my site which generated more or less the following code on each page (sensitive data removed):
```
<script type="text/javascript">
	var _gaq=_gaq||[];
_gaq.push(["_setAccount","xxxxx"]),_gaq.push(["_setDomainName",".xxxxx.com"]),_gaq.push(["_trackPageview"]),function(){var t=document.createElement("script");
		.....some more code ........
		a.parentNode.insertBefore(t,a)}();
</script>
```
what needed to be done was to add that whole code (including <script .... </script> ) into the “Script blocking” textbox of this cookie plugin and subsequently de-activate the google analytics plugin that i used (as it knows nothing about that cookie consent plugin) so only the code added to that “Script blocking” box was being executed and only if consent was given

That’s all from me on that subject.
maybe it helps someone as I have come across many (unanswered) questions to that effect when searching for a solution myself……
- This topic was modified 5 years, 11 months ago by ollybach.

Viewing 10 replies - 1 through 10 (of 10 total)

Thread Starter ollybach
(@ollybach)

5 years, 11 months ago
Furthermore: the cn_cookies_accepted() function mentioned in that section (as far as i understand it anyway) is a php function only to be used in php/theme/plugin development and has no place in that textbox
I also think this should be made a lot clearer there…. (just a suggestion to the plugin author, though I might be wrong on that front )
- This reply was modified 5 years, 11 months ago by ollybach.
boybawang
(@boybawang)

5 years, 11 months ago

Thanks @ollybach, that was a good explanation. Do you know if that area can be used for ALL cookies, or only non-functional? I’m assuming that if you put all cookies there, you risk the chance of parts of your site not functioning.

LogoLogics
(@logologics)

5 years, 11 months ago

Hi,

ollybach’s explanation is correct.

However the term “non functional” is the correct term used by GDPR to address all cookies/scripts that are …non functional ( meaning they are not necessary to let a site fucntion ). As a matter of fact, we do not need explicit consent to use those functional cookie, we just need to let the user know we use them and why, in our Privacy statement.

Everything beyond that scope ( not necessary to get a site function well ) are “non functional” cookies, like Google Analytics, remarketing code, facebook pixel tracking etc. If they are present, these scripts and cookies, need to be blocked by default, and only fire after the explicit consent is given.

That is what happens when we add those codes into the Cookie Notice area ( and remove them from their previous locations ).That are not active and wont be, unless the user clicks ok. If they do nothing, the scripts are not allowed to track by GDPR.

Exceptions are Google Analytics if in the analytics account the anonimize ip and do not share with google is checked.

Thread Starter ollybach
(@ollybach)

5 years, 11 months ago

>However the term “non functional” is the correct term used by GDPR to address all cookies/scripts that are …non functional

be that as it may, if you put the word javascript right behind it it becomes highly ambiguous as it is not clear anymore whether the non functional refers to the cookies or to the script (so “the javascript of non-functional cookies” would do away with that ambiguity)

Of course, I accept that ” ‘non functional’ is the correct term used by GDPR though personally i find this completely stupid. What’s wrong with “non-essential” , “non-required” and the like? Non-functional is something that simply does not work (I’m not having a go at you @logologics , just having a random rant 🙂 )

anyway , I was just sharing what seemed to be the case in my setup…
glad it’s all cleared up on that front now one hopes

upwards and onwards…..

LogoLogics
(@logologics)

5 years, 11 months ago

Hi ollybach,

Do not worry, I was not, in any way, offended by your comment.
I actually agree that it could and should all be more clear ( even in the GDPR itself ).

At first I had to try and search to find out about the blocking of the script and having to disable them in the original places too. In hindsight, that makes sense, but still would be easier with a bit more explanation about what goes where and why, I totally agree! This whole GDPR gives all of us serious headaches haha.

Annie

tjimm
(@tjimm)

5 years, 11 months ago

Sorry for being stupid, but where do you find the GA script code that is supposed to go in the script blocking field?

I’m using the Woocommerce Google Analytics Integration plugin (https://wordpress.org/plugins/woocommerce-google-analytics-integration/).

sabinevi
(@sabinevi)

5 years, 11 months ago

Dear @ollybach, you are a true hero posting your solution, thank you so much!

@tjimm As ollybach states you should de-activate the google analytics plugin and paste your analytics embed code in the script blocking textarea.
Look here https://developers.google.com/analytics/devguides/collection/analyticsjs/ for GA code examples

lazykins
(@lazykins)

5 years, 11 months ago

Okay, this makes great sense. Can someone please tell me in simple terms, does this plug-in actually block cookies?

For example, I have a PayPal button on my website. Even when I decline acceptance, I see that cookie loaded by the page.

How do I block those cookies, if I can?

Thank you!
L.

petervanzomeren
(@petervanzomeren)

5 years, 11 months ago

@lazykins

I’ve got the exact same question. I’ve got some social share buttons and YouTube embedded video’s too. When I test the consent by clicking the ‘do not accept’ choice, those cookies still get placed according to Ghostery and the inspector/memory function of Firefox.

Jan444
(@ign2009)

5 years, 10 months ago

Thanks for this awesome plugin that help us out with all this GDPR craze.

After reading this, I understand that we should put on that area in the settings ALL the cookies we want to take effect (that is, to be sent to the user’s browser) once the user clicks on the “Accept Cookies” button. That means we have to, previously, remove them from their original places.

I think this is a big, very important detail, and should be better highlighted and explained from the very beginning, for us to properly manage the plugin.

What about third party cookies? I think we won’t be always able to remove a cookie from its original place and put it on that script blocking section… is this assumption right?

What to do then?

Thanks,

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Script Blocking – Explained’ is closed to new replies.