Blocking JavaScript third-party cookies with GTM

Third-party cookie blocking requires you to disable the javascript function of third-party libraries (e.g. Google Analytics, Facebook Pixel, LinkedIn, AdWords, etc.) before users provide express consent.

If your third-party vendors’ code is inserted into your website code directly, please check out manual blocking.

If your third-party vendors’ code is deployed via Google Tag Manager (GTM), please follow the steps below to implement cookie blocking.

However, GTM can only be used for scripts that are non-positional. Non-positional scripts are those that don’t have a specific element on a page. In short, you can use GTM for all analytics tools, and use manual blocking for AdSense banners, Youtube videos, social buttons, and widgets of any kind.

 

If you haven’t used GTM before, you can visit this link for more information.

How to use GTM to block third-party cookies
 

If your website already uses Google Tag Manager to deploy your third-party libraries (e.g. Google Analytics, Facebook Pixel, LinkedIn, AdWords, etc.), you’ll need to prevent them from triggering until your website visitors have given their consent to the use of cookies. To do this, follow our step-by-step guide below.

Step 1. Add the Termly Consent Banner Code Snippet on GTM

  • Go to your Google Tag Manager Workspace and create a new Tag.

 
  • Click Choose a tag type to begin setup, then choose Custom HTML, paste your Termly code snippet, choose the All Pages firing trigger, and save.

 

Step 2. Create triggers for each of your third-party tags

You should create several types of firing triggers. These triggers will allow you to block third-party libraries. We recommend that you download (and import) our GTM container here (please save the GTM container as .json format). This will allow all of the necessary triggers to be added automatically.

Please import our GTM container by following these steps:

  • Switch to the Admin tab and click Import Container

 
  • Fill out the form and remember to choose to Merge instead of Overwrite (this will overwrite all of your container settings), and choose Rename conflicting tags, triggers, and variables.

  • Check that you have made the correct selections, then click the Confirm button.

 
  • Once you’ve completed the above steps, all of the website visitors’ consent banner triggers will be added to your GTM container.

Step 3. Classify your third-party tags

The next step you’ll want to take is to ensure that the third-party tags trigger after a website visitor consents to the use of non-essential cookies. In this step, you need to find out which cookie categories each third-party service uses. You can refer to the below section: How to classify third-party cookies.

 

How to classify third-party cookies

Termly’s consent manager classifies cookies in 6 categories: essential, performance, analytics (and customization), advertising, social_networking, unclassified. You’ll need to determine the appropriate category for each of your third-party libraries deployed via GTM. You can refer to the cookie scan report by logging in to your Termly dashboard. Note that you don’t need to block essential cookies, as the EU Cookie Law allows essential cookies to be active without user consent.

Step 4. Apply triggers to your third-party tags

After you sort your third-party service cookies into the appropriate categories, return to GTM and complete the following:

  • Create triggers for different categories (refer to our GTM container)

  • Click on the third-party library tag you wish to block

  • Click the trigger condition below

  • Select User Preference Update (or trigger name that you created for a category)

 
  • Here’s an example assuming the third-party tag you want to block is categorized as advertising(your trigger should include highlighted conditions):

 

Now that you know the categories of cookies in your code snippet, you can replace the All Pages (Pageview) with the triggers created in the above steps. Make sure your third-party library scripts won’t fire on the All Pages (Pageview) trigger, and GTM will be properly configured to block your scripts by default.

 

What if a third-party service contains essential cookies, which can — according to the EU Cookie Law — be deployed without a website visitor’s consent?

A: If a third-party service only uses essential cookies, we suggest you use [All Pages] to make sure this service can be deployed normally without the website visitors’ consent.

However, if there is a third-party service which contains both essential and other cookie categories (which is uncommon), you will have to make a call based on the functionality of the service. If it’s an important service and needs to be active whether visitors consent to other cookie categories or not, you might be able to use [All Pages]. Keep in mind that doing this may deploy some cookies without your visitors’ consent.

If you choose to use the Termly trigger, we’ll ensure that this service is blocked until visitor consent is obtained. However, this might affect website performance, as we won't deploy the service until user consent is obtained.

Step 5. Preview and check your Website

You need to check the three items below to make sure your GTM settings are correct:

  1. Verify that your consent banner appears normally on your website

  2. Make sure your third-party code snippet isn’t triggered on your website by default

  3. After you check the cookie categories and accept the banner, confirm that your tag has been fired

Once you’ve finished checking your website, submit the changes in GTM and you’re done! Your website will now block third-party scripts until a website visitor gives their consent.