Third-party cookie blocking requires you to disable the javascript function of third-party libraries (e.g. Google Analytics, Facebook Pixel, LinkedIn, AdWords, etc.) before users provide express consent.


If third-party code is inserted into your website code directly, you will need to use Auto Blocker or manually block it. If third-party code is deployed via Google Tag Manager (GTM), follow the steps below to implement cookie blocking.


If you plan to use Termly's Auto Blocker, you cannot install the consent banner code snippet via GTM. Instead, you will need to install the code snippet directly using HTML. However, any script delivered via GTM must be categorized and blocked using the instructions on this page, starting on Step 2.


If you decide not to use Auto Blocker, follow the steps below to install your consent banner and block scripts using GTM.


How to use GTM to block third-party cookies


If your website uses Google Tag Manager to deploy third-party libraries (e.g. Google Analytics, Facebook Pixel, LinkedIn, AdWords, etc.), you need to prevent them from triggering until website visitors have given their consent to the use of cookies. To do this, follow the steps below.


Step 1. Add the Termly Consent Banner Code Snippet on GTM

  • Go to your Google Tag Manager Workspace and create a new tag.



  • Click Choose a tag type to begin setup, then click Custom HTML.
  • Paste the code snippet found below — not the code snippet found in your Termly dashboard. The code snippet in your dashboard will not function properly in GTM.
<script>
    (function () {
    var s = document.createElement("script");
    s.type = "text/javascript";
    s.async = true;
    s.src = "https://app.termly.io/embed.min.js";
    s.id = "{{website uuid}}";
    s.setAttribute("data-name", "termly-embed-banner");
    var x = document.getElementsByTagName("script")[0];
    x.parentNode.insertBefore(s, x);
    })();
</script>

  • Replace {website uuid} in the above code with the UUID found in your Termly dashboard code snippet — found by clicking Embed Consent Banner in your Termly dashboard. Below is a highlighted example of where to find your UUID in your code snippet.



Step 2. Create triggers for each of your third-party tags


You should create several types of firing triggers to block each specific third-party cookie category. We recommend that you download and import our GTM container here (please save the GTM container as .json format). This will allow all of the necessary triggers to be added automatically.


Import our GTM container by following these steps:

  • Switch to the Admin tab and click Import Container


  • Fill out the form and choose to Merge instead of Overwrite (the latter will overwrite all of your container settings), and choose Rename conflicting tags, triggers, and variables
  • Check that you have made the correct selections, then click Confirm



  • Once you’ve completed the above steps, all of the website visitors’ consent banner triggers will be added to your GTM container


Step 3. Apply triggers to your third-party tags


After you create triggers, you need to apply them to your tags so that your tags fire only when the relevant trigger runs. The triggers correspond to the consent category that you want the tag to fall under:

  1. Unblock Analytics Cookies
  2. Unblock Advertising Cookies
  3. Unblock Performance Cookies
  4. Unblock Social Networking Cookies
  5. Unblock Unclassified Cookies


All triggers can be found in Termly's downloadable GTM container from step 2. 

 

Here’s an example for a Google Analytics tag that should be categorized as "Analytics." In GTM it is set to be delivered when "Unblock Analytics Cookies" triggers.



What if a third-party service contains essential cookies, which can — according to the EU Cookie Law — be deployed without a website visitor’s consent?
If a third-party service only uses essential cookies, we suggest you use [All Pages] to make sure this service can be deployed normally without the website visitors’ consent.
However, if there is a third-party service that contains both essential cookies and other cookie categories (which is uncommon), you will have to make a call based on the functionality of the service. If it’s an important service and needs to be active whether visitors consent to other cookie categories or not, you might be able to use [All Pages]. Keep in mind that doing this may deploy some cookies without your visitors’ consent.
If you choose to use the Termly trigger, we’ll ensure that this service is blocked until visitor consent is obtained. However, this might affect website performance, as we won't deploy the service until user consent is obtained.



Step 4. Preview and check your Website


Check the three items below to make sure your GTM settings are correct:

  1. Verify that your consent banner appears normally on your website
  2. Make sure your third-party code snippet isn’t triggered on your website by default
  3. After you check the cookie categories and accept the banner, confirm that your tag has been fired


Once you’ve finished checking your website, submit the changes in GTM. Your website will now block third-party scripts until a website visitor gives their consent.