Setup instructions

Script on the website

Start with including the CookieTractor script on your website. In our setting tool, go to the tab Installation for the website and copy the script. Place the script as early as possible in the head-tag of the website; this is even more important if you're relying on CookieTractor to replace the video player for YouTube or Vimeo with their cookie-less contra parts. For the same reason, it's not recommended to load our script from Google Tag Manager or similar tools.

With the CookieTractor script in place, it's time to configure all cookie-enabling scripts loaded on your website to respect the user consent cookie category. CookieTractor does not automatically block any scripts, so this is crucial. Make sure you handle all scripts that set cookies on your site; you will find an overview of these under the Cookies tab in the setting tool. Please note that there might be more cookies than those found, so make sure you cover all scripts.

Follow the instructions for Google Tag Manager and/or vanilla Javascript events below:

Google Tag Manager (GTM) settings for User Consent

To control which of your scripts belong to the respective cookie category, the scripts need to be categorized. CookieTractor has built-in support for Google Tag Manager and will trigger events based on the visitor's consent settings. To use these inside Google Tag Manager, we need to create "Triggers" for any "Tags" dependent on the consent settings.

If you want to import all triggers and variables instead of creating them yourself, you can find instructions below.

Create the following triggers inside your Google Tag Manager account:

Name	Trigger Type	Event Name
Consent - Necessary (All Pages)	Custom Event	cookies_necessary
Consent - Statistical (All Pages)	Custom Event	cookies_statistical
Consent - Marketing (All Pages)	Custom Event	cookies_marketing

Now, update any Tags that require consent from your users to be triggered by any of these Triggers.

If you need to listen to events when a user revokes a consent, you can create the following Triggers and use them on your Tags:

Name	Trigger Type	Event Name
Consent Revoked - Statistical (All Pages)	Custom Event	cookies_revoked_statistical
Consent Revoked - Marketing (All Pages)	Custom Event	cookies_revoked_marketing

Variables to check for consent

In some cases, one might need to check if a visitor has consented to a specific type of cookie using "Conditions" in Google Tag Manager. To make it easier to access this information, we can add User-Defined Variables to get this information. In Google Tag Manager, go to "Variables" and add the following:

CookieConsent_AllowMarketing

Name: CookieConsent_AllowMarketing
Type: Custom Javascript
Code:
function(){
return cookieTractor.consentGivenFor('marketing')
}

CookieConsent_AllowStatistical

Name: CookieConsent_AllowStatistical
Type: Custom Javascript
Code:
function(){
return cookieTractor.consentGivenFor('statistical')
}

Import settings

You can import this JSON-file into Tag Manager, under Admin/Container/Import Container.

Unzip the downloaded file, and select the JSON-file as the file to import
Select your existing/current workspace
Choose Merge to append the settings, rather than to replace them
Check that everything looks correct, and continue by confirming the changes

The file contains all triggers and variables mentioned above. Please be careful though, an import with override will delete all current settings in the container.

Vanilla Javascript events for User Consent

If you're not using Google Tag Manager, you can use vanilla JavaScript events to load your scripts based on the visitor's consent.

The following code will react to consents given by the visitor:

window.addEventListener('CookieConsentGiven', function (event) {

console.log('CookieConsentGiven::PageEvent', event);
console.log('CookieConsentGiven::PageEvent::Consents', event.detail.consents);

var allowMarketing = event.detail.consents.indexOf('marketing') > 1;
console.log('CookieConsentGiven::AllowMarketing', allowMarketing);

}, false);

If you want to listen to an event triggered when the user revokes a consent:

window.addEventListener('CookieConsentRevoked', function (event) {

console.log('CookieConsentRevoked::PageEvent', event);
console.log('CookieConsentRevoked::PageEvent::Consents', event.detail.consents);

var revokedStatistical = event.detail.consents.indexOf('statistical') > -1;
console.log('CookieConsentRevoked::RevokedStatistical', revokedStatistical);

var revokedMarketing = event.detail.consents.indexOf('marketing') > -1;
console.log('CookieConsentRevoked::RevokedMarketing', revokedMarketing);

}, false);

You can also test if a consent if given with code:

if (cookieTractor.consentGivenFor('statistical')){
console.log('Consent is given for statistical cookies');
}
if (cookieTractor.consentGivenFor('marketing')){
console.log('Consent is given for marketing cookies');
}

Here's an example of how to use vanilla events to load a javascript based on the visitor consent:

// use another target than head if necessary
document.getElementsByTagName('head')[0].appendChild(script)
}
}, false);
</script>

Consent Mode is a technology from Google that makes it possible to use some of Google's tags and scripts without cookies being set until the user has given their consent for its use. Without consent, Google will carry out a limited tracking of the traffic and possible conversions. The advantage of this is that we can then see statistics and conversions in our tools even though the visitor has not given us consent for cookies.

Consent Mode is currently supported by the following Google products:

Google Analytics
Google Ads (Google Ads Conversion Tracking & Remarketing)
Floodlight

Our solution supports all the defined Consent Types that exist within the scope of Consent Mode::

analytics_storage, when consenting to statistics.
ad_storage, when consenting to marketing.
functionality_storage, upon consent for necessary.
personalization_storage, upon marketing consent.
security_storage, upon consent for necessary.

We automatically update the underlying APIs in Google Consent Mode and this works both with global site tags (gtag.js) and Google Tag Manager.

Getting Started:

For those of you using Google Tag Manager, we still recommend that you implement and use the Triggers we mention above for any Tags/Scripts that do not support Google Consent Mode. The tags/scripts that support Consent Mode should use the Consent Initialization - All Pages, built-in trigger, that way the Tag will always load but adapt its behavior based on the visitor's consent.

Test that Consent Mode works with Google Analytics:

Delete all cookies and reload the page.
Now you should see the cookie modal, and a request to *.google-analytics.com should have been sent with a query string that includes gcs=G100. This means that Analytics has been called but without consent for cookies.
In this mode, no cookie starting with _ga should have been saved on the domain.
Then click "Accept All" in our cookie modal. Within a few seconds, cookies with the name _ga should be created, indicating that the analytics tag has picked up the updated consent and started using cookies.

CSP:Blocked

Servers with content-security-policy enabled needs to allow access to cdn.cookietractor.com and app.cookietractor.com. The later is used to log consent statistics and references.

Cookie settings for the visitor

The visitor can reopen the cookie modal by clicking a link. You place the link on your site, preferably in the footer section. There are two ways to construct the link:

1. Insert a link with the class-attribute "cookie-consent-settings"

<a href="javascript:void(0)" class="cookie-consent-settings">Cookie settings</a>

2. Insert a link with the href-attribute "javascript:cookieTractor.openConsentSettings()"

<a href="javascript:cookieTractor.openConsentSettings()">Cookie settings</a>

When visitors change consent settings, we'll remove cookies based on the new settings. We can not delete third-party cookies, so you should inform users how they may be deleted in the browser on your privacy policy page.

Customized appearance

The cookie modal can be adjusted to your graphical profile. The most common adjustments can be made in our setting tool under the Design tab. Here you can set a custom font, adjust the primary color and change the border radius of the cookie modal and the buttons.

If you want to make further adjustments, it is easily done by writing CSS code. In the setting tool there is a built-in editor for this purpose. All design adjustments are therefore possible to do inside the setting tool; there is no need to add CSS code to your website.

Limit pages crawled for cookies

It is sometimes desired to limit which pages on the website to crawl for cookies. For example, a forum or webshop, where you know the cookies set are the same for a given page template. In the setting tool under the tab Settings, you can enter a regular expression that states which pages the crawler should limit. You can also enter how many of the matching pages should be crawled.

To limit pages below e.g., shop/ enter the RegEx: shop\/*

It's also possible to exclude pages with a query in the URL, which can be done with the expression: *\?*

To verify your RegEx, try regex101.com.

Exclude the cookie modal from an individual page

If you have a page where you don't want to display the cookie modal, you can apply the CSS class cc-hidden anywhere in the markup, for example, in body text that comes from your CMS. For example, pages with your Integrity Policy linked from the modal can be displayed before the visitor has given their consent.

Inactivate the video-player wrapper

CookieTractor will automatically replace YouTube and Vimeo videos with cookie less variants, as described here. If you want to disable this feature, add the following attribute to the CookieTractor script:

data-disable-youtube-wrapper="true"

Support

If you have any questions about the installation process, please email info@cookietractor.com.