Main content area

Simplify Cookie Control set up with version 9.5

It's no secret that users expect modern applications and websites to be feature-rich and user-friendly. Content is often the real differentiator in value, so it's unsurprising that publishers focus on this and look to third-party code and services to provide common functionality, such as article sharing or streaming multimedia content.

This article aims to show how you can simplify the integration of most third-party code while maintaining user’s privacy and confidence with a new feature within version 9.5 of Cookie Control.

The risk of third party code

In 2019, Osterman Research and PerimeterX released a white paper that estimated websites consist of approximately 70 percent third-party code1. Although simply loading third-party code, can put your user’s privacy at risk, the integration of such services isn't indeed always straightforward or convenient.

Often, the most popular third-party services predate legislation such as GDPR, so their default behaviour is that of tracking site users in order to build a user profile. The onus is on the publisher to alter this behaviour to one more respecting of privacy - and if this isn't done properly, then the penalties could be severe as third-party services could potentially track and target users across multiple websites by storing information within third-party cookies.

Even if the publisher does all that they can, ultimately a lot must come from trust in the third party doing the right thing - a perception that your site visitors may not share, given the history of some of the internet’s biggest service providers2.

The safety of data-src

To illustrate the above, the example of sharing (embedding) a YouTube video on your website can be used. Publishers are invited to copy the required iframe code onto their website prior to being made aware that they need to actively scroll and opt into ‘privacy-enhanced’ mode.

To the end-user, they can only hope that their privacy is being respected by both the publisher and third party service - this is because the simple act of adding the iframe to your website is enough for YouTube content to load and in turn start setting cookies prior to any user action.

Now in version 9.5 of Cookie Control, it's easier to maintain users' confidence by preventing such content from automatically loading until after they have set their preferences. This is achieved by simply swapping the iframe’s "src" attribute to that of "data-src".

When this happens, the browser doesn't automatically load the third party content. Instead, it only loads after the user has granted their consent to a particular category, which you would need to make the user aware of in the usual manner through the optional Cookies property.

The association of the cookie category with a particular piece of third party content is done by adding the attribute "data-cc-category" and setting its value to the same name as the optional cookie category. This approach can be used to simplify the integration of any code that you would otherwise add to your site via the "src" attribute, including third-party scripts or other multimedia content.

For a full code example, please see here.

Take a look at our Cookie and GDPR compliance to see where we can help.