Cookie Banner API Overview

Super admins and users with permission to edit website settings can customize visitor cookie tracking and privacy policy banners to comply with EU cookie laws and the General Data Protection Regulation (GDPR).

A privacy alert allows visitors to opt in or opt out of being tracked in your HubSpot account with cookies. This feature works for all HubSpot pages as well as any external pages with your HubSpot tracking code installed.Customize the cookie tracking settings and privacy policy alert.

In this article, learn how to manage the cookies that are added to a visitor's browser through the cookie banner.


Remove cookies

_hsp.push(['revokeCookieConsent']);

Remove the cookies created by the HubSpot tracking code that are included in the HubSpot consent banner under GDPR, include the HubSpot cookies related to tracking the visitor. As a result of the cookies being removed, the visitor would see the cookie consent banner on their next page load, as they would appear as a new visitor.

This function does not remove cookies placed by non-HubSpot banners. You can find the specific list of cookies that will be removed on HubSpot's Knowledge Base

/* Example code to remove the consent banner cookies when a visitor clicks an element with the 'removeCookies' id. */ var _hsp = window._hsp = window._hsp || []; document.getElementById("removeCookies").onclick = function() { _hsp.push(['revokeCookieConsent']); };

Place do not track cookie

_hsq.push(['doNotTrack']);

Places the __hs_do_not_track cookie in the visitors browser, which will prevent the HubSpot tracking code from sending any information for the visitor.

You can remove the cookie by calling the function again and including the {track: true} argument:
_hsq.push(['doNotTrack', {track: true}]);

Please note: this function prevents all information from being collected by the tracking code, including anonymized traffic and custom event data.

/* Example code to place the __hs_do_not_track cookie for the visitor when they click an element with the 'doNotTrack' id. */ document.getElementById("doNotTrack").onclick = function() { _hsq.push(['doNotTrack']); };

Get privacy consent status

_hsp.push(['addPrivacyConsentListener', callbackFunction]);

Get the privacy consent status of the current visitor. There are 3 categories of consent that can be used to provide more granular control to the user. These each have their own keys within the consent.categories object:

  • consent.categories.analytics
  • consent.categories.advertisement
  • consent.categories.functionality

The callbackFunction will be called, depending on the state of the page:

  • If the banner is not enabled, or if the visitor has previously seen the banner and clicked accept or decline:
    • the callbackFunction will be called immediately if the banner code is already loaded.
    • the callbackFunction will be called after the tracking code loads if the function is pushed to _hsp before the tracking code loads.
  • If the banner is enabled, the callback function will be called when the visitor clicks on the accept or decline button.  
// Log the analytics category consent status of the current visitor to the console var _hsp = window._hsp = window._hsp || []; // analytics _hsp.push(['addPrivacyConsentListener', function(consent) { console.log(consent.categories.analytics); }]); // advertisement _hsp.push(['addPrivacyConsentListener', function(consent) { console.log(consent.categories.advertisement); }]); // functionality _hsp.push(['addPrivacyConsentListener', function(consent) { console.log(consent.categories.functionality); }]); // or it can all be done in one call _hsp.push(['addPrivacyConsentListener', function(consent) { console.log(`analytics: ${consent.categories.analytics}`); console.log(`advertisement: ${consent.categories.advertisement}`); console.log(`functionality: ${consent.categories.functionality}`); }]);

Cookies not by category

This is provided for backward compatibility with older scripts. For all new websites you should use the cookies by category method, giving more granular control over cookie activation.

_hsp.push(['addPrivacyConsentListener', callbackFunction]);

Allows you to get the true or false privacy consent status of the current visitor.

The callbackFunction will be called, depending on the state of the page:

  • If the banner is not enabled, or if the visitor has previously seen the banner and clicked accept or decline:
    • the callbackFunction will be called immediately if the banner code is already loaded.
    • the callbackFunction will be called after the tracking code loads if the function is pushed to _hsp before the tracking code loads.
  • If the banner is enabled, the callback function will be called when the visitor clicks on the accept or decline button.  
// Log the consent status of the current visitor to the console var _hsp = (window._hsp = window._hsp || []); _hsp.push(["addPrivacyConsentListener", function (consent) { if (consent.allowed) { console.log('something') } }])

The callbackFunction accepts a consent object as its only argument.

The consent object has a single allowed property that will be true if:

  • The privacy policy consent banner is not enabled, or is enabled in notify-only mode.
  • The visitor clicks accept on the banner when opt-in mode is enabled.
  • The visitor has previously clicked accept on the banner when opt-in mode is enabled.

The property will be false if the consent banner is enabled in opt-in mode and the visitor clicks or has previously clicked the decline button.

Call the showBanner function to resurface the banner, enabling website visitors to make changes to their consent preferences. For example:

​​var _hsp = window._hsp = window._hsp || []; ​​_hsp.push(['showBanner']);

The behavior ofshowBannervaries by policy and is only available for Opt-In and Cookie-By-Category policies. 

For Opt-In policies, calling showBanner  will cause the banner to reappear, as shown in the video below:

devdocs-api-manageConsent_optin

 

For Cookies-By-Category policies, calling showBanner will cause the modal for selecting each category to reappear, as shown in the video below:

devdocs-api-manageConsent_cbc

UI Examples

This functionality can be made available to visitors in the form of buttons/links on your website that they can use to re-open the banner and edit their preferences. The following are examples with code. 

Button

A button, often placed in the website footer.

<button type="button" id="hs_show_banner_button" onClick="(function(){ var _hsp = window._hsp = window._hsp || []; _hsp.push(['showBanner']); })()" > Cookie Settings </button> #hs_show_banner_button { display: inline-block; text-align: center; height: 50px; background-color: #425b76; border: 1px solid #425b76; border-radius: 3px; padding: 10px 16px; text-decoration: none; color: #fff; font-family: inherit; font-size: inherit; font-weight: normal; line-height: inherit; text-shadow: none; }
devdocs-api-manageconsentbutton

 

Fixed position button

A button with fixed positioning on the bottom of the screen. This kind of button has the advantage of being readily available and easy to find, while being somewhat obtrusive UX.

<button id='hs-hud-cookie-settings' onClick="(function(){ var _hsp = window._hsp = window._hsp || []; _hsp.push(['showBanner']); })()"> Cookie Settings </button> button#hs-hud-cookie-settings { position: fixed !important; bottom: 0px; right: 10px; color: white; background-color: #425b76; padding: 5px; border-top-right-radius: 5px; border-top-left-radius: 5px; border-width:0; appearance:none; }
devdocs-api-manageConsent_tab

 

A link or highlighted text.

<a id="hs-cookie-settings-link" onClick="(function(){ var _hsp = window._hsp = window._hsp || []; _hsp.push(['showBanner']); })()"> Cookie Settings </a> #hs-cookie-settings-link { cursor: pointer; }
devdocs-api-manageConsent_tab_v2

 

Previous Categories

In order for privacy consent listeners added to the banner to comply with changes in consent, the consent object passed to the listeners includes a previousCategories field which stores the previous consent state by category:

consent = { allowed: true or false, categories: { necessary: true, analytics: true or false, advertisement: true or false, functionality: true or false, }, previousCategories: { necessary: true, analytics: true or false, # defaults to false advertisement: true or false, # defaults to false functionality: true or false, # defaults to false }, }
Please note: previousCategories is not preserved between page visits. Each time the user reloads or revisits the page, previousCategories will be reset to the defaults.

Consent listeners can use previousCategories to identify when consent has changed and tailor their behavior appropriately. For instance, a tracking script might use a consent listener to drop cookies when it receives consent and remove those cookies when consent is revoked. The previousCategories field also allows listeners to recognize when consent has not changed and no action is required.

Below is an example of a consent listener that uses previousCategories:

_hsp.push(['addPrivacyConsentListener', function(consent) { const prevConsent = consent.previousCategories; const currConsent = consent.categories; const hasConsent = currConsent.analytics && currConsent.advertisement; const prevHadConsent = prevConsent.analytics && prevConsent.advertisement; const hasChanged = hasConsent !== prevHadConsent; if (hasChanged && hasConsent) { // drop cookies, execute code etc } if (hasChanged && !hasConsent) { // remove cookies, undo actions and resepect user privacy } }]);

Was this article helpful? *
This form is used for documentation feedback only. Learn how to get help with HubSpot...