Cookie consent banner API
Super admins and users with permission to edit website settings can customize visitor cookie tracking and consent banners to comply with EU cookie laws and the General Data Protection Regulation (GDPR).
A cookie consent banner allows visitors to opt in or opt out of being tracked in your HubSpot account with cookies. This feature works for all HubSpot pages as well as any external pages with your HubSpot tracking code installed. Customize the cookie tracking settings and cookie consent banner.
In this article, learn how to manage the cookies that are added to a visitor's browser through the cookie consent banner.
Remove cookies
_hsp.push(['revokeCookieConsent']);
Remove the cookies created by the HubSpot tracking code that are included in the consent banner under GDPR, include the HubSpot cookies related to tracking the visitor. As a result of the cookies being removed, the visitor would see the cookie consent banner on their next page load, as they would appear as a new visitor.
This function does not remove cookies placed by non-HubSpot banners. You can find the specific list of cookies that will be removed on HubSpot's Knowledge Base.
If cookie blocking is turned on, this function will revoke consent so any third-party cookies will not be updated or dropped during future visits to the website.
Place do not track cookie
_hsq.push(['doNotTrack']);
Places the __hs_do_not_track
cookie in the visitors browser, which will prevent the HubSpot tracking code from sending any information for the visitor.
You can remove the cookie by calling the function again and including the {track: true}
argument:_hsq.push(['doNotTrack', {track: true}]);
Please note: this function prevents all information from being collected by the tracking code, including anonymized traffic and custom event data.
Get privacy consent status
_hsp.push(['addPrivacyConsentListener', callbackFunction]);
Get the privacy consent status of the current visitor. There are 3 categories of consent that can be used to provide more granular control to the user. These each have their own keys within the consent.categories
object:
consent.categories.analytics
consent.categories.advertisement
consent.categories.functionality
The callbackFunction will be called, depending on the state of the page:
- If the banner is not enabled, or if the visitor has previously seen the banner and clicked accept or decline:
- the callbackFunction will be called immediately if the banner code is already loaded.
- the callbackFunction will be called after the tracking code loads if the function is pushed to _hsp before the tracking code loads.
- If the banner is enabled, the callback function will be called when the visitor clicks on the accept or decline button.
Please note: This is provided for backward compatibility with older scripts. For all new websites you should use the cookies by category method, giving more granular control over cookie activation.
_hsp.push(['addPrivacyConsentListener', callbackFunction]);
Allows you to get the true or false privacy consent status of the current visitor.
The callbackFunction will be called, depending on the state of the page:
- If the banner is not enabled, or if the visitor has previously seen the banner and clicked accept or decline:
- the callbackFunction will be called immediately if the banner code is already loaded.
- the callbackFunction will be called after the tracking code loads if the function is pushed to _hsp before the tracking code loads.
- If the banner is enabled, the callback function will be called when the visitor clicks on the accept or decline button.
The callbackFunction
accepts a consent
object as its only argument.
The consent
object has a single allowed
property that will be true
if:
- The cookie consent banner is not enabled, or is enabled in notify-only mode.
- The visitor clicks accept on the banner when opt-in mode is enabled.
- The visitor has previously clicked accept on the banner when opt-in mode is enabled.
The property will be false if the consent banner is enabled in opt-in mode and the visitor clicks or has previously clicked the decline button.
Call the showBanner
function to resurface the banner, enabling website visitors to make changes to their consent preferences. For example:
The behavior ofshowBanner
varies by policy and is only available for Opt-In and Cookie-By-Category policies.
For Opt-In policies, calling showBanner
will cause the banner to reappear, as shown in the video below:
For Cookies-By-Category policies, calling showBanner
will cause the modal for selecting each category to reappear, as shown in the video below:
This functionality can be made available to visitors in the form of buttons/links on your website that they can use to re-open the banner and edit their preferences. The following are examples with code.
A button, often placed in the website footer.
A button with fixed positioning on the bottom of the screen. This kind of button has the advantage of being readily available and easy to find, while being somewhat obtrusive UX.
A link or highlighted text.
The HubSpot Consent Banner supports manual handling of third party tracking technologies and cookies. It's recommended to use manual handling if you have a complicated website and/or a dedicated web developer. If auto-blocking does not work for your site, manual blocking is also a good option.
Manual blocking is implemented through the Cookie Banner Consent Listener API. This API is used to prevent tracking technologies from running until they have consent. To get started, take a look at the examples below.
If you want to install a tracking script onto your website to display targeted ads to visitors. You could use something like the below:
<script src=”https://my.advertisement.script.com/ads”></script>
When this script is pasted into the head HTML of a page on a website it would run anytime someone visits that page, regardless of their consent status. Visitors will have cookies placed on their browser without consent.
To prevent the script from running without consent, you can use the HubSpot Cookie Banner Consent Listener API to install the script when the visitor has consented to its cookies. Consent listeners are functions that run whenever the visitor submits their consent. To use this functionality, a consent listener needs to be created that adds the script to the page if the visitor has consented to advertisement cookies.
This script will register the consent listener with the cookie banner. When consent to cookies is submitted, the consent listener will run, adding HubSpot's third party ads script to the page.
Google Tag or gtag.js can be used to add Google Analytics. For example:
To load Google Analytics when analytics consent has been given, the gtag script needs to be added when consent is given:
HotJar is another example of analytics tracking. For example:
HotJar is another example of analytics tracking. For example:
To ensure Hotjar runs when analytics consent is given, the consent listener can be added.
Thank you for your feedback, it means a lot to us.