Preventing Google Analytics Cookies

Opinion is divided on whether the new cookie regulations apply to the cookies set by Google Analytics.

If you want to prevent these cookies being set, you need to ensure that the Google Analytics scripts do not run. We have added a status object to our javascript that allows you to do just that.

As an example, you can look at the Google Analytics code for this site (using View Source). For convenience, here is is as well.

<script type="text/javascript">
if (_cookieOK.accepted){
  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-222592-4']);
  (function() {
    var ga = document.createElement('script');
    ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ?
       'https://ssl' : 'http://www') + 
    var s = document.getElementsByTagName('script')[0];
    s.parentNode.insertBefore(ga, s);

The relevant changes to the stock script are highlighted in red. At the moment the _cookieOK variable only has the accepted property, but we may well add more.

Of course this means that the page views for these users will not be reported to Google Analytics. We are working on a way to do that without setting cookies on the visitor’s machine – stay tuned.

7 Responses to “Preventing Google Analytics Cookies”

  1. Isiah May 7, 2012 at 10:41 pm #

    “Of course this means that the page views for these users will not be reported to Google Analytics. We are working on a way to do that without setting cookies on the visitor’s machine – stay tuned.”

    Any luck sorting that because that is the deal-breaker isn’t it?

    Of course, it would be fine to say that you need set a cookie (recording that the user doesn’t want cookies) but you’d have to state that you were doing that wouldn’t you. Hmm…. It gets ugly doesn’t it.

    • admin May 8, 2012 at 7:43 am #

      Our idea is to record the visit in Google Analytics (GA) from the server. When there is a visitor to the site, we fire off a message to GA to record the page view. You do not get the full information in GA, but at least you have an idea of the number of page views where people have not accepted cookies. It may also be possible to use a small cacheable transparent gif along with browser fingerprinting techniques to make some attempt to test if the visitor is a repeat visitor.

      There is still not clarity on how owners should handle GA cookies. The ICO Guidance states that “Provided clear information is given about their activities we are highly unlikely to prioritise first party cookies used only for analytical purposes in any consideration of regulatory action.”

      The ICO guide also suggests that if you show a banner (or similar) it is reasonable to set a cookie recording that the user has seen the banner, even if the do not accept or reject the cookies – I guess the argument would be that this is essential to the operation of the site.

      • Isiah May 15, 2012 at 9:47 pm #

        Cool. Thanks for the reply.

        Well I shall be using your excellent bit of script and just see what happens, so thanks for sharing it.

        My guess is until there is some kind of test case then there will be no clear legal precedence to work from.

        And given the amount of sites/site owners doing nothing at all, then making at least the best effort to comply is still the better option – even if it isn’t totally perfect.


        • admin May 16, 2012 at 4:13 am #

          Yes, it looks like higher profile sites are taking a very soft touch to obtaining permission – showing that they are doing something but try to make in as unobtrusive as possible.

  2. Isiah May 15, 2012 at 9:50 pm #

    and by the way – the link in your own cookie panel to “More Information” leads to an essentially blank page.

    • admin May 16, 2012 at 4:10 am #

      Thanks for pointing that out – this page is now populated again.

  3. Lynette Berry May 30, 2012 at 11:12 am #

    Just tried to add the code for both my websites and it didn’t work. I can not afford to pay someone to do this for me, I’m not technical minded so how is a small business like me supposed to comply when the tools you give us do not work! Help!