Preventing embed forms from setting cookies/tracking before consent on website

Level 1

Preventing embed forms from setting cookies/tracking before consent on website

Hey there!

I currently use Marketo embed forms on my website, and I'm looking to prevent the tracking/cookies from munchkin before a users gives consent.

I have a Cookie Control setup that has two main toggle actions. onAccept and onRevoke. I'm looking for a guide to prevent Marketo from setting cookies before consent is given. And when the onAccept fires, then it will set cookies. Visitors can toggle on and off their consent at any given time. So I also need to be able to clear all the existing Marketo related cookies and tracking if they toggle to revoke consent. (onRevoke)

Is there a guide anywhere for this? I found a variety of topics and discussions, but most were for Marketo specific landing pages.

Maybe something along the lines of MktoForms2.whenReady(function(form) { }); function to delete the cookies and then firing Munchkin.init() again when consent is given? I tried a basic interaction to prevent "_mkto_trk" or removing it on page load, but it didn't really work. 

My cookie control solution lives inside Google Tag Manager and I was able to set trigger events to fire each one individually, but Marketo seems to be the only one I'm unable to solve this way.

 Can this be done with some basic javascript on my frontend or are there settings inside Marketo to prevent cookies from being set on page load?

Any info pointing me in the right direction would be very much appreciated. 

Also is this the right place for this question? I'm not familiar with Marketo community,

Kind regards,


Level 10 - Community Moderator

Re: Preventing embed forms from setting cookies/tracking before consent on website

OK. To start off with more precision: it's Munchkin (the Munchkin JS library) that sets the _mkto_trk cookie, not the form. You can embed a Forms 2.0 form without Munchkin, and thus without a (new) cookie. And you can (and should) load Munchkin even if there's no form.

You definitely don't need to always create, then delete the cookie (that's actually a violation of the promise you're making to the end user).

First and foremost, you need to defer running Munchkin.init() at all until you have their opt-in. On a non-Marketo page this should be extremely easy, since you have full control over what runs when.

Check to see if there's an existing LastPreference cookie set to Accept, and if not, wait for the onAccept event to fire, and then run Munchkin.init(). In the onAccept listener, also set a secondary LastPreference cookie -- if your cookie consent manager doesn't already set one -- indicating that their last action was Accept, so you can consult this later.

If the onRevoke listener, set the LastPreference to Revoke for later. Delete any existing cookies. Do not run Munchkin.init().

You can also set ?mkto_opt_out=true in the query string, which will force Munchkin to not track from that point onward (until switched to false). But this feature can be difficult to coordinate with 3rd-party managers, and if you get your code right, you don't need it.