Disable Hubspot tracking code with Wordpress plugin
resolver
Hi there !
We are currently using the Hubspot Wordpres plugin for tracking and embed forms into our pages/posts.
As the HubSpot cookie settings banner did not suit us (this is not the discussion here please), we decided to implement a third party tool to manage cookies through GTM called "Axeptio".
The issue :
Since the wordpress plugin inserts the tracking code automatically, I cannot enable it only if the user accepts the HubSpot tracking cookies which causes our website to not follow GDPR rules.
The questions :
Is there a way to programmatically disable HubSpot tracking when using the Wordpress plugin while keeping the use of forms ?
Is there a way to implement HubSpot forms into our websites without the Wordpress plugin ? (so that I can manually implement the tracking code through GTM).
I'm open to any alternatives if anybody has had this issue in the past.
Disable Hubspot tracking code with Wordpress plugin
resolver
As such, my theory is that there's a serious bug regarding this somewhere in the hubspot script, especially since it has a different behaviour based on whether the cookie banner is enabled or not. Unfortunately, I couldn't find any place to report this as a bug, so it would be great if you could report it.
PS: I believe this is a quite serious issue, because other customers might just be trusting the docs and not verifying the results, thus believing they are GDPR compliant, while they are not really compliant and breaking the regulations.
Disable Hubspot tracking code with Wordpress plugin
resolver
I'm sorry, but I didn't understand what you meant. What I'm doing is: 1. run the script above, pushin "doNotTrack" into `window.hsq`. 2. load the `<script src="https://js.hs-scripts.com/xxx.js" type="text/javascript"></script>` tag, loading Hubspot script; 3. check out storage, noticing the `hubspotutk`, `__hssc` etc. cookies, and check out network requests, noticing tracking calls such as the ones I linked above.
I'll try to replicate this in a very very simple sample app.
Disable Hubspot tracking code with Wordpress plugin
resolver
@Teun, I've made a very very simple test app: https://hubspotisnotgdprcompliant.web.app/. It only contains pushing the `doNotTrack` and then loading the Hubspot script. Please load the page and notice: 1. `doNotTrack` was loaded, as the __hs_do_not_track was placed automatically by HS script;
2. tracking cookies were placed, containing unique user identifier (`hubspotutk`, `__hssc` , etc.);
3. tracking calls are being made, containing the above unique user identifier, for example:
Thank you for testing this so thoroughly. This is definitely not the behaviour I expected from the __hs_do_not_track cookie. The only thing I can imagine is that it prevents the tracking data from getting associated with a specific contact.
Do you place the do_not_track cookie using the tracking code API?
_hsq.push(['doNotTrack']);
If this is placed directly when the page is loaded, it should prevent any data from being sent according to the docs. If this is not the case, this sounds like a major bug.
Learn more about HubSpot by following me on LinkedIn or YouTube
✅ Did my answer solve your issue? Help the community by marking it as the solution.
The cookies will still be placed, but no longer collect any data. I suppose, because they no longer have tracking functionality, you can categorize these cookies as 'functional' cookies. However, I would like to advice you to discuss this with someone with a bit more legal knowledge.
Learn more about HubSpot by following me on LinkedIn or YouTube
✅ Did my answer solve your issue? Help the community by marking it as the solution.
I've tested your assumption and unfortunately doesn't seem to be true. Even though we've set up the __hs_do_not_track, Hubspot's scripts still send tracking requests, including identification and the above mentioned cookies:
I'm wondering why isn't this a bug, since it works correctly (i.e. doesn't place cookies and doesn't send tracking requests) if the Hubspot's cookie banner is enabled, but doesn't work correctly (places cookies and sends tracking information) if the cookie banner is disabled.
Disable Hubspot tracking code with Wordpress plugin
resolver
Hi Teun,
I've tried your solution, what would work perfect for our case.
I've implemented all of it in GTM and our custom cookie consent banner and what it does, is that it places an extra Hubspot cookie __hs_do_not_track. This cookie is placed on the very first event that happens when a new visitor comes to our website. Though this cookie is in place a.s.a.p., other cookies of Hubspot (like hubspotutk, __hssc, etc.) are still placed.
Is it correct that these cookies are still placed, but the cookie __hs_do_not_track prevents sending data to Hubspot? Or is something going wrong with my implementation?
If it is correct that cookies are still being placed, but don't send data, it's still not GDPR proof as I understand.
For anyone trying to fix the same thing, I created a two new tags on GTM: one that enables the "doNotTrack" cookie when axeptio returns the enable event and the second one that disables it when axeptio returns the disable event.
Disable Hubspot tracking code with Wordpress plugin
resolver
Hello. Are you sure that pushing the __do_not_track cookie works and Hubspot doesn't add the rest of their cookies?
For example, we've tried to programatically set the `__hs_do_not_track` and `__hs_opt_out` cookies with `yes` value, before we inject the `js.hs-scripts.com`. This works good if the cookie policy banner is enabled in the Hubspot Settings. However, if we disable the cookie policy from there (so we don't show Hubspot's banner), Hubspot's script doesn't seem to respect those values and fills in the browser with the tracking cookies. And if we keep it enabled, then how do we start tracking afterwards, without refreshing the page?