Go Headless

/

Build Apps
Get Started
Overview
Quick Start
Templates
Tutorials
What's New
Get an Idea

Develop Your App
About Developing Apps
App Dashboard Setup
Frameworks
Extensions
Wix Business Solutions
API Integrations
Access
Design

Launch Your App
About Launching Apps
Pricing and Billing
Market Listing
Localization
Legal and Security
Wix Terms of Use Policy
Wix App Market Partner Agreement
GDPR Compliance
About GDPR and Data Protection
Common GDPR Compliance Issues
Implement Cookie Consent Requirements
Test Your App for Cookie Consent Compliance
Security and Privacy Best Practice
App Distribution
App Promotion

Manage Your App
User Support
Versioning
Data and Analytics
Observability
Contact Us
In This Article

  1. Access the consent policy
  2. Guidelines for embedded scripts

Implement Cookie Consent Requirements

Meeting cookie consent requirements is critical for GDPR compliance and the success of your app. To prevent your app from being uninstalled by customers striving for compliance, ensure your app complies with the requirements and test it thoroughly.

Make sure to:

  1. Check the visitor's consent policy at the start of each session, and comply completely with the set policy.
  2. Listen to changes in the policy during the session, and comply with any changes.

Access the consent policy

The method you use to access and monitor the consent policy depends on the type of extension. The following table provides the relevant methods for each extension type.

ExtensionGet consent policyListen for changes
Custom elementsJavaScript SDK getCurrentConsentPolicy()JavaScript SDK onConsentPolicyChanged
Embedded scriptsJavaScript SDK getCurrentConsentPolicy()JavaScript SDK onConsentPolicyChanged
Wix Blocks appsVelo getCurrentConsentPolicy()Velo onConsentPolicyChanged
iframe appswix.utils getCurrentConsentPolicywix.utils onConsentPolicyChanged
Worker iframe appswix.worker Utils.getCurrentConsentPolicywix.worker Utils.onConsentPolicyChanged

Note: For worker iframe apps, the consent policy is also passed as a query param in the iframe URL.

For custom elements and embedded scripts not using the JavaScript SDK, access consent policy information using the window property:

  • Get the current consent policy:

    Copy
  • Listen for consent policy changes:

    Copy

These functions return the same properties as described in the SDK documentation.

Guidelines for embedded scripts

Embedded scripts are automatically rendered or blocked based on the site visitor’s approval or denial of the cookie type, which corresponds to the script type selected during setup.

Embedded Script Setup

If your script falls into more than one category, always select the more restrictive category. For example, if the script is Functional, but also collects Analytics data, it should be marked as Analytics.

If your script has marketing or analytical functionalities but needs to be listed in one of the less restrictive categories in order to carry out its main functionalities, you should do one of the following:

  • Create two embedded script components, each one containing the relevant script for its category.
  • Write conditional code to check the policy before running code that requires a more permissive policy. If your script structure does not allow you to do this, ask for approval to be marked as Functional/Essential via our support, as long as your app takes the user policy into account.

Your script or functionality should load only if the user has granted consent.

Did this help?