Help Guides > FAQ > Features FAQ > How Do I Find the Script URL Pattern to Block Cookies on My Website?

How Do I Find the Script URL Pattern to Block Cookies on My Website?

Third-party services like analytics tools, advertising trackers, live chat widgets or plugin features often set cookies by loading JavaScript files. To block these cookies using CookieYes, you must first identify the script responsible and then define a script URL pattern that can be blocked until the user gives consent.

Note

The methods described below are commonly used and can help you identify script sources; however, they may not be effective in all scenarios or for all third-party services. Some scripts load dynamically or are minified, making them harder to trace.

If you’re unable to identify the script responsible for setting cookies, it’s best to consult your website development team, as they can help inspect how scripts are loaded.

There are several simple ways to identify which script is setting the cookie:

Method 1: Use Browser Developer Tools (Network Tab)

  1. Open your website in the Chrome browser.
  2. Press Ctrl + Shift + I (Windows) or Cmd + Option + I (Mac) or right-click and select Inspect.
  3. Click on the Network tab in the DevTools panel.
  4. Refresh the page (F5) to capture all network activity.
  5. Click on the “JS” or “Script” filter to show only JavaScript files. Optionally, check the “XHR” tab to detect dynamically loaded scripts.
  6. Find the script responsible for setting cookies. You can:
    • Check the script name (e.g., gtag.js, fb.js, livechat.js)
    • Look at the domain (e.g., google-analytics.com, facebook.net)

Method 2: Check Page Source

If scripts are embedded directly or loaded via <script> tags(with a src Attribute), checking the page’s source code is a simple way to detect the script.

Steps:

  1. Open your website in the Chrome browser.
  2. Press Ctrl + U (Windows) or Cmd + Option + U (Mac) or right-click and select View Page Source.
  3. In the HTML code, press Ctrl + F (Windows) or Cmd + F (Mac) and search for the <script to locate script tags. Look for:
    • Script tags with an src attribute.
    • Script tags that look suspicious or come from third-party domains (e.g., Google, Facebook, chat tools, marketing platforms).
    • Script IDs or class names that indicate a vendor or plugin.
    • Copy the src attribute value (the URL inside the quotation marks) to identify the script URL pattern.

Example

<script src="https://cdn.chat-service.com/init.js"></script>
<script src="https://yourdomain.com/wp-content/plugins/elementor/assets/js/frontend.min.js"></script>

4. Copy the src attribute value (the URL inside the quotation marks) to identify the script URL pattern.

Method 3: Use the “Name” or “Domain” of the Cookie

If you know the cookie name (from the CookieYes scan), you can often trace it to a script via the domain or name pattern.

Steps:

  1. Open your website in the Chrome browser.
  2. Press Ctrl + Shift + I (Windows) or Cmd + Option + I (Mac) or right-click and select Inspect.
  3. Go to the Application tab.
  4. In the left sidebar, expand Cookies and click your domain.
  5. Find the cookie name you’re trying to track.
  6. Check the Domain column- it often indicates the source (e.g., facebook.com, hotjar.com).
  7. Search the Network tab (refresh if needed) for that domain or keyword.
  8. Locate the relevant script file and copy the URL or base path.

Step 2: Create the Script URL Pattern

Once you find the script responsible for setting cookies, you need to create a Script URL Pattern that tells CookieYes what to block until the user gives consent.

CookieYes supports two common pattern types, each suited for different blocking scenarios:

1. Block a Specific Script (Exact Match)

An exact match of the script URL pattern targets the single, specific script file. This approach is useful when you’ve identified a particular script that needs to be blocked until consent is granted.

Syntax:

https://analytics-example.com/tracker.js

This pattern blocks only the exact specified script without affecting other scripts, even in the same directory, offering the most precise targeting with minimal impact on site functionality.

2. Block Scripts from a Domain (Generic Pattern)

Use a generic pattern to block all scripts served from a specific domain, regardless of the file path. This is recommended when multiple scripts from the same domain are known or suspected to set cookies, but individual script paths are not confirmed.

    Syntax:

    https://analytics-example.com

    This pattern blocks all scripts from the specified domain until the user gives consent. It offers broader coverage when more general blocking is needed.

    Caution: This approach will block ALL scripts from the specified domain, including those that may be essential for website functionality (such as authentication, payment processing or core application features). Before implementing domain-level blocking, carefully audit all scripts from that domain to ensure you’re not unintentionally breaking critical site functionality.

    Once you’ve created your Script URL Pattern, add it to the Cookie in the Cookie Manager tab in CookieYes under the specific category. This central location allows you to manage all your script blocking patterns and ensures they’re properly applied before user consent is collected.

    Common script patterns to look for

    Analytics Scripts

    • Google Analytics: https://www.google-analytics.com/analytics.js
    • Google Tag Manager: https://www.googletagmanager.com
    • Facebook Pixel: https://connect.facebook.net

    Marketing and Advertising

    • DoubleClick: https://securepubads.g.doubleclick.net
    • Google Ads: https://ads.google.com

    Common WordPress Tracking Scripts

    • If using WordPress, check for scripts in:
      • https://yourdomain.com/wp-content/plugins/[plugin-name]
      • https://yourdomain.com/wp-includes/js

    Was this article helpful?

    Related articles

    Have more questions?

    Reach out to us and we'll answer them.

    Contact us