Created your Ucraft website and need to manage cookies? In this guide, you’ll learn when you need a cookie consent management system for Ucraft and how to add iubenda’s Privacy Controls and Cookie Solution to your Ucraft site.
Jump directly to How to add iubenda’s Privacy Controls and Cookie Solution to your Ucraft site.
Caution
Ucraft Next reaches end of life on February 28, 2026. If you’re migrating to Ucraft V2, the code injection steps below still apply: paste your snippet under Site Settings > Code Injection > Before </head> tag. Screenshots in this guide show the previous interface and will be updated soon.
Do I need a cookie policy for Ucraft?
Yes, and here’s why.
If you have EU-based users and your website uses cookies (which it most likely does), you need to manage cookie consents according to the ePrivacy Directive and GDPR. This means you need to block cookie scripts and similar technologies until the user gives consent.
Also, for the consent to be considered valid, you need to make certain disclosures via a cookie banner and link to a more detailed cookie policy. See our getting started guide.
Need to add a privacy policy to your Ucraft site? See the Ucraft privacy policy integration guide.
What the solution supports
When you embed the Privacy Controls and Cookie Solution on your Ucraft site, you get access to the full iubenda cookie management platform:
- Fully customizable cookie banner with options to match your site’s branding and colors
- Automatic cookie policy generation based on the services detected on your site
- Auto-blocking of scripts that install cookies before consent is collected
- Integration with Google Consent Mode v2 (iubenda is a Google-certified CMP)
- Integration with IAB’s Transparency and Consent Framework (TCF 2.3)
- Support for US state privacy laws (CCPA/CPRA, VCDPA, CPA, CTDPA, and others)
- Support for the Swiss Federal Act on Data Protection (FADP)
- Support for Brazil’s LGPD
- Granular, per-category consent (e.g. Functionality, Experience, Marketing)
- Geo-detection to limit consent requests to regions where legally required
- Storage of consent proofs for accountability
How to add iubenda’s Privacy Controls and Cookie Solution to Ucraft
Not sure what privacy documents you need for your Ucraft site? Take this quick quiz to see which laws apply to you and your business.
To install the Privacy Controls and Cookie Solution, you need to modify the <head> of your site. This requires a Ucraft Pro Website plan or higher. On the free plan, you cannot add custom code. More info on Ucraft’s Site Settings documentation.
Once you’ve generated and customized your Privacy Controls and Cookie Solution, follow these steps to integrate it with your Ucraft website:
First, head over to your iubenda dashboard and click on [Your website] > Privacy Controls and Cookie Solution > Embed.
Here you can customize your banner and then click Copy to copy your Privacy Controls and Cookie Solution snippet.
Next, go to your Ucraft dashboard and select your Site Settings.
Click on the Code Injection tab and scroll down until you find the Before </head> tag text box.
Paste your Privacy Controls and Cookie Solution code in the Before </head> tag section (as shown above), click Save, and you’re done.
Note
The code will go live once you’ve connected a custom domain to your Ucraft website.
Set up prior blocking of cookie scripts
Few categories of cookies are exempt from the consent requirement. Therefore, almost all scripts that install or can install cookies must be blocked before consent is obtained.
Simplify your cookie-blocking process with auto-blocking
There’s a simpler option available for the prior blocking of cookies and trackers. Our auto-blocking feature automates the process, saving you time and effort.
If you prefer to manually tag your scripts that install or may install cookies, you can still follow the process below for step-by-step instructions and practical examples. However, we highly recommend considering the auto-blocking feature for a more streamlined approach.
Learn more about auto-blocking and how it can simplify your cookie-blocking process.
How to implement prior blocking via manual tagging on your Ucraft site
Manual tagging is the method of prior blocking we’ll be using for the tutorial below. You can view other methods here.
To set up prior blocking, you need to make some minor changes to your site’s scripts. Here’s what to do:
- Identify the script/iframe for any additional services running on your website (e.g., Twitter follow button)
- Add some simple text to the HTML code (we’ll show you how below)
- Save
In this tutorial, we are going to block a Twitter follow button.
Not sure which services you need to block? If you’re using a cookie policy generated by iubenda, the services listed in your cookie policy are most likely the ones you need to modify now.
Step 1: Identify the script
In your Ucraft site editor, find the script you need to modify (simply search for the service you want to block, in this case, the Twitter follow button).
Then click on the Edit Custom HTML icon to open the code editor.
Step 2: Modify your script
Now, we’re going to change the script. To do this, we will make 3 simple changes:
- Add this class:
_iub_cs_activateto the script tags, and change the “type” attribute fromtext/javascripttotext/plain - Replace the src with
data-suppressedsrcorsuppressedsrc - Specify the categories of the scripts/iframes with a special comma-separated
data-iub-purposesattribute, e.g.data-iub-purposes="2"ordata-iub-purposes="2, 3"
More about categories and purposes
Purposes are your legal reasons for processing the particular type of user data. Different scripts on your site will fall into different categories and serve different purposes. For example, Google Analytics may be used for Measurement, while the Pinterest button may be used for Experience (Purpose 3 below). Purposes are grouped into 5 categories each with an id (1, 2, 3, 4, and 5):
- Necessary (id:
1) - Functionality (id:
2) - Experience (id:
3) - Measurement (id:
4) - Marketing (id:
5)
For even more detailed info on categories and purposes, see our guide here.
Let’s take the Twitter follow button as an example:
We need to 1. Add the class and change the “type” attribute, 2. replace the src and 3. specify the categories.
The code structure should look like this:
<p>Twitter follow button:</p>
<!-- please note type="text/plain" class="_iub_cs_activate" data-suppressedsrc="..." (manual tagging) and data-iub-purposes="3" (per-category consent) -->
<a href="https://twitter.com/iubenda" class="twitter-follow-button" data-show-count="false">Follow @iubenda</a>
<script async type="text/plain" class="_iub_cs_activate" data-suppressedsrc="https://platform.twitter.com/widgets.js" data-iub-purposes="3" charset="utf-8"></script>Step 3: Save!
Now that you’ve made your changes, simply hit save, and you’re done.
Not sure if you’ve set up correctly? Check out the live example and FAQs below.
Live example
This is an example that shows everything we have described above. You can use this CodePen as a guide to see what happens before and after blocking scripts via manual tagging.
To demonstrate the cookie blocking feature, we’ve embedded a YouTube video and a Twitter follow button:
Follow @iubenda
Both scripts are blocked through manual tagging. Since both the YouTube video widget and the Twitter follow button are part of the Experience purpose (id 3), we’ve added data-iub-purposes="3" to their scripts so that the Privacy Controls and Cookie Solution can properly identify them for release.
Click on the Accept button, or just activate the “Experience” toggle, to release these scripts (refresh the page to return to the starting point).
How can I tell if I’ve set prior blocking up properly?
As you can see in the CodePen example, the YouTube and Twitter scripts do not load if you do not consent. (You can test this again by opening this link in incognito mode in your browser.)
After you have saved, open your site in incognito mode and check if the scripts you have blocked via manual tagging stay blocked until you consent.
For other blocking options, see Google Consent Mode as an alternative to prior blocking, Google Tag Manager to simplify the blocking of cookies, or the IAB Transparency & Consent Framework and how to enable it.
Good to know: Ucraft-specific considerations
Keep these points in mind when using Privacy Controls and Cookie Solution on Ucraft:
- Paid plan required. Custom code injection requires a Ucraft Pro Website plan or higher. On the free plan, you cannot add custom code to the head of your site.
- Custom domain required. Injected code only goes live after you connect a custom domain to your Ucraft website.
- Google Tag Manager. Ucraft offers a native GTM app through its App Store, which you can use as an alternative to manual code injection for managing third-party scripts.