Book a demo
Start for free

Privacy Controls and Cookie Solution – Squarespace Integration Guide

If you operate in the EU (or have EU visitors) and use cookies on your Squarespace site, privacy regulations like the GDPR and the ePrivacy Directive require you to:

  1. Provide a cookie policy (you can add a cookie section to your privacy policy, learn more about creating a Privacy and Cookie Policy for Squarespace)
  2. Display a cookie banner at the user’s first visit
  3. Block non-exempt cookies before obtaining user consent
  4. Release cookies only after informed consent has been provided

iubenda’s Privacy Controls and Cookie Solution handles all of this: it displays a fully customizable cookie banner, collects consent, implements prior blocking, and supports compliance with multiple privacy frameworks.

To install the Privacy Controls and Cookie Solution, you need to add custom code to the <head> of your Squarespace site. This requires a Business or Commerce plan. Code Injection is not available on Personal plans. More info on Squarespace’s Code Injection documentation.

What the solution supports

When you embed the Privacy Controls and Cookie Solution on your Squarespace site, you get access to the full iubenda cookie management platform:

How to add the iubenda cookie banner on your Squarespace website

First, head over to your iubenda dashboard and click on [Your website] > Privacy Controls and Cookie Solution > Embed.

How to add the Privacy Controls and Cookie Solution to Squarespace

Here you can customize your banner and then click Copy to copy your Privacy Controls and Cookie Solution snippet.

How to add the Privacy Controls and Cookie Solution to Squarespace

Next, go to your Squarespace dashboard and navigate to Settings > Advanced > Code Injection.

Squarespace Code Injection settings

Paste your Privacy Controls and Cookie Solution code snippet in the Header section and click Save.

Note

The Privacy Controls and Cookie Solution requires a linked cookie policy. If you have the cookie policy feature activated on your iubenda account, the solution automatically integrates it. If you already have your own cookie policy, you can add the link in the advanced view of the configurator under Cookie Policy > Cookie Policy URL. More info in the advanced configuration guide.

Few categories of cookies are exempt from the consent requirement. Therefore, you need to block scripts from running until you get valid user consent.

Simplify your cookie-blocking process with auto-blocking

There’s a simpler option available for the prior blocking of cookies and trackers. Our auto-blocking feature automates the process, saving you time and effort.

If you prefer to manually tag your scripts, follow the step-by-step instructions below, or explore other methods in our general introduction to the prior blocking of cookies.

How to implement prior blocking via manual tagging on your Squarespace site

Manual tagging is the method of prior blocking we use for the tutorial below. You can view other methods here.

To set up prior blocking, you need to make some minor changes to your site’s scripts:

  1. Identify the script/iframe for any additional services running on your website (e.g., a social media follow button)
  2. Add some simple text to the HTML code (we show you how below)
  3. Save

In this tutorial, we are going to block a social media follow button.

Not sure which services you need to block? If you’re using a Cookie Policy generated by iubenda, the services listed in your Cookie Policy are most likely the ones you need to modify.

In your Squarespace dashboard, click Website and then click Edit.

Squarespace dashboard - Website section
Squarespace dashboard - Edit Site button

Then, find the script you need to modify (search for the service you want to block) and click on the Edit icon to open the code editor.

Squarespace code editor - script identification
Now, we’re going to change the script. To do this, make 3 simple changes:
  • Add the class _iub_cs_activate to the script tags, and change the “type” attribute from text/javascript to text/plain
  • Replace the src with data-suppressedsrc or suppressedsrc
  • Specify the categories of the scripts/iframes with a comma-separated data-iub-purposes attribute, e.g. data-iub-purposes="2" or data-iub-purposes="2, 3"

More about categories and purposes

Purposes are your legal reasons for processing the particular type of user data. Different scripts on your site will fall into different categories and serve different purposes. Purposes are grouped into 5 categories, each with an id (1, 2, 3, 4, and 5):

  • Necessary (id: 1)
  • Basic interactions & functionalities (id: 2)
  • Experience enhancement (id: 3)
  • Measurement (id: 4)
  • Marketing (id: 5)

For more detailed info on categories and purposes, see our guide here.

Here is an example using a social media follow button:

We need to 1. Add the class and change the “type” attribute, 2. replace the src and 3. specify the categories.

The code structure should look like this:

Manual tagging code example
<p>Follow button:</p>

        <!-- please note type="text/plain" class="_iub_cs_activate" data-suppressedsrc="..." (manual tagging) and data-iub-purposes="3" (per-category consent) -->
<a href="https://twitter.com/iubenda" class="twitter-follow-button" data-show-count="false">Follow @iubenda</a>
  <script async type="text/plain" class="_iub_cs_activate" data-suppressedsrc="https://platform.twitter.com/widgets.js" data-iub-purposes="3" charset="utf-8"></script>

Now that you’ve made your changes, hit save, and you’re done.

Not sure if you’ve set up correctly? Check out the live example and FAQs below.

Live example

This is an example that shows everything we have described above. You can use this CodePen as a guide to see what happens before and after blocking scripts via manual tagging.

(see the example)

Both scripts are blocked through manual tagging. Since both widgets are part of the Experience purpose (id 3), we’ve added data-iub-purposes="3" to their scripts so that the Privacy Controls and Cookie Solution can properly identify them for release.

Click on the Accept button, or activate the “Experience” toggle, to release these scripts (refresh the page to return to the starting point).

How can I tell if I’ve set prior blocking up properly?

As you can see in the CodePen example, the scripts do not load if you do not consent. (You can test this again by opening the example in incognito mode in your browser.)

After you have saved, open your site in incognito mode and check if the scripts you blocked via manual tagging stay blocked until you consent.

For other blocking options, see Google Consent Mode as an alternative to prior blocking, Google Tag Manager to simplify the blocking of cookies, or the IAB Transparency & Consent Framework and how to enable it.

Good to know: Squarespace-specific considerations

Keep these points in mind when using Privacy Controls and Cookie Solution on Squarespace:

  • Business or Commerce plan required. Code Injection is a premium Squarespace feature available only on Business and Commerce plans. On the Personal plan, you cannot add custom code to the head of your site.
  • Squarespace’s built-in cookie banner. Squarespace offers its own cookie banner, but it does not provide prior blocking, per-category consent, or integration with frameworks like TCF or Google Consent Mode. For full compliance, use iubenda’s Privacy Controls and Cookie Solution and disable Squarespace’s native banner to avoid conflicts.
  • Code must be first in the head. For auto-blocking to work correctly, the iubenda snippet should be placed as the first element in the Header section of Code Injection. Test your setup after installation.

Manage cookie consent for your Squarespace website

Generate a cookie banner

See also

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.