The iubenda PrestaShop module helps you set up cookie consent, prior blocking, and privacy compliance on your PrestaShop store. It handles banner display, script blocking, consent logging, and supports Google Consent Mode v2, the IAB Transparency and Consent Framework (TCF), and regulations including the GDPR, US state privacy laws, LGPD, and FADP.
Compatibility
- The module supports PrestaShop 1.7.x, 8.x, and 9.x
- You need to have overrides enabled (enabled by default)
- For PrestaShop 1.6 (end of life since June 2019), see the legacy instructions below
Functionality
- Automatically adds the iubenda Privacy Controls and Cookie Solution code to every page of your site (in the
<head>tag) - Displays the cookie banner, links to your cookie policy, and logs user consent preferences
- Supports automatic blocking of scripts before consent (recommended method)
- Supports per-purpose (per-category) consent for granular control over script blocking
- Works with Google Consent Mode v2 (activates automatically when automatic blocking is enabled)
- Compatible with the IAB Transparency and Consent Framework (TCF) 2.3
- Supports compliance with GDPR, US state privacy laws, LGPD, and FADP through your iubenda dashboard configuration
- Simplifies management for multilingual PrestaShop sites
- AdRoll
- AddThis widgets
- Bing
- CodePen
- Criteo
- Disqus
- Elevio
- Facebook Comments
- Facebook widgets
- Freshchat
- Google AdSense
- Google Analytics
- Google Maps
- Google ReCaptcha
- Google Site Search
- Google Tag Manager
- Google oAuth
- Headway
- Instagram widgets
- Kissmetrics
- LinkedIn widgets
- Mixpanel
- Neodata
- Olark
- Optimizely
- Outbrain
- PayPal widgets
- Pingdom
- Pinterest widgets
- Segment
- ShareThis widgets
- Twitter widgets
- UserVoice
- Vimeo
- YouTube
Note: When you enable automatic blocking, the iubenda scanner identifies and blocks additional scripts beyond this list based on the services detected on your site.
Instructions
Installation and activation
- Log in and open the admin section to get to your main PrestaShop dashboard;
- Click on Modules > Modules & Services in the sidebar menu;
- Click on Upload a module in the header section;
- To install the module upload the zip file (click here to download) – you must point to the module’s zip archive, and not its folder or any of its unpacked files.
If the installation is successful, you’ll get this message:
The module will then appear in your list of modules under “Modules & Services”.
Now it’s time to go configure the settings of the module.
How to add the cookie banner/consent banner and modify settings
Now that the module is ready, we need to feed it the necessary information from your iubenda account.
- If you haven’t clicked on the Configure button inside the “Module installed!” pop-up message, navigate to the Modules & Services page and find the iubenda module:
- Click on Configure to go to the module configuration settings.
- Add the code from your iubenda account to the extension (this is what the embedding code looks like in your iubenda dashboard): (If you haven’t already generated your cookie banner/consent banner and code, you can do so here or for in-depth information, you can read the introduction to the iubenda Privacy Controls and Cookie Solution guide.)
- Paste that code into the plugin form and save: (Being PHP native, we recommend the primary, faster option for the parsing engine. If you’re experiencing some issues, try with the alternative based on a custom HTML DOM class)
(If you haven’t already generated your cookie banner/consent banner and code, you can do so 
(Being PHP native, we recommend the primary, faster option for the parsing engine. If you’re experiencing some issues, try with the alternative based on a custom HTML DOM class)Use
Once configured, the plugin will begin to show the banner on which your cookie policy will be shown/linked to users that visit your site for the first time without the need for any other further configurations. The plugin will also recognize and automatically detect and block the cookies indicated in the above block-list, that are present on your site.
Important
Our PrestaShop extension automatically blocks scripts that are generated on the server side (therefore returned by PHP by PrestaShop). Scripts that are inserted into the page via JavaScript after the loading process of that page are not and cannot be blocked automatically.
These scripts can be blocked by entering the source into the Custom Script boxes in the plugin console or by using the manual wrapping method illustrated in the example below and (in more detail) in this help post
Set up automatic blocking (recommended)
Automatic blocking is the easiest way to block scripts before consent. The iubenda scanner crawls your site, identifies cookies and tracking scripts, and blocks them automatically until the user provides consent.
To enable automatic blocking:
- Go to your iubenda dashboard and select your website.
- Open the Privacy Controls and Cookie Solution settings.
- Go to the Block scripts prior to consent tab.
- Make sure Automatic blocking is enabled.
- Configure which scripts to block: you can block scripts detected by the site scanner, scripts related to services listed in your Privacy and Cookie Policy, or add custom domains.
- Save your settings. The blocking takes effect immediately on your PrestaShop store.
When automatic blocking is enabled, Google Consent Mode v2 activates automatically for Google services. No additional configuration is needed.
For more details, see our dedicated guide on automatic blocking. If automatic blocking doesn’t cover a specific script on your site, you can use the custom scripts field or manual tagging methods described below.
Blocking custom scripts from within the console
The Custom Scripts field makes it easy for you to block scripts inserted into the page directly from within the plugin console. This greatly reduces the need for direct edits to the site’s code.
Here’s how to do it:
- On the left menu in your admin panel, go to the Improve section and click Extensions > Plugins.
- Next, search “iubenda”, and when the plugin appears, click on the Configure button.
- Scroll down to find the Custom scripts and Custom iframes fields at the bottom of the page.
- Enter your script or iframe sources as needed, and click the Save button at the bottom-right of the page.
Usage Examples
Using these fields are pretty straightforward. Simply enter the script or iframe src attribute you’d like to block.
Script
If you wanted to block a social button (which inserts scripts into the page via JavaScript), you’d simply need to enter the script source, e.g. connect.socialwebsite.net/en_US/track.js into the scripts field.
iframe
Let’s say you wanted to block scripts inserted into the page via the following iframe
<iframe width="1280" height="720" src="https://www.videowebsite.com/embed/xxFhMChxx" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> What you’ll need to enter into the iframe field would be videowebsite.com/embed/ as this is the actual source of the scripts. Be careful NOT to enter the component id (videowebsite.com/embed/xxFhMChxx) to ensure that all scripts coming from the actual source are blocked.
Manual Use (wrapping method)
This method requires you to directly modify your site’s code. You’ll need to go into the relevant section of your site’s code and add the scripts to be blocked as explained below.
Here’s an example of how to make the plugin manually work for a social button (which inserts scripts into the page via JavaScript).
<!--IUB-COOKIE-BLOCK-START-->
<script>
(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s);
js.id = id;
js.src = "//connect.socialwebsite.net/en_US/sdk.js#xfbml=1&version=v2.3&appId=808061959224601";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'socialwebsite-jssdk'));
</script>
<!--IUB-COOKIE-BLOCK-END-->If there are HTML / IMG / IFRAME elements, you will need to do it this way:
<!--IUB-COOKIE-BLOCK-START-->
<iframe src="...
<img src="...
<!--IUB-COOKIE-BLOCK-END-->If you’ve enabled the per-category consent feature you’ll need to assign the purpose. Resuming the social button example, being part of the “Experience” purpose (id 3):
<!--IUB-COOKIE-BLOCK-START-PURPOSE-3-->
<script>
...
</script>
<!--IUB-COOKIE-BLOCK-END-PURPOSE-3-->To stop automatic parsing/replacing the iframe/scripts that contain a defined src:
<!--IUB-COOKIE-BLOCK-SKIP-START-->
<script type="text/javascript">...</script>
<!--IUB-COOKIE-BLOCK-SKIP-END-->Further information
For API calls and xmlrpc we suggest the parameter ?iub_no_parse=1.
Troubleshooting
PrestaShop “Forbidden” error
Caution
Always remember to back up your website before attempting any fix.
In some rare cases, the system may return a “forbidden” error when you enter the Privacy Controls and Cookie Solution script, or any other script, into the Privacy Controls and Cookie Solution module and click “Save”.
This is likely related to a ModSecurity property of Apache activated in the PrestaShop backend. To solve the issue, you’ll need to disable the mod_security module. You can do this using the following procedure:
Click on Shop Parameters -> Click on Traffic&Seo -> Find the “Disable Apache ModSecurity Module” and set to “Yes”.
If for some reason the procedure doesn’t work, it may be necessary to contact your web hosting provider regarding your particular site restrictions.
Changelog and current version
1.3.1
Enhanced script insertion to follow _iub.csConfiguration based on autoblocking statusRemoved async from the autoblocking script
1.3.0
Introduced iubenda automatic blocking feature
1.2.0
Support the Prestashop latest version 8
Update the core iubenda classes to the latest version
1.1.18
Fix SSRF security vulnerability
Remove googletagmanager.com/gtm.js from basic interaction
1.1.17
Integrate with PageCache ultimate
1.1.16
Fix: Avoid overriding the purposes attribute if it was set
1.1.15
Fix: Purpose evaluation for iframes blocking
Fix: Block the custom scripts while parsing
1.1.14
Fix: Follow code standard to avoid conflict on overriding
Fix: Add per-purpose on inline script tags
Tweak: Add GA to per-purpose blocking support
1.1.13
Fix: Move FB connect to experience enhancement
1.1.12
Tweak: Add Google GPT to per-purpose blocking support
Fix: admin.js ready method deprecation
1.1.11
Fix: limit url sanitize to http protocols
Fix: AddThis per-purpose category
1.1.10
New: Per-purpose script blocking support
New: “Reject” button support
1.0.9
Tweak: Simple HTML Dom PHP class update to 1.9
Tweak: Code handled with official code validator
1.0.8
New: Introducing a way to skip specific script parsing
Fix: Improved handling of iubenda script HTML
Tweak: Support links update
1.0.7
Tweak: Adjust the iubenda PHP class handling
Tweak: Update iubenda logo
1.0.6
New: Option to block custom scripts and iframes
Tweak: Update and extend the list of blocked scripts including Google Site Search, Google oAuth, LinkedIn widgets, PayPal widgets, Freshchat, UserVoice, AdRoll, Olark, Segment, Kissmetrics, Mixpanel, Pingdom, Bing and Elevio
1.0.5
Tweak: Update and extend the list of blocked scripts including Pinterest, AddThis, Disqus, Optimizely, Neodata, Criteo, Outbrain, Headway and CodePen
Tweak: Interface improvements
1.0.4
Fix: Invalid iubenda parser implementation
1.0.3
Tweak: Update and unify iubenda parsing engine
1.0.2
Fix: Eage output empty if script blocking disabled
1.0.1
Tweak: iubenda faster class regex update
1.0
Initial release
Caution
After installation, make sure to set up prior blocking, as this is legally required under EU law. We recommend using automatic blocking (the easiest method). For other options, see our complete guide to prior blocking.
Privacy Controls and Cookie Solution on PrestaShop 1.6.x
Deprecation notice
PrestaShop 1.6 reached end of life in June 2019 and no longer receives security updates. We strongly recommend upgrading to PrestaShop 8.x or 9.x for the best compatibility and security.
If you’re unable to upgrade to version 1.7.x (which is compatible with our module), you will need to integrate the code manually. To do this either:
- integrate the code into the
<head>tag of your website (as the first element), please see Manual embedding below for instructions on how to do this or; - use a module that allows you to add our Privacy Controls and Cookie Solution script in the
<head>tag of your website (as the first element), for this please see Embedding via a Prestashop module below.
Manual embedding
In this case, you will most likely need to edit the header.tpl file of your Prestashop theme and add the Privacy Controls and Cookie Solution script.
We do not have a dedicated guide for this, but you can find some helpful articles online, such as this one, on how to modify a PrestaShop template.
The Privacy Controls and Cookie Solution code should be placed between “literal” tags as shown below:
{literal}Cookie Solution Script{/literal}
Embedding via a Prestashop module
If you don’t want to put your hands on the code, you can also use a simple Prestashop module that allows you to add our Privacy Controls and Cookie Solution script in the <head> tag of the page, such as this module here.
Remember that, in addition to displaying a cookie banner, you must also block cookies before consent. Need help with prior blocking? Check out our guide on manual tagging.
See also
- How to use iubenda privacy and cookie policy on a PrestaShop website
- Introduction to the iubenda Privacy Controls and Cookie Solution
- Automatic blocking (auto-blocking)
- Prior blocking of cookie scripts
- Google Consent Mode v2
- IAB Transparency and Consent Framework (TCF)
- Privacy Controls and Cookie Solution advanced configuration guide