I am working to implement the new cookie policy compliance as per data protection rules for all companies operating in the EU according to which user has to be able to refuse/accept all but required cookies when he is using any website. In my client's website I can see the following third party cookies are getting stored.

• _ga - my-site
• _gid - my-site
• __ncuid - .doubleclick.net
• DSID - .doubleclick.net
• IDE - .doubleclick.net
• 1P_JAR - .google.be
• NID - .google.be
• CONSENT -.google.be
• NID - .google.com
• AID - .google.com
• CONSENT - .google.com
• 1P_JAR - .google.com
• DV - www.google.be
• OTZ - www.google.com
• locale - my-site
• anonymousUserId - my-site
• SESSID - my-site
• JSESSIONID - my-site
• TS01c70fa1 - my-site

In the above mentioned list few cookies are Google Analytics cookies intiated by Google tag manager. I have handled them. But all the cookies with domain 'Google' and '.doubleclick.net' I have no control over them? And I am not able to understand how are they getting stored.

Instead of blocking cookies that are being/were set, it's easier to not load i.e. the GTM script until after the user has consented to the cookie policy.

It seems to me that most posters here misunderstood the question that was initially asked. The initial poster does not have any issues with _ga or _gid which are technically first-party cookies and are easy to block. In fact, he even mentions he has 'handled them.' The following answers are therefore not particularly helpful.

Instead, it appears that the initial poster is experiencing issues with cookies like 1P_JAR and AID which are true third-party cookies. These cookies are placed on your browser whenever you log into your Google Account and are, when combined with other cookies, effectively tracking your activity across thousands of websites.

From what I can determine - these third-party cookies are set through most implementations of Google Analytics. If you use a handy extension such as Sybu JavaScript Blocker, you can narrow down which scripts are causing your client issues. In the case of Google Analytics, you can modify your implementation in order to prevent these third-party cookies from appearing.

To block third-party cookies, find a JavaScript code that is setting third-party cookies and:

1. change type attribute from text/javascript to text/plain (if type attribute missing, just add it)
2. add data-cookiescript attribute and set it to accepted

All JavaScript with such attribute changes will only execute if user agreed with Cookie Policy.

Go here for details: https://cookie-script.com/how-to-block-third-party-cookies.html

Hope this helps !!

To disable _ga and _gid cookies do add the following code on your headers.php:

<script>
    if(document.cookie.split('; ').findIndex(x => x.split('=')[0] == 'cookiename') >= 0) 
    {
        // some code
    } else {
        window["ga-disable-UA-7358061-1"] = true;
        window["gid-disable-UA-7358061-1"] = true;
    }
</script>

A little bit old but I think you deserve a answer that works:

Step 1: Like thomaux already wrote: Don't load/execute the script. You can provide the code with the trick from vizsatiz without executing but add an id to the html element like GA_SCRIPT.

Step 2: Show the cookie banner.

Step 3: After the user accepted, load the code from the html element with document.getElementById("GA_Script").innerText and execute with eval.

Worked for me.

Alternatively you could write the GA script code into your code and execute it as a callback.