Is it possible to block cookies from being set using Javascript or PHP?

javascript block script
javascript block url
how to use cookies
how to read cookies
stop iframe setting cookies
disable javascript programmatically
how to block nid cookie
javascript get all cookies

A lot of you are probably aware of the new EU privacy law, but for those who are not, it basically means no site operated by a company resident in the EU can set cookies classed as 'non-essential to the operation of the website' on a visitors machine unless given express permission to do so.

So, the question becomes how to best deal with this?

Browsers obviously have the ability to block cookies from a specific website built in to them. My question is, is there a way of doing something similar using JS or PHP?

i.e. intercept any cookies that might be trying to be set (including 3rd party cookies like Analytics, or Facebook), and block them unless the user has given consent.

It's obviously possible to delete all cookies once they have been set, but although this amounts to the same thing as not allowing them to be set in the first place, I'm guessing that it's not good enough in this case because it doesn't adhere to the letter of the law.


I'm pretty interested in this answer too. I've accomplished what I need to accomplish in PHP, but the JavaScript component still eludes me.

Here's how I'm doing it in PHP:

$dirty = false;
foreach(headers_list() as $header) {
    if($dirty) continue; // I already know it needs to be cleaned
    if(preg_match('/Set-Cookie/',$header)) $dirty = true;
if($dirty) {
    $phpversion = explode('.',phpversion());
    if($phpversion[1] >= 3) {
        header_remove('Set-Cookie'); // php 5.3
    } else {
        header('Set-Cookie:'); // php 5.2

Then I have some additional code that turns this off when the user accepts cookies.

The problem is that there are third party plugins being used in my site that manipulate cookies via javascript and short of scanning through them to determine which ones access document.cookie - they can still set cookies.

It would be convenient if they all used the same framework, so I might be able to override a setCookie function - but they don't.

It would be nice if I could just delete or disable document.cookie so it becomes inaccessible...

EDIT: It is possible to prevent javascript access to get or set cookies.

document.__defineGetter__("cookie", function() { return '';} );
document.__defineSetter__("cookie", function() {} );

EDIT 2: For this to work in IE:

if(!document.__defineGetter__) {
    Object.defineProperty(document, 'cookie', {
        get: function(){return ''},
        set: function(){return true},
} else {
    document.__defineGetter__("cookie", function() { return '';} );
    document.__defineSetter__("cookie", function() {} );

How to block third-party cookies, Blocking third-party cookies set with JavaScript. To block third-party cookies, find a JavaScript code that is setting third-party cookies and: change type attribute  Most of the time, cookies are a good thing, but they can also track you. Take control of a tiny bit of your online privacy by blocking, deleting, and allowing only select cookies.

I adapted Michaels codes from here to come up with this.

Basically it uses the defineGetter and defineSetter methods to set all the cookies on the page and then remove the user specified ones, this role could of course also be reversed if this is what you are aiming for.

I have tested this with third party cookies such as Google Analytics and it appears to work well (excluding the __utmb cookie means I am no longer picked up in Google Analytics), maybe you could use this and adapt it to your specific needs.

I've included the part about if a cookies name is not __utmb for your reference, although you could easily take these values from an array and loop through these that way.

Basically this function will include all cookies except those specified in the part that states if( cookie_name.trim() != '__utmb' ) { all_cookies = all_cookies + cookies[i] + ";"; }

You could add to this using OR or AND filters or pull from an array, database, user input or whatever you like to exclude specific ones (useful for determining between essential and non-essential cookies).

function deleteSpecificCookies() {

var cookies = document.cookie.split(";");
var all_cookies = '';

    for (var i = 0; i < cookies.length; i++) {

        var cookie_name  = cookies[i].split("=")[0];
        var cookie_value = cookies[i].split("=")[1];

        if( cookie_name.trim() != '__utmb' ) { all_cookies = all_cookies + cookies[i] + ";"; }


if(!document.__defineGetter__) {

    Object.defineProperty(document, 'cookie', {
        get: function(){return all_cookies; },
        set: function(){return true},

} else {

    document.__defineGetter__("cookie", function() { return all_cookies; } );
    document.__defineSetter__("cookie", function() { return true; } );



Is it possible to block cookies that are set by externally hosted content?, You have no control over cookies that might be set by an external resource on a different domain. These (third party) cookies are set on the  if you only want to do something once per unique visitor, you can test if a cookie is set, and if not, set the cookie and perform the action. This being the poorman's version, it has a problem, where if a user is blocking cookies they will appear as a first time visitor each time.

You can not disable it completely but you can override the default setting with .htaccess


 SetEnv session.use_cookies='0';

If it is optional for some users don't use .htaccess

    ini_set('session.use_cookies', '0');

Blocking Cookies Prior to Consent with the PHP Class, Also, keep in mind that JavaScript is required to visualize the banner and cookie policy. This class allows you to scan a page in PHP and run the automatic  W3Schools, JavaScript Cookies Tutorial: learn how to fetch information from cookies with JavaScript and also how to set cookies using client-side scripting. W3Schools, PHP Cookies Tutorial : learn how to send cookies with PHP with an HTTP header and how to incorporate data from cookies into your code.

A little bit old but I think you deserve a answer that works:

Step 1: Don't execute the third party script code.

Step 2: Show the cookie banner.

Step 3: Wait until user accepts, now you can execute the third party script code..

Worked for me.

Browser Cookies: What Are They & Why Should You Care , First-party cookies are cookies created by the site you're currently In short, if you're going to use the web and allow your browser to accept cookies, you are being Block sites from setting any data: Select this option to completely Read​, Update and Delete a Cookie with PHP or JavaScript: a more  I am using IE8. I have it set to override automatic cookie handling, accept all 1st party cookies, accept third party cookies, and always allow session cookies. Despite this, I often get cookies blocked on sites. I get the little red circle with the line through it in the status area and when I click on this it shows that cookies have been blocked.

How about not paying attention to hoaxes?

Aside from the fact that this is old news, the text clearly says that it only applies to cookies that are not essential to the site's function. Meaning session cookies, a shopping basket, or anything that is directly related to making the site work is perfectly fine. Anything else (tracking, stats, etc.) are "not allowed" without permission.

Cookies - Manual, You can set cookies using the setcookie() or setrawcookie() function. Also you could prevent user from changing the value to prevent getting another user data. (if the client has support for javascript) by catching the form as it is sent, take the current Persistent Database Connections · Safe Mode · Command line usage  A cookie, also called Internet cookie or browser cookie, is a small slice of data that travels from a website you’re visiting to a location (usually a file) on your computer. The cookie runs tracking software that collects valuable information about you, including what you did the last time you were on the site and the things you looked up.

js-cookie/js-cookie: A simple, lightweight JavaScript API for , GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together. import Cookies from 'js-​cookie' Cookies.set('foo', 'bar') Note: It is not possible to read a particular cookie by passing one of the Assuming a cookie that is being created on :. JavaScript Cookies are a great way to save a user's preferences in his / her browser. This is useful for websites and users both, if not used to steal privacy. Also discussed what cookies can and cannot do?, setting cookies, create and delete cookies, cookies a real example

PHP setcookie() Function, With PHP, you can both create and retrieve cookie values. The name of the cookie is The default value is the current directory that the cookie is being set in​. The cookie will expire after 30 days (86400 * 30). The "/" means that the cookie is available in entire website (otherwise, select the directory you prefer). We then retrieve the value of the cookie "user" (using the global variable $_COOKIE). We also use the isset() function to find out if the cookie is set:

Navigator cookieEnabled Property, Well organized and easy to understand Web building tutorials with lots of examples of how to use HTML, CSS, JavaScript, SQL, PHP, Python, Bootstrap, Java  JavaScript access using Document.cookie. New cookies can be created via JavaScript using the Document.cookie property, and existing cookies can be accessed from JavaScript as well, if the HttpOnly flag is not set.