Overview
Cookie Smart is a managed cookie consent and script blocking add-on for contractor websites, landing pages, and hosted Launch365 sites. It helps show a consent banner, collect visitor choices, apply Google Consent Mode v2, and delay non-essential scripts until the visitor gives consent.
Cookie Smart does not require a WordPress plugin. It is installed with a hosted JavaScript snippet, a tag manager placement, or managed site injection.
What Cookie Smart Does
- Shows a cookie consent banner with Accept, Reject, and Preferences controls.
- Stores visitor consent choices.
- Provides a preference center so visitors can change choices later.
- Sends consent decisions to Launch365 consent logs when logging is enabled.
- Supports Google Consent Mode v2 defaults and updates.
- Blocks or delays configured analytics, marketing, functional scripts, and embedded widgets until consent.
- Supports Global Privacy Control when enabled.
Before You Start
You need:
- Cookie Smart add-on activated for the company.
- The website domain, such as
example.com. - Privacy Policy label and link.
- Cookie Policy label and link, if available.
- Any additional banner links, such as do-not-sell pages.
- A list of scripts that should wait for consent, such as:
- Google Tag Manager
- Google Analytics 4
- Google Ads
- Meta Pixel
- Microsoft Clarity
- chat widgets
- session recording tools
- optional embeds
Activate Cookie Smart
- In Launch365, go to
/company/addons/cookie-smart. - Find the
Cookie Smart Add-onsbox. - Enable the Cookie Smart add-on.
- Click
Update add-ons.
This controls billing and entitlement access.
Configure Cookie Smart
- Go to
/company/cookie-smart. - Turn on
Enable Cookie Smart. - Enter the website domain.
- Choose the regional consent behavior.
- Choose the banner position. Card positions render as compact notices pinned to the lower left or lower right of the page.
- Set banner title, message, button labels, and brand color.
- Add the Privacy Policy and Cookie Policy labels and links.
- Add any additional outbound links that should appear in the consent notice.
- Confirm these consent controls:
- Google Consent Mode v2
- Consent logging
- Preference center
- Respect Global Privacy Control
- Review or add script and widget blocking rules.
- Click
Save Cookie Smart Settings. - Use
Scan Websiteto detect third-party scripts, iframe embeds, widgets, and inline script URLs. Add selected results as blocking rules.
The add-on activation controls whether the account can use Cookie Smart. The Enable Cookie Smart switch controls whether Cookie Smart is active for that specific domain.
Install the Runtime Script
Place the Cookie Smart runtime as the first script in the page <head>. Do not add async or defer.
<script src="https://go.launchsms.com/cookie-smart.js?site=COOKIE_SMART_SITE_UUID" data-cookie-smart-site="COOKIE_SMART_SITE_UUID"></script>
Replace COOKIE_SMART_SITE_UUID with the public install key shown in /company/cookie-smart after saving the site. This key is unique to the Cookie Smart site configuration. It is not a secret API key because it is visible in the browser.
Important Script Order Rule
Cookie Smart must load before non-essential trackers.
Load Cookie Smart before:
- Google Tag Manager
- Google Analytics 4
- Google Ads
- Meta Pixel
- Microsoft Clarity
- chat widgets and scheduler embeds
- call tracking or DNI scripts that are not strictly necessary
- session recording tools
- remarketing tags
Cookie Smart can block scripts and embedded widgets before they run. It cannot undo a tracker that already loaded before Cookie Smart, and it cannot remove cookies already stored from earlier visits.
For strict pre-consent blocking, install direct third-party script tags as Cookie Smart placeholders in the site source. Client-side auto-blocking can catch many dynamic scripts, but browser parser requests can start before a consent runtime is able to rewrite a hardcoded <script src="...">.
Add a Preference Link
Add this link in the footer, privacy page, or cookie policy page so visitors can change their choices later:
<a href="#" data-cookie-smart-preferences>Cookie preferences</a>
Add a Privacy Choices Link
For a California-style privacy choices link, copy the Privacy choices link snippet from /company/cookie-smart and place it anywhere on the site:
<a href="#" data-cookie-smart-privacy-choices alt="Privacy Choices" aria-label="Privacy Choices">Your Privacy Choices</a>
Cookie Smart will render the label with a compact blue check/X badge. When visitors click it, Cookie Smart opens the preferences modal so they can reject all, accept all, or save category-level choices.
Converting Existing Tags
Do not only add data-cookie-smart-category to an existing script. The category tells Cookie Smart which consent choice controls the tag, but type="text/plain" is what prevents the browser from running an inline script before consent.
For inline scripts, add both type="text/plain" and data-cookie-smart-category.
Before:
<script>
gtag('config', 'G-XXXXXXX');
</script>
After:
<script type="text/plain" data-cookie-smart-category="analytics">
gtag('config', 'G-XXXXXXX');
</script>
For external scripts, remove the real src, move it to data-cookie-smart-src, and add type="text/plain" plus the category.
Before:
<script src="https://example.com/widget.js"></script>
After:
<script
type="text/plain"
data-cookie-smart-category="functional"
data-cookie-smart-src="https://example.com/widget.js">
</script>
For iframes, remove the real src, move it to data-cookie-smart-src, and add the category.
Before:
<iframe src="https://scheduler.example.com/embed" title="Scheduler"></iframe>
After:
<iframe
data-cookie-smart-category="functional"
data-cookie-smart-src="https://scheduler.example.com/embed"
title="Scheduler">
</iframe>
Blocking External Scripts
For the most reliable blocking, convert non-essential external scripts to placeholders.
Example for an analytics script:
<script
type="text/plain"
data-cookie-smart-category="analytics"
data-cookie-smart-src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXX">
</script>
Cookie Smart will load the script only after the visitor allows the matching category.
Blocking Embedded Widgets
For iframe-based schedulers, chat widgets, quote tools, and optional embeds, use data-cookie-smart-src instead of src.
<iframe
data-cookie-smart-category="functional"
data-cookie-smart-src="https://scheduler.example.com/embed"
title="Scheduler">
</iframe>
ScheduleEngine Widgets
Convert the ScheduleEngine widget script to a functional placeholder so it waits for consent.
Before:
<script defer
data-api-key="SCHEDULE_ENGINE_API_KEY"
id="se-widget-embed"
src="https://embed.scheduleengine.net/schedule-engine-v3.js">
</script>
After:
<script
nitro-exclude
defer
type="text/plain"
data-cookie-smart-category="functional"
data-cookie-smart-src="https://embed.scheduleengine.net/schedule-engine-v3.js"
data-api-key="SCHEDULE_ENGINE_API_KEY"
id="se-widget-embed">
</script>
If the site has a custom click handler for .se-widget-button, make it safe for the pre-consent state. The ScheduleEngine global may not exist until the visitor accepts functional cookies.
Replace this pattern:
<script>
(function () {
const scheduleButton = document.querySelectorAll('.se-widget-button');
scheduleButton.forEach(btn => {
btn.addEventListener('click', () => {
ScheduleEngine.showRepair({ roomKey: null })
});
});
})();
</script>
With this guarded version:
<script>
(function () {
function attach() {
document.querySelectorAll('.se-widget-button').forEach(function (btn) {
btn.addEventListener('click', function () {
if (window.ScheduleEngine && ScheduleEngine.showRepair) {
ScheduleEngine.showRepair({ roomKey: null });
}
});
});
}
if (document.readyState === 'loading') {
document.addEventListener('DOMContentLoaded', attach);
} else {
attach();
}
})();
</script>
Blocking Inline Scripts
Inline scripts that depend on consent should also be converted to placeholders.
<script type="text/plain" data-cookie-smart-category="analytics">
gtag('config', 'G-XXXXXXX');
</script>
Consent Categories
Use these categories when configuring script rules or placeholder scripts.
| Category | Use For | Consent Behavior |
|---|---|---|
necessary |
Required site functionality, security, core operations | Always allowed |
analytics |
GA4, GTM analytics, Microsoft Clarity, performance measurement | Waits for analytics consent |
marketing |
Meta Pixel, Google Ads, remarketing, conversion tags | Waits for marketing consent |
functional |
Chat widgets, embeds, personalization, optional UX tools | Waits for functional consent |
The preference center displays these categories as expandable panels. When script or widget blocking rules are assigned to a category, visitors can see the controlled resources for that category before saving their preferences.
Regional Rules
When Regional rules is selected, Cookie Smart chooses the runtime behavior from detected visitor location:
- GDPR regions, the UK, and Switzerland use strict opt-in. Optional analytics, marketing, and functional scripts are blocked until consent.
- Selected US restricted states use strict opt-in. California is selected by default for new Cookie Smart sites.
- Other US states and other non-GDPR regions use notice with opt-out. Optional scripts are allowed by default, and visitors can reject or change preferences.
- Unknown regions default to strict opt-in.
Cookie Smart detects region from common CDN/proxy headers such as Cloudflare, CloudFront, Vercel, App Engine, and Azure. If no geo header is available, it falls back to the browser Accept-Language country when present. US state-specific rules require a geo header that includes the visitor’s state or subdivision; country-only detection can identify US visitors but cannot distinguish California from another state.
Scanner
The scanner fetches the saved website homepage, reads external script tags, iframe/embed/object sources, and URL literals inside inline scripts. It ignores Cookie Smart and first-party assets, then compares third-party resources against active blocking rules.
Use the scanner after saving the Cookie Smart site:
- Click
Scan Website. - Review the uncovered script and widget sources.
- Adjust the suggested name, category, match type, or pattern if needed.
- Select the rows to add.
- Click
Add Selected Rules.
The scanner only sees resources present in the initial HTML response or URL literals inside inline scripts. Resources injected later by tag managers, plugins, or user interaction may require manual rules or a later scan after those resources are exposed in the page source.
Consent Logs
Consent logs are available at /company/cookie-smart/consent-logs. The page shows recent decisions with pagination and includes a CSV export for audit or compliance review.
New logs include the visitor IP address, IP hash, detected city, country, state or region, geo header source, visitor hash, user agent, consent decision, category choices, and timestamps. City and state/region are populated when the site or CDN forwards location headers such as Cloudflare, CloudFront, Vercel, App Engine, or similar proxy headers.
Common Installation Patterns
Direct Site Install
Add Cookie Smart first in the <head>, then convert non-essential scripts to placeholders.
<head>
<script src="https://go.launchsms.com/cookie-smart.js?site=COOKIE_SMART_SITE_UUID" data-cookie-smart-site="COOKIE_SMART_SITE_UUID"></script>
<script
type="text/plain"
data-cookie-smart-category="analytics"
data-cookie-smart-src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXX">
</script>
</head>
Tag Manager Install
Cookie Smart can be installed through a tag manager, but it must fire before other analytics, marketing, chat, or tracking tags.
Recommended setup:
- Create a Cookie Smart tag.
- Set it to fire on all pages as early as possible.
- Update other non-essential tags to wait for the correct consent category.
- Test in an incognito browser before publishing.
If GTM itself loads before Cookie Smart, GTM may run tags before Cookie Smart can block them. For strict blocking, place Cookie Smart directly in the page <head> before the GTM container.
Managed Hosted Site Install
For Launch365-managed hosted pages, install Cookie Smart through the managed site injection path and place it before tracking, chat, analytics, and marketing snippets.
Google Consent Mode v2
When Google Consent Mode v2 is enabled, Cookie Smart sets Google consent defaults to denied before consent is granted. After the visitor makes a choice, Cookie Smart updates Google consent state based on selected categories.
Analytics consent maps to:
analytics_storage
Marketing consent maps to:
ad_storagead_user_dataad_personalization
Functional consent maps to:
functionality_storagepersonalization_storage
Security storage remains granted.
Verify Installation
After installing Cookie Smart:
- Open the site in an incognito window.
- Confirm the banner appears.
- Before accepting, check that non-essential trackers have not fired.
- Click
Rejectand confirm analytics and marketing tags stay blocked. - Clear browser storage or use another incognito window.
- Click
Acceptand confirm allowed tags load. - Open the preference link and confirm choices can be changed.
- In Launch365, confirm consent logs are being recorded if logging is enabled.
Focused Widget Blocking Test
Use this test when validating ServiceTitan, Contractor Commerce, or NitroPack-related blocking on a live site.
- Open a brand-new Incognito window.
- Open DevTools before loading the site.
- Go to
Network. - Enable
Preserve log. - Enable
Disable cache. - Load the test URL:
https://www.hydesac.com/?cs_test=nitro_excluded_1
Before clicking Accept, filter the Network tab for these terms one at a time:
servicetitan
contractorcommerce
nitro-min-scheduler
nitrocdn
Expected before Accept:
nitro-min-schedulershould have no results.- ServiceTitan script or iframe requests should not load with
200. - Contractor Commerce requests should not load with
200. - Canceled or blocked attempts can appear, but successful widget scripts or documents should not.
Then run this in the Console before clicking Accept:
[...document.scripts].map((s, i) => ({
i,
src: s.src,
type: s.type,
blockedSrc: s.dataset.cookieSmartSrc,
category: s.dataset.cookieSmartCategory
})).filter(x =>
JSON.stringify(x).toLowerCase().includes('servicetitan') ||
JSON.stringify(x).toLowerCase().includes('contractorcommerce') ||
JSON.stringify(x).toLowerCase().includes('nitro')
)
Good result before Accept:
- Blocked scripts have
type: "text/plain". blockedSrccontains the original ServiceTitan or Contractor Commerce URL.
Then click Accept.
Expected after Accept:
- ServiceTitan scripts and iframes load.
- Contractor Commerce loads.
- Chat, scheduler, or commerce UI becomes available.
- Console shows accepted consent:
CookieSmart.consent()
If nitrocdn.com/...servicetitan... still appears before Accept, NitroPack did not fully exclude that resource or the cache was not fully cleared. Update the NitroPack exclusion and run a full cache purge before retesting.
Troubleshooting
The banner does not appear
- Confirm Cookie Smart is active for the company.
- Confirm
Enable Cookie Smartis turned on in/company/cookie-smart. - Confirm the
data-cookie-smart-sitevalue matches the public install key in/company/cookie-smart. - Confirm the runtime script is installed on the page.
- Confirm the runtime URL includes
?site=COOKIE_SMART_SITE_UUID. - Check browser console errors.
Tags are firing before consent
- Move the Cookie Smart runtime higher in the
<head>. - Confirm trackers are not hardcoded above Cookie Smart.
- Convert hardcoded third-party
<script src="...">and widget<iframe src="...">tags to Cookie Smart placeholders. - Convert non-essential scripts to
type="text/plain"placeholders. - If using GTM, confirm tags are not firing before Cookie Smart loads.
A script never loads after consent
- Confirm the placeholder has
data-cookie-smart-category. - Confirm the visitor allowed that category.
- Confirm external scripts use
data-cookie-smart-src, notsrc. - Confirm the category is one of
analytics,marketing,functional, ornecessary.
Consent logs are missing
- Confirm consent logging is enabled.
- Confirm the public consent endpoint is reachable.
- Confirm the domain in the request matches the configured Cookie Smart site.
- Check whether browser extensions are blocking the request.
Compliance Note
Cookie Smart is a technical consent management tool. It should be used with accurate privacy and cookie policies, regular script reviews, and legal guidance appropriate for the business and jurisdictions involved.