Setting up Cookie Notifications on 1C-Bitrix
A cookie notification with "Accept" button is not a decorative element. Under GDPR and other regulatory requirements, analytics and marketing cookies cannot be set before obtaining explicit user consent. The banner must control actual script loading, not just inform.
What Bitrix provides out of the box
In Bitrix starting from kernel version 21.x, a component bitrix:main.privacy appeared. It displays a cookie consent banner and manages consents through \Bitrix\Main\UserConsent. The component is placed in the site template — usually in footer.php:
<?php $APPLICATION->IncludeComponent('bitrix:main.privacy', '.default', []); ?>
The component sets cookie BITRIX_SM_GDPR on acceptance. But out of the box, it only records consent — it doesn't manage loading of third-party scripts. This needs to be implemented separately.
Managing script loading through consent
Proper implementation: third-party scripts (Google Analytics, Yandex Metrica, pixels) are not loaded until cookies are accepted. Work scheme:
- When the page loads, check for
BITRIX_SM_GDPRcookie presence (or custom flag) - If no cookie — show banner, don't load third-party scripts
- After clicking "Accept" — set cookie, load scripts, hide banner
function loadAnalytics() {
// Google Tag Manager
(function(w,d,s,l,i){...})(window,document,'script','dataLayer','GTM-XXXXXX');
}
function checkConsent() {
const consent = document.cookie.split(';').find(c => c.trim().startsWith('BITRIX_SM_GDPR='));
if (consent && consent.includes('Y')) {
loadAnalytics();
}
}
checkConsent();
document.getElementById('cookie-accept').addEventListener('click', function() {
document.cookie = 'BITRIX_SM_GDPR=Y; path=/; max-age=' + (365 * 24 * 60 * 60);
loadAnalytics();
document.getElementById('cookie-banner').style.display = 'none';
});
Cookie categories and granular consent
Advanced implementation divides cookies into categories: necessary, analytics, marketing, functional. Necessary are always on, for others — separate toggles.
In Bitrix, granular management is implemented through multiple localStorage flags or separate cookies:
const consentCategories = {
necessary: true, // always true
analytics: localStorage.getItem('consent_analytics') === 'true',
marketing: localStorage.getItem('consent_marketing') === 'true'
};
When user changes settings — save to localStorage and reload page to apply changes (or dynamically load/unload scripts, but that's more complex).
Integration with Google Tag Manager
If using GTM, it's convenient to handle consent management there through Consent Mode v2. You set up triggers based on consent variables in GTM. With this, Google Analytics in Consent Mode continues collecting aggregated data even without consent (without PII), which improves modeling accuracy.
In Bitrix this doesn't require PHP code changes — only GTM setup and JavaScript initialization gtag('consent', 'default', {...}) before loading GTM container.
Storing consent state
Consent storage period — no more than 12 months under GDPR. After expiration, need to request consent again. Implemented by checking max-age of cookie or timestamp in localStorage:
const consentTime = localStorage.getItem('consent_timestamp');
const YEAR_MS = 365 * 24 * 60 * 60 * 1000;
if (!consentTime || Date.now() - parseInt(consentTime) > YEAR_MS) {
showCookieBanner();
}
Don't confuse: cookie with consent flag and actual analytics cookies — different things. First is technical means of recording consent, second is what user is consenting to.