Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Simple GDPR Lockdown

You don't need to block EU visitors over GDPR. Just lockdown your site.

This is a simple GDPR implementation to lockdown your site, so that while core services that you control can be used, you can quickly eliminate everything else. No stripping vendors from template, no hunting down embedded items in your CMS.

This can be extended to work with a consent solution but that is not covered here.

It relies on location information passed client-side via cookie that tells it whether GDPR applies or not.

Too good to be true? Yes, you're right. There is a catch.

The Catch a.k.a. The Pre-Requisite

This code works by expecting a cookie that indicates whether the visitor is in the EU or not. There are a few ways this can be done, for many you can do this easily enough at the CDN level with Fastly or Akamai. You could also do a server side call before rendering the page but that gets tricky. That part is up to you to figure out.

Quick Start

cd ~/simple-gdpr-lockdown
php -S localhost:4510

Open browser and go to:



The Content-Security-Policies are well documented here:

These should be updated as per your site. In addition, you may want to re-work the cookie logic to read whatever format you use to represent your geolocation info.

In short, to get this going in 10 minutes (after you've figured out setting the cookie)

  • Update the CSPs in main.js.
  • Update the path to the browser.html page in main.js.
  • Update, if necessary, how to read your cookie.
  • Add a SCRIPT with the path to main.js into the HEAD on all your web pages.
<script src="main.js"></script>



You don't need to block EU visitors over GDPR. Just lockdown your site.




No releases published


No packages published