Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

GDPR Compliance for video embeds

edited June 2018 in Fresco

Hi Nick,
I am using your beautiful Fresco lightbox for a number of projects and I am very happy with it.
Only now, with GDPR coming into effect, I am receiving some questions from customers about the usage of third-party embeds.

Do you have any thoughts on how to implement a two-click solution to inform users about the data that is being collected (by loading the video embed) and privacy policies before a connection to Youtube or Vimeo is made?

I understand that this could be easily done through the trigger element before it is clicked and Fresco opens its lightbox, since Fresco does not establish a connection to these services before it is opened, right?
However, sometimes the trigger elements are too small or too integrated in the design to include this information. Also, it seems that I can't have a link (for example to Google's/Youtube's privacy policy) in the Fresco trigger element, because usually the trigger element is a link as well. So I'm asking if you have any thoughts on how to include this information in the Fresco lightbox before the video iframe is being loaded into the lightbox? Or do you have a different approach to this issue/topic?

I am also interested in the possibility to load Youtube videos over the domain. Do you have a workaround for this?

Thank you,


  • To block the connection to youtube/vimeo you'd have to insert something like a confirm window, the example below shows a basic way to do that.

    You can probably make a fancier confirm dialog with links using something like

    I'll look into implementing the youtube-nocookie domain.

    (function() {
        function getGdpr(party) {
            var value = window.localStorage.getItem('fresco-gdpr-' + party);
            return value ? JSON.parse(value) : value;
        function setGdpr(party, value) {
            window.localStorage.setItem('fresco-gdpr-' + party, JSON.stringify(value));
        var GdprMessages = {
            'youtube': "Message for Youtube",
            'vimeo': "Message for Vimeo"
        function handleGdpr(event, party) {
            var stored = getGdpr(party);
            // only show a dialog if it wasn't accepted before
            if (!stored) {
                var accepted = window.confirm(GdprMessages[party]);
                if (accepted) {
                    // set party as accepted
                    setGdpr(party, true);
                else {
                    // not accepted, don't show Fresco
        $(function() {
            $('body').on('click', '.fresco[href*=""], .fresco[href*=""]', function(event) {
                handleGdpr(event, 'youtube');
            $('body').on('click', '.fresco[href*=""]', function(event) {
                handleGdpr(event, 'vimeo');
  • Thank you very much for the quick reply. I'll play around with that (:
    I'd appreciate the possibility to use the nocookie domain. Thanks!

Sign In or Register to comment.