How to delete cookies from the browser

The French Data Protection Authority (CNIL) recommends that all non-essential cookies be deleted from the user's browser when they modify their choices and refuse the cookies that they had previously accepted. This guide will explain how to do this.

The method described here presents a way to delete the cookies that are associated to the main domain and subdomains of the page in question

⚠️ It is not technically possible to delete third-party cookies that have been dropped on the browser of a user who has previously accepted them.

The removal of cookies from the browser can be done thanks to a script that you can integrate in your website.

In order to set this configuration, follow these steps: 

Identify the essential cookies 

You have to identify the names of the necessary cookies that you want to keep on the user's browser. You will have to specify these cookies in the script in order not to delete them. The rest of the cookies, as well as the items stored in the localStorage, will be deleted by default. 

⚠️ Do not delete Didomi's cookies (didomi_token and euconsent-v2).

This would mean that the consent notice would be displayed again to recollect consent.


Insert the script to delete the cookies 

Then, you have to insert the script included below anywhere in your HTML.

This is not a universal recipe that can be applicable the same way in all cases. The script is a standard code that will potentially need to be adapted depending on the configuration and limitations of your particular case. 

The script works on all browsers. It is triggered when a user who had previously agreed to everything changes their choices to refuse everything. In this sense, when a user withdraws their consent, the page will be automatically reloaded and all the cookies that have not been specified in the script will be deleted from the browser.


This is the script you will need to add to your HTML: 

* The list of cookies to keep

(function() {

  var itemsToKeep = ["euconsent-v2", "didomi_token"];

  * Returns cookie value

  var getCookieValue = function (cookieName) {

   var cookie = document.cookie.split(";").filter(function (cookieValue) {
     return cookieValue.indexOf(cookieName) !== -1;

   if (cookie) {
    return cookie.split("=")[1];


  var deleteCookie = function (name, domain, path) {

   path = path || "/";

   var cookie = [
     name + "=",
     "expires=Thu, 01 Jan 1970 00:00:01 GMT",
     "path=" + path,

   if (domain) {
     cookie.push("domain=" + domain);

   document.cookie = cookie.join(";");


  * Check if all vendor and purposes are disabled

  var areAllVendorsAndPurposesDisabled = function () {

   var enabledEntities = [];
   var disabledEntities = [];
   var data = window.Didomi.getUserStatus();

   data.vendors.consent.enabled.forEach(function (entity) {

   data.purposes.consent.enabled.forEach(function (entity) {

   data.vendors.consent.disabled.forEach(function (entity) {

   data.purposes.consent.disabled.forEach(function (entity) {

    * We check that we don't have any enabled entities
    * and that disabled entities are present

   return enabledEntities.length === 0 && disabledEntities.length > 0;


  var consentEventsCount = 0;
  var existingConsentString = getCookieValue("euconsent-v2");

  window.didomiEventListeners = window.didomiEventListeners || [];
   event: "consent.changed",
   listener: function () {

      * We catch consent update event in 2 cases:
      * -> 1. When user gives consent and updates it without the page reload (via `consentEventsCount` value)
      * -> 2. When user gives consent and updates it after the page reload (via `existingConsentString` value)

     var consentUpdate =
       consentEventsCount > 0 ? true : !!existingConsentString;

     if (consentUpdate && areAllVendorsAndPurposesDisabled()) {

        * Consent has been given previously and this is a consent update

       var cookiesToDelete = document.cookie
         .map(function (cookie) {
          return cookie.split("=")[0].trim();

        .filter(function (cookieName) {
           return itemsToKeep.indexOf(cookieName) === -1;

       * Delete cookies

       cookiesToDelete.forEach(function (cookieToDelete) {

          Delete from every possible domain (based on the current page domain) :

        var domains = ('.#' +'.', '#.#')).split('#');

         while(domains.length) {
           var possibleDomain = domains.join('');
           deleteCookie(cookieToDelete, possibleDomain);
        deleteCookie(cookieToDelete, '');


      var localStorageItemsToDelete = Object.keys(window.localStorage).filter(
         function (localStorageItemName) {
           return itemsToKeep.indexOf(localStorageItemName) === -1;

       * Delete local storage items

       localStorageItemsToDelete.forEach(function (localStorageItemName) {

       // Reload the page