Pardot Tracking & Consent JavaScript API

by | Last Updated: Mar 29, 2023 | Pardot | MC Account Engagement

What you’ll learn

As the digital world becomes increasingly prevalent in our personal and professional lives, the need for transparent and cohesive privacy and security measures has never been greater. In its spring ’22 release Salesforce unveiled its new tracking and consent JavaScript API. Setting it up and getting it to look and feel exactly as you’d like is not always straightforward. In this blog post, we’ll highlight the features of the new script and what to look out for when setting it up. 

Managing cookie and tracking consent with Pardot

To help regulate the collection, processing and handling of personal information, countries and other governing bodies establish directives, laws and other measures to help safeguard users’ personal data. The most well-known law is GDPR—General Data Protection Regulation. In 2018, GDPR went into effect for all EU and EEA—European Economic Area countries. It is currently the toughest privacy and security law in the world (1). The law impacts any business that collects data on any resident of a GDPR country. This means it has a big effect on much of the world’s businesses. Under GDPR, visitors need to have the ability to agree, or not, to website tracking.

Other countries, such as the United States and Canada, also enacted laws to give more visibility to how personal data is used. Under these laws, users need the ability to opt-in to email communications. Ideally, they should confirm the opt in, thus preventing unauthorized use of their email address. Confirmed opt in, also called double opt in, is often achieved with an email asking the user to confirm their recent addition to your email list, such as a newsletter. This blog post by BrainStation does a nice job highlighting the similarities and differences.

Until last year, Account Engagement didn’t address GDPR or tracking consent of first and third party cookies. It did, however, address security and privacy laws, such as CAN SPAM and CASL. By 2021, this lack of functionality was becoming a liability for Account Engagement. Platforms like HubSpot Marketing Hub and Marketo Sales Connect were relatively quick on the uptake to incorporate tracking and consent functionality.

Tracking opt-in preferences with Account Engagement

In its spring ’22 release Salesforce unveiled its new tracking and consent JavaScript API. The first step in setting up the API is via Account Engagement Settings and clicking the edit button on the top right.

Tracking & Consent JavaScript API

Tick the box to activate the Tracking & Consent JavaScript API. By default, the maximum tracking cookie duration is just shy of 10 years (factoring in for roughly two leap years).

You now have more options for for your preferences, such as the message you would like to appear on your website banner and whether you would like to track visitors from all countries or from select countries or regions. The message is simple and straightforward and is not offered in multiple languages. The styling options are also rather limited, especially when compared to competitive products.

Tracking Opt-in preferences

I’ve found it’s easiest, and gives the greatest peace of mind, to request opt-in from all visitors before tracking them. I often see US clients who’ve only selected a request for opt-in for visitors from the EU, thinking that will cover GDPR. It’s not always possible to know if an EU resident is browsing from a different location. There are also other countries, such as Mexico and Nigeria, that require tracking consent, so they’d need to be considered if you’re aiming to only cater for countries with tracking consent requirements.

Opting in a group of countries in Pardot

There is the option to manually select all of the countries you wish to obtain opt-in consent from. In the interest of time and, again, to ensure peace of mind, it’s generally best to request opt-in from all visitors.

Manually selecting countries for opt-in request in Pardot

The Pardot cookie consent banner

Once the tracking JavaScript had been activated, it wasn’t exactly clear what the next steps were. Would some GDPR verbiage appear on our Pardot forms, like it does with HubSpot? Where would the opt-in banner appear and how would it look? We soon had our answer. The banner appeared only on Pardot landing pages, which made sense, and it was not the most visually appealing.

Pardot consent banner

If you wish to use the Pardot consent banner on all your webpages, you’ll need to do some modifications to the tracking code first. The code creates a tracker object and allows you to push various commands, such as page views, back to Pardot. Read more on how the JavaScript works here.
You can also interact with the tracker object and its associated commands outside of the tracking snippet. Salesforce provides a list of commands and syntax on their Tracking and Consent API Overview.

Tracking and Consent API Overview

Image courtesy of Salesforce

Once you’ve created the tracker object, you can add some commands to your tracking snippet to call up the consent banner.

Single-page applications

The Salesforce API is now compatible with single-page applications, too. Simply put, a single-page application is a webpage that doesn’t require a complete page refresh to generate new content. The content is, instead, updated via JavaScript framework such as Angular, React and Vue. If you’ve used Gmail or Facebook, you’ve used a single-page application. The new API allows users to use Pardot with every type of web application, including a SPA.

Why it’s a good idea to add a cookie consent banner to your website

Even if you feel confident your website doesn’t need to be concerned about GPR compliance, it can also help you address other regulatory issues, such as CCPA. While the California Consumer Privacy Act—CCPA—addresses how users’ data is processed and stored, and doesn’t explicitly require cookie consent, the tracking and consent banner can address CCPA requirements with its links to your company privacy policy ad terms and conditions.

CCPA compliancy applies to a company that:

– Is operated for profit,
– Does business in California,
– Decides why and how personal information is processed, and
– Has one or more of these characteristics:
– Gross revenue of over $25 million per year, or
– Buys, sells, receives or shares personal information from over 100,000 consumers, households or devices per year, or
– Makes half or more of its revenue per year from sharing or selling personal information.


The demand of internet privacy and security is growing strong and is expected to do so for the foreseeable future. The use of third party cookies, including non-advertising cookies such as Google Analytics, necessitates the need for a cookie consent banner on any business website that does business with residents of the EU, Mexico, Nigeria and possibly other countries. Other regulations, such as CCPA, ensure businesses make certain disclosures about their data and privacy practices, by posting a privacy policy on their website. Marketing Cloud Account Engagement, aka Pardot, can help facilitate compliancy with its Tracking & Consent JavaScript API. This is an advanced feature of Pardot and requires working with a web admin. If you’re looking to add a cookie consent banner on your website and have questions or concerns, please feel free to reach out. Even if you’re not using Pardot, we’ve experience working with third party cookie banners and consent plugins and can work with you to determine the best fit for your website and MAS needs.

About the Pardot rename

In April 2022, Salesforce announced the rebrand of Pardot to Marketing Cloud Account Engagement. While the rebrand unfolds and the world adapts to the new nomenclature, we'll typically keep the Pardot name in our blog posts.

There are several permutations of the new name being thrown about, so you may see us use any one of them as things evolve:

  • Pardot
  • Marketing Cloud Account Engagement
  • Marketing Cloud Account Engagement (Pardot)
  • MCAE
  • MC Account Engagement
  • Account Engagement by Pardot
Jennifer G bio

Author | Jennifer G

Pardot Consultant
Jennifer has been using Pardot since 2010, way before it was owned by Exact Target or Salesforce. As a marketing and sales professional, Jennifer realized the importance of understanding and mastering a solid MAS and CRM. She enjoys helping others with their MAS and, if she can help marketing and sales folks look like rockstars along the way, even better!

Follow/Connect with Jennifer on LinkedIn
Follow and connect with Jennifer on LinkedIn

Content Satisfaction Survey

We value your feedback. You may remain anonymous if you like.


Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe to our Blog

Follow Us

Latest Posts

Does migrating marketing automation or CRM platforms actually pay off?

Are you thinking about migrating Marketing Automation or CRM platforms and wondering if it’s worth it? Will your company/organization be better off in the long run if you migrate MAP and/or CRM platforms? Download our ‘Marketing Automation & CRM Platform Migration Checklist‘ Google Sheet as a valuable resource to give you some things to consider before making the jump.

Quick Tip: Syncing HubSpot with Salesforce Do Not Email

If you are connecting HubSpot with Salesforce and setting up HubSpot to sync with Salesforce, you don’t want to map the ‘Marketing contact status’ field directly to Salesforce’s ‘Do Not Email’ (DNE) field; those fields will not sync the proper values based on how they are intended to work.

Trending Posts

Subscribe to our articles

Like this article? Comment with your feedback below, and subscribe for all the latest helpful information.

Apply to be a Guest Poster if you are interested in writing one or more articles for our blog. To qualify you must be a subject matter expert that aligns with one of our current blog categories.

Related articles…