Joomla

Joomla

Loads core CMS functionality scripts on Joomla-powered websites, including extension integrations and component libraries. Third-party Joomla extensions may load additional scripts that collect usage analytics or personal data depending on the plugins installed and configured by site operators.

Back to Vendor Library

Overview

Joomla is an open-source content management system (CMS) used to build and manage websites. Unlike SaaS platforms, Joomla runs as self-hosted software on the site operator's server. Its core scripts handle page rendering, user authentication, content management, and extension loading. Joomla's privacy footprint is determined primarily by which third-party extensions the site operator installs.

What This Script Does

Joomla's core scripts are served from the site's own domain and provide:

  • CMS framework: Loads JavaScript libraries (jQuery, Bootstrap, custom Joomla scripts) required for page interactivity, form handling, and component rendering.
  • Authentication: Manages user login sessions via PHP session cookies and CSRF token validation. Session cookies are set upon login and maintained for authenticated navigation.
  • Extension loading: Third-party Joomla extensions (plugins, modules, components) can load additional scripts with varying privacy implications — analytics trackers, marketing tools, social integrations, etc.
  • Form handling: Core form components (contact forms, registration forms) process user-submitted data within the local Joomla installation and database.
  • No external tracking: Joomla's core does not send data to external servers or set third-party cookies. Any external data transmission comes from installed extensions, not from Joomla itself.

Consent & Compliance

Joomla's core falls under the essential/functional consent category. The CMS framework scripts and authentication cookies are necessary for the website to function.

Under GDPR and ePrivacy, Joomla's core session cookies are "strictly necessary" for website operation and exempt from consent. The CMS scripts load from the site's own domain with no third-party involvement. Extensions that add analytics or marketing functionality would require their own consent assessment.

Under CCPA/CPRA, Joomla's core does not collect or share personal information with third parties. Data processing is limited to the site operator's own server and database.

Should You Block This Without Consent?

No. Joomla's core scripts are essential CMS infrastructure that the website requires to function. Blocking them would render the entire website non-functional. Any privacy-sensitive functionality comes from third-party extensions, which should be evaluated and consented independently.

Visit website

Consent Categories

Essential
Functional

Also Known As

joomlajoomla cmsjoomla extensionsjoomla plugins privacyjoomla cookie consentjoomla gdpr

Industries

Computers Electronics and Technology

Tracked Domains (1)

joomla.orgEssential

Frequently Asked Questions

Is cookie consent needed for Joomla core scripts?

Generally no. Joomla's core CMS scripts are classified as essential and functional, handling page rendering, session management, and authentication. These are necessary for the website to operate and typically do not require consent. However, third-party Joomla extensions that add analytics or marketing features may independently require consent.

What cookies and scripts does a Joomla site typically set?

Joomla's core sets PHP session cookies for user authentication and CSRF token validation. It loads JavaScript libraries like jQuery and Bootstrap for page interactivity and form handling. The privacy footprint depends heavily on which extensions the site operator installs, as third-party plugins may add their own tracking.

How does ConsentStack handle Joomla-powered websites?

ConsentStack identifies Joomla's core scripts as essential or functional and allows them to load without consent. If a Joomla site includes third-party extensions that set tracking cookies or load external analytics scripts, ConsentStack detects those separately and applies the appropriate consent category to each one.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Joomla

ConsentStack automatically detects and manages Joomla trackers so your site stays compliant with global privacy regulations.

Get started