Can we use the GDPR-compliant shortcodes from Hugo?


Having chanced upon this page from the Hugo docs, I would ideally like to set all my youtube, twitter etc. embeds to the non-default more privacy protective versions. I’d particularly like to add the privacy enhanced youtube option.

The docs say to enable this: “These settings need to be put in your site config (e.g. config.toml ).”

I was wondering is there a way we can edit our site’s config files directly to make those changes?

(Or might even consider making these the default option, unless there are good reasons to not use the privacy-protecting options for some cases).

You can edit your config directly by editing your theme.

Awesome, that’s great to hear. Thank you very much!

Ooh, this is cool. I’ve been wondering about how I could use the privacy-enabled versions of embeds.

Jason, would this be done in the config.json file?

@zioibi, this may be of interest to you for privacy purposes.

Yes, the config.json file is merged with the default configs. Anything in your config.json will be added to or override the same parameter in the default configuration.

Very interesting! (And thanks for flagging @frostedechoes!)

Forgive my ineptitude, but has anyone managed to get this to work?

I believe that for the youtube embed to be “privacy enhanced”, it should show up as an embed to rather than

But no matter where I add the code to the bottom of any config.json file I can find :grinning: does that happen . I tried rebuilding my site too, but it didn’t help. I expect I probably just don’t understand where I should be putting the code.

I tried adding it to the existing custom.json in my existing theme (I’m using the excellent Paper theme!)

And then to the custom.json under “Default Templates”

Finally I tried making a new custom theme and just added my own new file called custom.json that just had the privacy code from the Hugo site in it.

Each time I used a json validator to make sure I hadn’t broken the format too much.

I wondered if anyone could give any clues what I’m doing wrong?

The exact code I was adding was along the lines of:

	"privacy": {
		"twitter": {
			"disable": false,
			"enableDNT": true,
			"simple": false
		"vimeo": {
			"disable": false,
			"enableDNT": true,
			"simple": false
		"youtube": {
			"disable": false,
			"privacyEnhanced": true