Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
FlexSlider is an open source jQuery plugin originally created by WooThemes that provides responsive, touch enabled sliders and carousels for websites. It supports fade and slide transitions, custom navigation, multiple item layouts and keyboard controls. FlexSlider is typically self hosted alongside your theme assets, which means it does not, by itself, place tracking cookies or transmit personal data. Privacy considerations only arise when FlexSlider is loaded from a third party CDN or when slides embed external media such as YouTube or Vimeo.
FlexSlider is a free, open source jQuery plugin originally released by WooThemes and now maintained by the community. It transforms a list of images or HTML blocks into a responsive, swipeable carousel that adapts to phones, tablets and desktops. Because the plugin runs entirely in the browser and ships as a small JavaScript and CSS bundle, it is one of the most widely used slider libraries on WordPress themes, marketing sites and ecommerce product pages.
FlexSlider by itself does not set cookies, does not call any remote API and does not transmit personal data. The library only reads the DOM, listens to swipe and click events and animates CSS transforms. Privacy exposure comes from three indirect sources: the location from which the script is loaded (your own server vs. a public CDN such as jsDelivr or cdnjs), the slides themselves (which may embed YouTube, Vimeo or third party image hosts), and any analytics you attach to slider events.
When FlexSlider is self hosted and slides only contain first party images, the deployment is considered strictly necessary and does not trigger Article 5(3) of the ePrivacy Directive. If the script is loaded from a third party CDN, the IP address of the visitor is shared with that CDN and Article 6 GDPR applies. If the slider embeds external media (YouTube, Vimeo, social posts), those iframes will typically set tracking cookies and require prior consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
No consent is required for a strictly first party FlexSlider integration. Consent becomes mandatory in two scenarios: when the slider script is fetched from a third party CDN that processes IPs for purposes beyond delivery, and when slides embed external media. In both cases the embedded resource must be blocked until the user accepts via your consent management platform.
FlexSlider has no servers and no SDK that phones home. Cross border transfer risk depends entirely on the hosting choice. Self hosting on an EU origin keeps data in the EEA. Loading from jsDelivr, cdnjs or unpkg may route requests to US or other non EEA edge nodes. If your slides embed YouTube or Vimeo, expect transfers to the United States under the EU US Data Privacy Framework.
Host flexslider.js and flexslider.css on your own domain, replace any public CDN URL, and verify with a network sniffer that no third party requests are emitted by the slider. Lazy load YouTube or Vimeo embeds behind a consent gate. Document FlexSlider in your record of processing activities as a presentational library only, and keep an updated version pinned to avoid loading new untested code from upstream.
Websites using FlexSlider must obtain user consent under GDPR regulations.
DPIA considerations
A full DPIA is generally not required for FlexSlider because the plugin processes no personal data when self hosted. A short risk assessment should be documented if FlexSlider is loaded from a public CDN (which logs IP addresses) or if its slides embed third party content such as YouTube, Vimeo or external image hosts, since these embeds can place tracking cookies.
Sample consent text
Our website uses the FlexSlider component to display image carousels. The slider runs locally in your browser and does not set tracking cookies. Some slides may embed media from third party providers (YouTube, Vimeo). These services may store cookies and process your IP address. By clicking Accept, you agree to load these external resources.
Third-party domains contacted
cdn.jsdelivr.netcdnjs.cloudflare.comunpkg.comwww.youtube.complayer.vimeo.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| flex-active-slide | localStorage | session | Stores the currently visible slide index so that the carousel position is preserved during single page navigation (optional, only if explicitly enabled in your integration). |
| __cfduid / cf_bm | third_party | 30 minutes (Cloudflare bot management) | Set only when FlexSlider is loaded through a Cloudflare backed public CDN such as jsDelivr. Used by the CDN for security and bot detection, not by FlexSlider itself. |
| YSC / VISITOR_INFO1_LIVE | third_party | YSC: session, VISITOR_INFO1_LIVE: 180 days | Set by YouTube when a slide embeds a YouTube video. Used by Google to measure video views and personalise the user experience. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
No. FlexSlider is a presentational jQuery library that runs entirely in the browser and does not set first party or third party cookies. Cookies may only appear if your slides embed external services such as YouTube or Vimeo, or if you load the script from a CDN that uses cookies for its own analytics.
When FlexSlider is self hosted and slides contain only your own assets, no consent is required because the script is strictly necessary for content presentation. Consent becomes required only if you load the library from a third party CDN, or if your slides embed media that places tracking cookies.
For a self hosted, cookie free integration the relevant basis is legitimate interest under Article 6(1)(f) GDPR, since the slider is needed to display content the visitor requested. Consent under Article 6(1)(a) GDPR is needed only when external CDNs or embedded media are involved.
The library by itself transfers nothing. Risk of US transfers arises only if FlexSlider is loaded from a CDN with US edge nodes (jsDelivr, cdnjs, unpkg) or if slides embed YouTube, Vimeo or other US based media services.
A full DPIA is not required for a self hosted FlexSlider deployment because no personal data is processed. A short risk note is recommended if you load it via a public CDN or embed third party media inside slides.
Host the JavaScript and CSS files on your own domain, remove any references to third party CDNs, block third party media embeds until consent is given, document the integration in your record of processing activities and pin a known good version.
Modern alternatives include Swiper, Glide.js, Splide and Keen Slider. All are self hosted JavaScript libraries with no cookies and similar feature sets. Swiper has the most active maintenance and accessibility support today.
If FlexSlider is fully self hosted with no embeds, no update is needed. If you use a public CDN or embed external media, list those third parties (CDN provider, YouTube, Vimeo) in your cookie policy with purpose, retention and a link to their privacy notice.