Set up a cookie notification banner

Cookies are small files that a website sends to your browser. Your browser stores the cookies on your computer/device. Some cookies are essential for the website to function properly and are often referred to as strictly necessary cookies. Others, such as marketing cookies, track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad.

cookie-banner-fs.png


Many privacy laws around the world stipulate that website visitors must be notified about a website's use of cookies and must be able to provide consent before those cookies load.

With the Editor's cookie notification feature, you can set up a fully compliant cookie message and collect the type of consent required by your local or regional privacy framework - and you can enable the visitor to withdraw that consent again at any time.

  Does my website need a cookie notification banner?

The most likely answer is yes. If you are serving visitors from any country or region where cookie notification and consent retrieval is required by law, you must inform about which cookies your website loads and why, and enable visitors to provide an active consent (by clicking an "Accept" button). Think about it this way: a cookie message is a great way to greet your visitors, show transparency and build trust - so why not have one?   

  

Which cookies load on my website?

A website built in the Editor load a number of cookies by default in order to make the website function smoothly and to be able to generate visitor statistics on your Editor dashboard.

When you add content on your website, for example the Social media link module or content embedded through HTML, be aware that you may also be loading third-party cookies and will need to describe these in your cookie/privacy policy.

The following cookies load by default:
 

Strictly necessary cookies

These cookies are essential for visitors to be able to browse the website and use its features. None of this information can be used to identify visitors as all data is anonymized.

  • Site session
    Purpose: To remember different visitor preferences on the website, for example if they closed or opened items, clicked buttons, etc.
    Duration: For duration of browser session.
  • Preferred language
    Purpose: To be able to provide the website in the visitor's preferred language (if the website contains multiple languages).
    Duration: 1 year.
  • Currency
    Purpose: To be able to show prices in the currency matching the visitor's preferences.
    Duration: 30 days.
  • Google Recaptcha/NID
    Purpose: To be able to validate whether the visitor is human and to limit the amount of spam from contact forms.
    Duration: 1 year.
    Provider: Google.

 

Third-party cookies

These cookies collect information about how visitors use the website, like which pages they've visited and which links they've clicked on. None of this information can be used to identify visitors as all data is anonymized.

  • ga 
    Purpose: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
    Duration: 1 year.
    Provider: Google.
  • gid
    Purpose: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
    Duration: 24 hours.
    Provider: Google.
  • gat
    Purpose: Used by Google Analytics to throttle request rate.
    Duration: 1 year.
    Provider: Google.

  Use the texts in your own privacy policy

You're welcome to copy the cookie descriptions above and paste them into your own privacy policy on your website.

 

Enable cookie banner and select a consent type

To activate a cookie notification banner in the Editor, navigate to Settings > Cookie notification.

 ezgif.com-video-to-gif__2_.gif

 
Tick the box Enable cookie notification banner in order to display the banner on your website.

 

Consent type

Your cookie notification banner can have three different behaviors, each determining when cookies are loaded and which actions the visitor is able to take.

  1. Visitors will be informed that the website uses cookies: both strictly necessary and third-party cookies/scripts/iframes load immediately when the website opens. The visitor sees your cookie notification message and can click an "OK" button but doesn't get any option to provide consent prior to loading cookies. 

    t1.png

  2. Visitors should opt-out if they do not wish to have cookies enabled: both strictly necessary and third-party cookies load immediately when the website opens. The visitor sees your cookie notification message and can click either an "Accept all" button to continue loading all cookies, or untick the Third-party cookies category and click an "Accept selected" button to stop loading third-party cookies/scripts/iframes. Strictly necessary cookies will still remain even if the visitor unticks Third-party cookies and clicks the "Accept selected" option.

    t2.png

  3. Visitors should opt-in for cookies to be allowed: only strictly necessary cookies load immediately when the website opens. Third-party cookies/scripts/iframes do not load. The visitor sees your cookie notification message and can click an "Accept all" button to also load third-party cookies/scripts/iframes, or click an "Accept selected" button to continue loading only strictly necessary cookies.

    t3.png


Placement

In the section Placement, decide if you want the banner to show at the top or bottom of your website. 

 

How are third-party cookies blocked?

The only reliable way to effectively ensure that third-party content isn't setting cookies is to block the loading of external scripts and iframes on the website. Technically, this means that we scan your website for any scripts and iframes with an "src" attribute pointing to an external domain and block those scripts and iframes from loading until the visitor has consented to loading third-party cookies (only applies if you are using Consent type 3). That way, visitors can be absolutely sure that no third-party content loads - and potentially sets cookies - prior to their consent.
 

  Script loading behavior

External scripts have different load behaviors which means that while some may load immediately after the visitor has consented to cookies on the cookie banner, others require a browser refresh in order to load. In order to ensure that scripts load instantly upon consent, you can either whitelist the source of the script (see below) or contact the author of the scrip and ask them to update it to change the loading behavior.

  

 

Whitelisting scripts/iframes and domains

As mentioned above, all third-party scripts and iframes on the website are blocked from loading until the visitor consents to loading them (only applies if you are using Consent type 3).
 
If you would like to load certain scripts or iframes without first receiving consent from visitors, you can do so by whitelisting either individual scripts or domains. Be aware that, once whitelisted, these domain/scripts load immediately when then website opens. In other words, they load in the same manner as your website's necessary cookies.
 
If you decide to whitelist scripts/domains, you are liable for any legal consequences it may entail. Note that the scripts/domains you whitelist may be setting cookies on your website.

 

How to whitelist individual scripts

You can whitelist a script by adding a data attribute to the script tag (in the HTML module, Global HTML, or wherever you have pasted the script in question).
 
A script tag usually looks like something like this:
<script src="//example.com/script.js"></script> 
That script gets blocked because it references an external domain.
 
However, if you add a data-noblock attribute to the script, we won't block it and it will load when the website opens.
<script data-noblock src="//example.com/script.js"></script>

 
Note: if you're pasting the above snippet into the Editor, make sure to replace the example content with your actual script.

  Whitelisting individual iframes

While you can whitelist individual scripts, it's not possible to whitelist individual iframes using the method outlined above. Instead you'll need to whitelist the source domain of the iframe (see below).

 

How to whitelist domains

Instead of whitelisting individual scripts, you can also whitelist domains. A whitelisted domain will allow all scripts and iframes referencing that domain to load on the website.
 
To whitelist a domain, type in the domain name in the section Whitelisting of domains without "https://www." in front. Make sure to add only one domain per line.
 
Screen_Shot_2020-02-21_at_13.29.03.png

 

Cookie notification content

We have already written all the texts on the cookie notification banner for you and translated them into all supported languages.

The cookie notification banner contains a "More details" link which you can decide where to point to, for example your website's privacy policy page. In the section Link to more information, choose the link destination from either an internal page, an external page, or an overlay.

If you select Overlay, you will see two additional input boxes where you can add a headline and body text that appears in an overlay when visitors click the "More details" link.

  Formatting text in the overlay

The overlay accepts basic HTML text formatting, like <b></b> for bold text, and HTML list formatting, enabling you to create numbered and bulleted lists. 

 
Example of cookie policy placed in an overlay:

cookie-overlay.png

 

Multiple languages

If you offer your website in multiple languages, you can add a text on the overlay in each of your languages. Switch through your languages by clicking on the language selector in the interface.

Screen_Shot_2020-02-21_at_13.31.32.png

 

Enable visitors to withdraw consent

Many privacy laws stipulate that the visitor must have the option to take back (withdraw) a previously given consent to cookie. This can easily be set up in the Editor.

Scroll down to the section Consent withdrawal and tick the box Enable cookie opt-out.

 Screen_Shot_2020-02-21_at_13.33.51.png


After publishing your website, visitors will now see a small tab in the bottom-left corner of the website that appears when they are scrolling down any page and are approaching the bottom of the page. Upon clicking the tab, they are presented with a banner where they can click a Withdraw cookie consent button.

ezgif.com-video-to-gif__3_.gif


When a visitor clicks the button, the consent to loading third-party cookies is taken back and those cookies will no longer load. Strictly necessary cookies still remain. 

The next time the visitor visits your website, the cookie notification banner will show and they can re-select their cookie preferences.

 

Retrieving documentation of visitor consent

Some privacy laws require digital service providers to keep a record of any type of data that was submitted on a website and when it was submitted. This also includes consent to cookies. 

In other words, every time someone accepts cookies on your website, proof of that consent must be stored so that it can be retrieved in the unlikely event that the visitor requests documentation that he or she did in fact consent. The visitor has the right to request this according to certain legal frameworks such as the GDPR's right to transparency. 

Consent information is stored on our servers and we'll be able to retrieve it on request. In order to match a consent with a specific visitor, we add a 32-digit universally unique identifier (UUID) to each consent provided.

If a visitor requests proof that they consented or withdrew a consent to cookies, you can ask them to locate this UUID and send it to you. You can then pass it on to us so we can look it up in the consent database and provide proof of consent. 

Where do visitors find the UUID?

After having accepted or acknowledged cookies, visitors will see a small tab in the bottom-left corner of the website that appears when they are scrolling down any page and are approaching the bottom of the page. Upon clicking the tab, they are presented with a banner where they can see their unique UUID.

ezgif.com-video-to-gif__4_.gif

 

  UUID traceability

The UUID is stored in a cookie in the visitor's local storage. Be aware that if the visitor clears cookies on their browser, the UUID will also be cleared and we will no longer be able to trace that visitor's unique consent.

 

Customizing the cookie notification elements

Both the cookie notification banner and the consent withdrawal tab are pre-designed and cannot be styled differently. The texts on the cookie notification banner and consent withdrawal tab are also pre-defined and cannot be changed. They have been translated into all supported languages.

Was this article helpful?
3 out of 4 found this helpful

Articles in this section