Cookies are small files that a website sends to your browser. Your browser stores the cookies on your computer/device. Some cookies are essential for the website to function properly and are often referred to as strictly necessary cookies. Others, such as marketing cookies, track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad.
Many privacy laws around the world stipulate that website visitors must be notified about a website's use of cookies and must be able to provide consent before those cookies load.
With the Editor's cookie notification feature, you can set up a fully compliant cookie message and collect the type of consent required by your local or regional privacy framework - and you can enable the visitor to withdraw that consent again at any time.
Does my website need a cookie notification banner?
The most likely answer is yes. If you are serving visitors from any country or region where cookie notification and consent retrieval is required by law, you must inform about which cookies your website loads and why, and enable visitors to provide an active consent (by clicking an "Accept" button). Think about it this way: a cookie message is a great way to greet your visitors, show transparency and build trust - so why not have one?
Which cookies load on my website?
A website built in the Editor load a number of cookies by default in order to make the website function smoothly and to be able to generate visitor statistics on your Editor dashboard.
When you add content on your website, for example the Social media link module or content embedded through HTML, be aware that you may also be loading third-party cookies and will need to describe these in your cookie/privacy policy.
The following cookies load by default:
Strictly necessary cookies
These cookies are essential for visitors to be able to browse the website and use its features. None of this information can be used to identify visitors as all data is anonymized.
-
Site session
Purpose: To remember different visitor preferences on the website, for example if they closed or opened items, clicked buttons, etc.
Duration: For duration of browser session. -
Preferred language
Purpose: To be able to provide the website in the visitor's preferred language (if the website contains multiple languages).
Duration: 1 year. -
Currency
Purpose: To be able to show prices in the currency matching the visitor's preferences.
Duration: 30 days. -
Google Recaptcha/NID
Purpose: To be able to validate whether the visitor is human and to limit the amount of spam from contact forms.
Duration: 1 year.
Provider: Google.
Third-party cookies
These cookies collect information about how visitors use the website, like which pages they've visited and which links they've clicked on. None of this information can be used to identify visitors as all data is anonymized.
-
ga
Purpose: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Duration: 1 year.
Provider: Google. -
gid
Purpose: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Duration: 24 hours.
Provider: Google. -
gat
Purpose: Used by Google Analytics to throttle request rate.
Duration: 1 year.
Provider: Google.
Use the texts in your own privacy policy
You're welcome to copy the cookie descriptions above and paste them into your own privacy policy on your website.
Enable cookie banner and select a consent type
To activate a cookie notification banner in the Editor, navigate to Settings > Cookie notification.
Tick the box Enable cookie notification banner in order to display the banner on your website.
Consent type
Your cookie notification banner can have three different behaviors, each determining when cookies are loaded and which actions the visitor is able to take.
-
Visitors will be informed that the website uses cookies: both strictly necessary and third-party cookies/scripts/iframes load immediately when the website opens. The visitor sees your cookie notification message and can click an "OK" button but doesn't get any option to provide consent prior to loading cookies.
-
Visitors should opt-out if they do not wish to have cookies enabled: both strictly necessary and third-party cookies load immediately when the website opens. The visitor sees your cookie notification message and can click either an "Accept all" button to continue loading all cookies, or untick the Third-party cookies category and click an "Accept selected" button to stop loading third-party cookies/scripts/iframes. Strictly necessary cookies will still remain even if the visitor unticks Third-party cookies and clicks the "Accept selected" option.
- Visitors should opt-in for cookies to be allowed: only strictly necessary cookies load immediately when the website opens. Third-party cookies/scripts/iframes do not load. The visitor sees your cookie notification message and can click an "Accept all" button to also load third-party cookies/scripts/iframes, or click an "Accept selected" button to continue loading only strictly necessary cookies.
Placement
In the section Placement, decide if you want the banner to show at the top or bottom of your website.
How are third-party cookies blocked?
Script loading behavior
External scripts have different load behaviors which means that while some may load immediately after the visitor has consented to cookies on the cookie banner, others require a browser refresh in order to load. In order to ensure that scripts load instantly upon consent, you can either whitelist the source of the script (see below) or contact the author of the scrip and ask them to update it to change the loading behavior.
Whitelisting scripts/iframes and domains
How to whitelist individual scripts
<script src="//example.com/script.js"></script>
<script data-noblock src="//example.com/script.js"></script>
Note: if you're pasting the above snippet into the Editor, make sure to replace the example content with your actual script.
Whitelisting individual iframes
While you can whitelist individual scripts, it's not possible to whitelist individual iframes using the method outlined above. Instead you'll need to whitelist the source domain of the iframe (see below).
How to whitelist domains
Cookie notification content
We have already written all the texts on the cookie notification banner for you and translated them into all supported languages.
The cookie notification banner contains a "More details" link which you can decide where to point to, for example your website's privacy policy page. In the section Link to more information, choose the link destination from either an internal page, an external page, or an overlay.
If you select Overlay, you will see two additional input boxes where you can add a headline and body text that appears in an overlay when visitors click the "More details" link.
Formatting text in the overlay
The overlay accepts basic HTML text formatting, like <b></b> for bold text, and HTML list formatting, enabling you to create numbered and bulleted lists.
Example of cookie policy placed in an overlay:
Multiple languages
If you offer your website in multiple languages, you can add a text on the overlay in each of your languages. Switch through your languages by clicking on the language selector in the interface.
Enable visitors to withdraw consent
Many privacy laws stipulate that the visitor must have the option to take back (withdraw) a previously given consent to cookie. This can easily be set up in the Editor.
Scroll down to the section Consent withdrawal and tick the box Enable cookie opt-out.
After publishing your website, visitors will now see a small tab in the bottom-left corner of the website that appears when they are scrolling down any page and are approaching the bottom of the page. Upon clicking the tab, they are presented with a banner where they can click a Withdraw cookie consent button.
When a visitor clicks the button, the consent to loading third-party cookies is taken back and those cookies will no longer load. Strictly necessary cookies still remain.
The next time the visitor visits your website, the cookie notification banner will show and they can re-select their cookie preferences.
Retrieving documentation of visitor consent
Some privacy laws require digital service providers to keep a record of any type of data that was submitted on a website and when it was submitted. This also includes consent to cookies.
In other words, every time someone accepts cookies on your website, proof of that consent must be stored so that it can be retrieved in the unlikely event that the visitor requests documentation that he or she did in fact consent. The visitor has the right to request this according to certain legal frameworks such as the GDPR's right to transparency.
Consent information is stored on our servers and we'll be able to retrieve it on request. In order to match a consent with a specific visitor, we add a 32-digit universally unique identifier (UUID) to each consent provided.
If a visitor requests proof that they consented or withdrew a consent to cookies, you can ask them to locate this UUID and send it to you. You can then pass it on to us so we can look it up in the consent database and provide proof of consent.
Where do visitors find the UUID?
After having accepted or acknowledged cookies, visitors will see a small tab in the bottom-left corner of the website that appears when they are scrolling down any page and are approaching the bottom of the page. Upon clicking the tab, they are presented with a banner where they can see their unique UUID.
UUID traceability
The UUID is stored in a cookie in the visitor's local storage. Be aware that if the visitor clears cookies on their browser, the UUID will also be cleared and we will no longer be able to trace that visitor's unique consent.
Customizing the cookie notification elements
Both the cookie notification banner and the consent withdrawal tab are pre-designed and cannot be styled differently. The texts on the cookie notification banner and consent withdrawal tab are also pre-defined and cannot be changed. They have been translated into all supported languages.