Select your interface:
You are currently viewing instructions for the: Manager
- Introduction
- How does Cross-domain Consent Sharing work?
- Does Cross-domain Consent Sharing work for all website users?
- Activating Cross-domain Consent Sharing
- How do I ensure users understand they are giving their consent for multiple websites?
- Is Cross-domain Consent Sharing included in the Free Plan?
- Check whether Cross-domain Consent Sharing works
- How storage partitioning affects Cross-domain Consent Sharing
This essentially means that in newer versions of the Chromium browsers it is now only possible to share consent between domains that share the same top-level domain. This means that consent submitted on a sub-domain can be shared with other sub-domains and the top-level domain, but not the other way around.
Consent submitted on the top-level domain can not be shared with a sub-domain.
Introduction
If you operate multiple websites from different domains or your website operates from several subdomains, Cookiebot CMP can ask your website visitors for a consent that applies to all domains within the same Domain Group. We refer to this as Cross-domain Consent Sharing.
By default, your users will be asked for consent on each of your domains separately. By enabling the Cross-domain Consent Sharing feature however, your users will only be prompted for a consent the first time they visit any one of the websites in the Domain Group (and again when consent has expired).
How does Cross-domain Consent Sharing work?
When Cross-domain Consent Sharing is enabled, a local storage item named CookieConsentBulkSetting-# is set to keep track of users' changes and renewal of Cross-domain Consent Sharing across domains. This third-party Local Storage item contains an array of domains within the domain group. Upon visit to one of these domains after the initial consent submission the entry is popped from the array and the consent settings from the domain where the user submitted consent are applied to the domain.
For more information on what cookies Cookiebot sets and what information we collect, please see our Privacy Policy: Cookiebot CMP Privacy Policy
Does Cross-domain Consent Sharing work for all website users?
In order for the Cross-domain Consent Sharing to function properly, these following three conditions must be met:
- The user allows third-party cookies in their browser settings. Browsers like Safari, Firefox and Brave are known not to allow third-party cookies by default and Chrome has also started to phase out third-party cookies.
- The user has not activated “Do Not Track (DNT)” in their browser settings
- The user accepts cookies in the 'Preferences' category. The Cross-domain Consent Sharing local storage item is classified as a preference cookie, so if this category isn't accepted Cross-domain Consent Sharing can't carry over.
Activating Cross-domain Consent Sharing
Activating Cross-domain Consent Sharing is as easy as ticking a checkbox in your Domain Group configuration:
- Log in to your account: Cookiebot CMP Manager
- Go to ‘Settings’ from the top menu
- From the drop-down menu just below the top menu, choose the Domain Group for which you wish to enable Cross-domain Consent Sharing
- Click the ‘Domains‘ tab
- Check the checkbox labeled ‘Enable Cross-domain Consent Sharing’
- Save your settings by clicking the tick mark on the left-hand side in the blue bar.
This also applies when withdrawing consent. By withdrawing consent, permission to carry over consent settings to third-party domains is also revoked.
Is Cross-domain Consent Sharing included in the Free plan?
Checking whether Cross-domain Consent Sharing works
Take the following steps to check whether Cross-domain Consent Sharing is working:
- Submit consent on the banner, making sure that at least "preferences" are selected.
- Check your Local Storage under https://consentcdn.cookiebot.com
- (In Chrome, press F12 → Click the Application tab → Open Local Storage to the left)
- You should see an item with the following:
- key: CookieConsentBulkSetting-00000000-0000-0000-0000-000000000000 (The 0's will be the CBID belonging to the Domain Group Cross-domain Consent Sharing applies to).
- value: {"resetdomains":["domain.com","sub.domain.com","domain.co.uk"],"bulkconsent":{"ticket":"aaAaAaaaAAaa0A0AaaaAaA0aAAAAaaAAAAAA0AAa0AAAaAAaAa0aaA==","utc":1594794504157,"preferences":true,"statistics":true,"marketing":true}}
- "resetdomains" should contain all domains that Cross-domain Consent Sharing applies to, but you haven't visited yet after submitting consent. Domains in that list you visit will be removed from the list and their own CookieConsent cookie containing the consent preferences will be set.
- "bulkconsent" will contain the Consent ID (ticket), the time consent was submitted (UTC) and the consent level (preferences, statistics, and marketing).
If the Local Storage item isn't set or is removed at some point during your test, it's likely due to your browser not allowing the setting of Local Storage items (or lacking consent for "preferences" cookies). If this is the case, the browser won't be able to remember your preferences and carry them over to the other domains.
How storage partitioning affects Cross-domain Consent Sharing
Since Google has released their "Storage Partition" feature with Chrome 115, sharing consent between domains has become rather limited.
With storage partitioning it is now only possible to share consent between domains that are one the same level. That means that consent submitted on a domain can be shared with other domains on the same level or with domains on a higher level. The reverse is (unfortunately) not true, consent submitted on a top-level domain can not be shared with sub-domains (those on levels beneath it).
Here is a graphic representation of how consent can be shared between domains:
To better understand why this was done, it helps seeing this in terms of embedded content:
Domains A and C and domains B and C can access each other's cookies. However domain A can't access domain C's cookies if it's embedded in a different domain. |
Domains A and C can access each other's cookies. However domain A can't access domain C's cookies if it's not embedded in domain A. |
These limitations are imposed by the browser and can in no way be bypassed.
Comments
0 comments
Please sign in to leave a comment.