Skip to main content

Cross-domain Consent Sharing

Hannah
  • Updated

 

Introduction

If you operate multiple websites from different domains or your website operates from several subdomains, Cookiebot CMP can ask your website visitors for a consent that covers all your domains. We refer to this as Cross-domain Consent Sharing.


By default, your users will be asked for consent on each of your domains. By enabling the Cross-domain Consent Sharing feature however, your users will only be prompted for a consent the first time they visit any one of your websites (and again when consent needs to be renewed).

 

How does Cross-domain Consent Sharing work?

When Cross-domain Consent Sharing is enabled, a local storage cookie named CookieConsentBulkSetting-# is set to keep track of users' changes and renewal of Cross-domain Consent Sharing across domains. This cookie is set as a third party Local Storage item and contains an array of domains within the domain group. Upon visit to one of these domains, the entry is popped from the array and the consent settings from the domain where the user submitted consent are applied to the domain.

For more information on what cookies Cookiebot sets and what information we collect, please see our Privacy Policy: Cookiebot CMP Privacy Policy

 

Note that if Cross-domain Consent Sharing is activated, this means that the user will see all cookies in use – from across all your websites – in the cookie consent banner and the Cookie Declaration on each of the websites. All identified cookies and trackers from all the domains and subdomains which the Cross-domain Consent Sharing is valid for, will automatically be pooled together.

 

Does Cross-domain Consent Sharing work for all website users?

In order for the Cross-domain Consent Sharing to function properly, these following three conditions must be met:

  1. The user allows third party local storage in their browser settings. Note that browsers Safari and Firefox are known not to allow 3rd party cookies.
  2. The user has not activated “Do Not Track (DNT)” in their browser settings
  3. The user accepts cookies in the 'Preferences' category. The Cross-domain Consent Sharing local storage item is classified as a preference cookie, so if this category isn't accepted, Cross-domain Consent Sharing doesn't carry over.

 

Activating Cross-domain Consent Sharing

Activating Cross-domain Consent Sharing is as easy as ticking a checkbox in your domain group configuration:

  1. Log in to your account: Cookiebot CMP Manager
  2. Go to ‘Settings’ from the top menu
  3. From the drop-down menu just below the top menu, choose the domain group for which you wish to enable Cross-domain Consent Sharing
  4. Click the tab ‘Domains
  5. At the bottom, click the tick-box labeled ‘Enable Cross-domain Consent Sharing
  6. Save your settings by clicking the tick mark on the left-hand side in the blue bar.

Please note that Cross-domain Consent Sharing will then be in place for all the domains and subdomains listed in that particular domain group, but it will not affect any domains you may have listed in other domain groups on your account.

 

How do I ensure users understand they are giving their consent for multiple websites?

If you have enabled Cross-domain Consent Sharing, the following text will automatically be inserted into the cookie consent banner, which the user will see when asked for consent: Your consent applies to the following domains: [domain 1], [domain 2], [domain 3], etc.

This information is visible to the user in the cookie consent banner under ‘Details’ tab. For example Cookiebot CMP own cookie consent banner when you visit cookiebot.com for the first time.

Screenshot_2021-10-14_at_10.56.14.png

In addition, if you have used our standard template for the Cookie Declaration and added it either as a separate menu point on your website or embedded it in e.g. your existing privacy policy, the user will also be reminded of his/her current consent state and the fact that it is given for multiple domains. The text "Your consent applies to the following domains: [domain 1], [domain 2], [domain 3], etc." automatically appears at the top of the cookie declaration. You can see an example of this on Cookiebot CMP's own Cookie Declaration: Cookiebot CMP Cookie Declaration.

 

Is Cross-domain Consent Sharing included in the Free plan?

Cross-domain Consent Sharing is available in the Premium subscription plan only.

 

Does Cross-domain Consent Sharing work on domain aliases?

Cross-domain Consent Sharing only works for domains added to the domain list in a domain group, but will not work on any aliases added to the domain group. Since domain aliases aren't included in the array in the cookie set for Cross-domain Consent Sharing, consent won't be carried over to the domain alias.

 

Removing consent in bulk

Changes to the Cross-domain Consent Sharing local storage item (which is the one carrying the consent across your domains), can only be done if at least the 'Preferences' category is accepted.

Let's say you have two domains, Domain A and Domain B, both under the same domain group with Cross-domain Consent Sharing enabled.
If you go to Domain A and accept all cookies, then go to Domain B and withdraw all cookies and go back to Domain A, you will see that the new consent (full opt-out) made on Domain B has not carried over. This is because the 'Preferences' category was not accepted on the visit to Domain B and we are therefore not able to overwrite the existing Cross-domain Consent Sharing local storage item.
So while your visitors can opt-in to cookies across your domains in bulk, they will have to opt-out on each individual website in your domain group. 

 

Check whether Cross-domain Consent Sharing works

Take the following steps to check whether Cross-domain Consent Sharing is working:

  • Submit consent on the banner, making sure that at least "preferences" are selected.
  • Check your Local Storage under https://consentcdn.cookiebot.com
  • (In Chrome, press F12 → Click the Application tab → Open Local Storage to the left)
  • You should see an item with the following:
    • key: CookieConsentBulkSetting-00000000-0000-0000-0000-000000000000 (The 0's will be the CBID belonging to the Domain Group Cross-domain Consent Sharing applies to).
    • value: {"resetdomains":["domain.com","sub.domain.com","domain.co.uk"],"bulkconsent":{"ticket":"aaAaAaaaAAaa0A0AaaaAaA0aAAAAaaAAAAAA0AAa0AAAaAAaAa0aaA==","utc":1594794504157,"preferences":true,"statistics":true,"marketing":true}}
    • "resetdomains" should contain all domains that Cross-domain Consent Sharing applies to, but you haven't visited yet after submitting consent. Domains in that list you visit will be removed from the list and their own CookieConsent cookie containing the consent preferences will be set.
    • "bulkconsent" will contain the Consent ID (ticket), the time consent was submitted (UTC) and the consent level (preferences, statistics, and marketing).
If the Local Storage item isn't set or is removed at some point during your test, it's likely due to your browser not allowing the setting of Local Storage items (or lacking consent for "preferences" cookies). If this is the case, the browser won't be able to remember your preferences and carry them over to the other domains.
Was this article helpful?
1 out of 1 found this helpful
Return to top

Comments

0 comments

Please sign in to leave a comment.