Skip to main content

Cross-domain Consent Sharing

Hannah
  • Updated

Select your interface:

manager.png
admin.png

You are currently viewing instructions for the: Manager

Google has released their "Storage Partition" feature with Chrome 115. 
This essentially means that in newer versions of the Chromium browsers it is now only possible to share consent between domains that share the same top-level domain. This means that consent submitted on a sub-domain can be shared with other sub-domains and the top-level domain, but not the other way around.
Consent submitted on the top-level domain can not be shared with a sub-domain.

 

Introduction

If you operate multiple websites from different domains or your website operates from several subdomains, Cookiebot CMP can ask your website visitors for a consent that applies to all domains within the same Domain Group. We refer to this as Cross-domain Consent Sharing.

By default, your users will be asked for consent on each of your domains separately. By enabling the Cross-domain Consent Sharing feature however, your users will only be prompted for a consent the first time they visit any one of the websites in the Domain Group (and again when consent has expired).

 

How does Cross-domain Consent Sharing work?

When Cross-domain Consent Sharing is enabled, a local storage item named CookieConsentBulkSetting-# is set to keep track of users' changes and renewal of Cross-domain Consent Sharing across domains. This third-party Local Storage item contains an array of domains within the domain group. Upon visit to one of these domains after the initial consent submission the entry is popped from the array and the consent settings from the domain where the user submitted consent are applied to the domain.

For more information on what cookies Cookiebot sets and what information we collect, please see our Privacy Policy: Cookiebot CMP Privacy Policy

When Cross-domain Consent Sharing is activated, the user will see all cookies in use – from across all websites int he same Domain Group – on the cookie consent banner and the Cookie Declaration. All identified cookies and trackers from all the domains and subdomains which Cross-domain Consent Sharing is valid for, will automatically be pooled together.

 

Does Cross-domain Consent Sharing work for all website users?

In order for the Cross-domain Consent Sharing to function properly, these following three conditions must be met:

  1. The user allows third-party local storage in their browser settings. Browsers like Safari and Firefox are known not to allow third-party cookies by default.
  2. The user has not activated “Do Not Track (DNT)” in their browser settings
  3. The user accepts cookies in the 'Preferences' category. The Cross-domain Consent Sharing local storage item is classified as a preference cookie, so if this category isn't accepted Cross-domain Consent Sharing can't carry over.

 

Activating Cross-domain Consent Sharing

Activating Cross-domain Consent Sharing is as easy as ticking a checkbox in your Domain Group configuration:

  1. Log in to your account: Cookiebot CMP Manager
  2. Go to ‘Settings’ from the top menu
  3. From the drop-down menu just below the top menu, choose the Domain Group for which you wish to enable Cross-domain Consent Sharing
  4. Click the ‘Domains‘ tab
  5. Check the checkbox labeled ‘Enable Cross-domain Consent Sharing
  6. Save your settings by clicking the tick mark on the left-hand side in the blue bar.

Cross-domain Consent Sharing will be applied to all the domains listed in this Domain Group, but it will not affect any domains you may have listed in other domain groups on your account.

 

How do I ensure users understand they are giving their consent for multiple websites?

When Cross-domain Consent Sharing is enabled, the following text will automatically be inserted into the cookie consent banner, which the user will see when asked for consent: Your consent applies to the following domains: [domain 1], [domain 2], [domain 3], etc.

This information is visible to the user in the cookie consent banner under ‘Details’ tab. For example www.cookiebot.com's own cookie consent banner on your first visit.

Screenshot_2021-10-14_at_10.56.14.png

In addition, if you have used our standard template for the Cookie Declaration and added it either as a separate menu point on your website or embedded it in e.g. your existing privacy policy, the user will also be reminded of his/her current consent state and the fact that it is given for multiple domains. The text "Your consent applies to the following domains: [domain 1], [domain 2], [domain 3], etc." automatically appears at the top of the cookie declaration. You can see an example of this on Cookiebot CMP's own Cookie Declaration: Cookiebot CMP Cookie Declaration.

Changes to consent can only be carried over if cookies in the 'preferences' category were accepted.

This also applies when withdrawing consent. By withdrawing consent, permission to carry over consent settings to third-party domains is also revoked.

 

Is Cross-domain Consent Sharing included in the Free plan?

Cross-domain Consent Sharing is available in the Premium subscription plan only.

 

Checking whether Cross-domain Consent Sharing works

Take the following steps to check whether Cross-domain Consent Sharing is working:

  • Submit consent on the banner, making sure that at least "preferences" are selected.
  • Check your Local Storage under https://consentcdn.cookiebot.com
  • (In Chrome, press F12 → Click the Application tab → Open Local Storage to the left)
  • You should see an item with the following:
    • key: CookieConsentBulkSetting-00000000-0000-0000-0000-000000000000 (The 0's will be the CBID belonging to the Domain Group Cross-domain Consent Sharing applies to).
    • value: {"resetdomains":["domain.com","sub.domain.com","domain.co.uk"],"bulkconsent":{"ticket":"aaAaAaaaAAaa0A0AaaaAaA0aAAAAaaAAAAAA0AAa0AAAaAAaAa0aaA==","utc":1594794504157,"preferences":true,"statistics":true,"marketing":true}}
    • "resetdomains" should contain all domains that Cross-domain Consent Sharing applies to, but you haven't visited yet after submitting consent. Domains in that list you visit will be removed from the list and their own CookieConsent cookie containing the consent preferences will be set.
    • "bulkconsent" will contain the Consent ID (ticket), the time consent was submitted (UTC) and the consent level (preferences, statistics, and marketing).
If the Local Storage item isn't set or is removed at some point during your test, it's likely due to your browser not allowing the setting of Local Storage items (or lacking consent for "preferences" cookies). If this is the case, the browser won't be able to remember your preferences and carry them over to the other domains.

Was this article helpful?
6 out of 9 found this helpful
Return to top

Comments

0 comments

Please sign in to leave a comment.