Select your interface:
You are currently viewing instructions for the: Manager
When do I have to add cookies manually?
If our scanner is unable to scan parts of your website for some reason, and therefore not gathering the cookies automatically, you can always add these cookies manually. These self declared cookies are for informing purposes, as the banner should contain all cookies in order to be compliant.
You can also create a self-declared cookie to get to certain areas of your website, or to bypass splash screens that would prevent the scanner from interacting with the page.
For example; When you first enter a website you see a splash screen with a special offer. The scanner doesn't understand what this is and can't interact with the page and moves on. Since the scanner never closed the dialog, the scanner won't ever get to scan any pages.
If a visitor closes the dialog though, a cookie is set and prevents the dialog from popping up on subsequent pages.
This is a perfect case for adding a self declared cookie, since the scanner would never be able to find it on its own, and it allows you to bypass the cause of it.
How can I add cookies manually?
- log into the your Cookiebot account
- Open the tab "cookies"
- Click "add cookie" from the menu on the left
- Add the cookie information (see more info below)
- Click "save" from the menu on the left
- You are done!
In order to see these cookies in your banner information, you would need to scan the website again via your manager > cookies > Scan domain now.
- Log into the Admin.
- Select "Cookies & Reports" from the menu on the left-hand side.
- Click the "+ Add cookie / tracker" button.
- Enter the relevant information.
- Click the "Save changes" button in the upper right corner to create the self-declared cookie.
What information do I need?
The exact cookie information is not something we can provide for you, but you can ask your web designer or the designer of the script.
The cookie name can always be found by checking the cookies via the browser console.
The first found URL is where a website user would first be able to encounter this cookie. This can for example be the homepage of your website or any other path.
The domain path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain. If set to '/sub/', the cookie will only be available within the /sub/ directory and all sub-directories such as /sub/home/ of domain.
The value is not always needed, but is used for cookies that can create a different value per session. The cookie name can always be found by checking the cookies via the browser console.
The categorization depends on the cookie purpose:
Necessary: scripts that are needed to guarantee website functionality.
For example; a cookie enabling shopping basket functionality on an e-commerce website which is necessary for the service requested by the user (= being able to add products to the basket and buy them).
Preferences: setting user choices to navigate the website.
For example; scripts that remember whether a user has seen a popup with a discount code. These are not strictly needed for the website to work, but can make the flow easier for a user.
Statistics: used for analytical purposes
For example; Google Analytics cookies.
Marketing: used for targeting the user with (personalized) adds
For example; the Facebook pixel can be used to show specific ads to certain users.
The secure attribute is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure attribute is to prevent cookies from being observed by unauthorized parties due to the transmission of the cookie in clear text. To accomplish this goal, browsers which support the secure attribute will only send cookies with the secure attribute when the request is going to a HTTPS page. Said in another way, the browser will not send a cookie with the secure attribute set over an unencrypted HTTP request. By setting the secure attribute, the browser will prevent the transmission of a cookie over an unencrypted channel.
HttpOnly attribute. You always need to enter an expiry date, as this is necessary information and this should also be visible from the browser console > application when looking up the cookie.
The cookie type can be either one of the following:
- HTML5 Local storage
- Flash Local Shared Object
- Silverlight Isolated Storage
- Pixel tags
- Ultrasound beacons
Will manually added cookies be blocked automatically?
No, these cookies will not get blocked automatically. Since the scanner doesn’t pick up on the cookie, the auto blocker will have no instructions to prevent the cookie from being set. You can manually mark up the scripts with
type="text/plain" to prevent the resource from loading prior consent. See more info regarding the manual implementation and marking up cookie scripts in this guide, step 4: manual markup guide