Cross-domain cookie consent sharing is used when you want to collect a user's Cookie Consent across multiple domains using a single cookie banner. This feature is useful when you redirect users to multiple websites or domains and helps to increase the user experience.
What Is Cross-Domain Cookie Consent?
One of the key components of data privacy is obtaining user consent for the collection and processing of users’ personal data. This is regulated by most privacy laws, including GDPR, CCPA, CNIL, UK's DPA 2018, and others: without Cookie Consent, websites can’t collect users’ personal data. The data privacy laws specify that every website user has a right to decide on what data they want to allow businesses to collect, use and share for their business operations.
The EU Cookie Law (ePrivacy Directive) requires you to use cookies and trackers on your website only if EU users have given their explicit consent for you to do so. Reveal cross-site cookies (cookies, set on different domains) and get Cookie Consent to use them. Keep in mind, that the user must have the possibility to revoke Cookie Consent at any time.
The easiest way to get Cookie Consent is through a Cookie Banner. A Cookie Banner usually is presented when the website user first visits the web page.
If you operate multiple websites from different domains or your website has several subdomains, cross-domain Cookie Consent sharing is a handy option. When you enable the functionality for cross-site cookies, users have to accept or reject cookies on related websites just once. Without cross-domain Cookie Consent, navigating from one domain to a different domain or website that also collects and processes their data, users will be prompted to provide consent again. This can be frustrating for users and decrease user experience. When cross-domain cookie consent is enabled, users, navigating from one domain to another, are not required to re-enter their consent preferences. Cross-domain cookie consent allows giving consent just once.
Cross-domain consent allows website owners to store cookie consent settings from a single user across multiple domains. Website visitors will only see a Cookie Banner on their first visit to a website and will not see the banner on subsequent visits to that site or other linked sites.
This means, if a user gives cookie consent for domain A, the same settings will be set for domain B as well, only showing the Cookie Consent banner once.
Cross-domain cookie consent is shared across different domains. For example, if a user visits a website of a hotel and later is redirected to www.booking.com, the user could be presented with just one Cookie Banner for both websites. Cookie consent, once selected by the user, will also be valid for both websites. It is a handy option for cross-site cookies and Cookie Banner sharing.
If the user agrees or rejects all cookies for one domain, all cookies will be respectively accepted or rejected for all other domains as well, where the cross-site consent is activated. If the user agrees only with lets say functionality cookies for one domain, just functionality cookies will be accepted for all other domains. Thus, keep this in mind when configuring your Cookie Banner for different websites.
Subdomain cookie consent could be activated too. For example, if the user consents for https://cookie-script.com/, the same cookie consent settings will be set for subdomain https://support.cookie-script.com/ and other subdomains.
Depending on the place of origin, there could be cross-site cookies and same-site cookies. Every cookie has an associated domain. If the cookie’s domain matches the website’s domain, such cookie is called a same-site cookie, or a first-party cookie. If the cookies’s domain differs from the website’s domain, such cookie is called a cross-site cookie, or a third-party cookie.
Read also about same-site cookies, the SameSite attribute, and how cookies are sent along with cross-site requests.
Is Cross-Domain Cookie Consent Allowed by privacy laws?
For most privacy laws, if several domains have identical set-ups of cookies and service providers, or the user gave consent to all cookies and other tracking technologies, present on all domains, cross-domain cookie consent could be used. If related but different domains have the identical set of cookies and other website trackers, cookie consent could be shared between these websites.
On the other hand, if the user gave cookie consent for a domain that uses just strictly necessary cookies, but another domain uses different functional and non-functional cookies, including Third-Party Cookies, cross-domain cookie consent is not allowed.
In order for the cross-domain cookie consent should be valid, you should use the same cookies or other tracking technologies on all websites in the group, where your cross-domain cookie consent is activated.
Conditions for Cross-Domain Cookie Consent Sharing from a User Side
Even if you group several websites to share cookie consent form different domains, it may not necessarily be activated. There are conditions that must be met from the user side for cross-site cookies:
- The user should accept Third-Party Cookies.
- The user should not activate “Do Not Track (DNT)” in their browser settings.
- The user should accept cookies in the “Preferences” category since the cross-domain cookie consent sharing local storage item is classified as a preference cookie.
How to Enable Cross-Domain Cookie Consent Sharing?
The easiest way to enable cross-site cookie consent sharing in a privacy laws-compliant way is to use a suitable Consent Management Platforms (CMP) that supports cross-domain consent and configures cookie consent settings appropriately. By using a CMP that supports cross-domain consent and working with partners to ensure compliance, businesses can build trust with their users and demonstrate their commitment to data privacy. Cross-domain consent is an important consideration for businesses that want to prioritize data privacy and ensure that they are providing a seamless user experience.
CookieScript CMP is one of the best on the market which ensures privacy laws compliance and has a wide range of functionality. CookieScript CMP has cross-domain cookie consent sharing functionality. CookieScript could display to users a common cookie banner for different websites and ask for their consent on their data collection and usage. It records user consent for proof of compliance and manages user consent across different websites and domains in a privacy laws-compliant way.
CookieScript CMP supports cross-domain cookie consent sharing and subdomain cookie consent sharing.
See the guide on:
However, even if you group several websites for common cross-domain cookie consent, it may not necessarily be activated.
Browser-related restrictions, related to Third-Party Cookies
Cross-domain cookie consent sharing will not work for some browsers that do not allow third-party cookies by default.
- Safari: Cross-domain cookie consent will not work with Safari, since the browser does not share third-party local cookie storage across different browser tabs.
- Mozilla Firefox: Cross-domain cookie consent will not work with Firefox, since the option to block cross-site cookies in all windows is set by default. When the option “Delete Cookies” is enabled, the feature will not work with Firefox as well, since the browser clears all cookies for every new tab automatically, which prevents saving consent.
- iOS browsers and iOS devices: Most Apple browsers use their built-in WebKit, the web browser engine, which automatically blocks Third-Party Cookies, so cross-domain cookie consent will not work with them as well.
Note that there is no workaround to circumvent these restrictions. It is a functionality of browsers aimed to protect users’ personal data.
Frequently Asked Questions
What is cross-domain cookie consent?
Cross-domain cookie consent allows website owners to store cookie consent settings from a single user across multiple domains. Website visitors will only see a Cookie Banner on their first visit to a website and will not see the banner on subsequent visits to that site or other linked sites. This increases user experience, if you operate multiple websites from different domains or if your website has several subdomains. Use CookieScript CMP to enable cross-domain cookie consent.
Is cross-domain cookie consent allowed by privacy laws?
For most privacy laws, if several domains have identical set-ups of cookies and service providers, or the user gave cookie consent to all cookies and other tracking technologies, present on all domains, cross-domain cookie consent is allowed. However, if domains use different functional and non-functional cookies, including Third-Party Cookies, cross-domain cookie consent is not allowed. CookieScript CMP allows setting cross-domain cookie consent.
How to set cross-site cookie consent?
CookieScript Consent Management Platform allows cross-site cookie consent sharing and subdomain cookie consent sharing. See the guides on how to enable cross-domain cookie consent sharing and how to activate consent sharing for subdomains.
Can cookies track users across domains?
Most online analytic tools use cookies to identify users. If a website uses cross-domain cookie consent sharing and users do not block this option by their browser settings, users could be tracked across domains. CookieScript CMP allows cross-domain cookie consent sharing and subdomain cookie consent sharing.
How do I fix a browser that blocks cross-domain cookies?
To enable cross-domain cookies, or cross-site cookies, change your browser settings to meet the following conditions: accept Third-Party Cookies, do not activate the “Do Not Track (DNT)” option, and accept cookies in the “Preferences” category. Use CookieScript CMP to set cross-domain cookie consent, or read the guides on how to change browser settings.
How do cookies track you across sites?
If cross-domain cookie consent is used by a website, it allows website owners to identify a single user, get cookie consent once, and store cookie consent settings from a single user across multiple domains. If cookies and other website trackers are the same for different domains, website users will only see a Cookie Banner on their first visit to a website and will not see the banner on subsequent visits to that site or other linked sites. Use CookieScript CMP to set cross-domain cookie consent.
Which browsers block cookies by default?
Safari, Mozilla Firefox, and iOS browsers and iOS devices block cookies by default. Settings of Safari and Firefox browsers are set to automatically block third-party cookies. Most Apple browsers use their built-in WebKit, the web browser engine, which automatically blocks Third-Party Cookies as well. Read the guides on how to change browser settings.