Common mistakes in cookie banners
A cookie banner can look correct on the surface, but still fall short in practice.
The most common problem is not that the banner is missing. It is that the banner, consent, cookie list and website scripts do not work together.
Here are some common mistakes to check for.
Scripts run before consent
A common mistake is that scripts that require consent run before the visitor has made a choice.
This may, for example, apply to scripts for functional cookies, statistics or marketing. If the script sets cookies or is used for a purpose that requires consent, the website should wait for the visitor’s choice before the script is loaded.
In other words, it is not enough to show a cookie banner. Script loading also needs to be conditioned against the right consent category.
All cookies are treated as necessary
Necessary cookies can normally be set without consent when they are needed to provide a service that the visitor has explicitly requested. The website owner still needs to inform the visitor that such cookies are being set.
A common mistake is that functional cookies, statistics or marketing are treated as necessary.
Not everything that is useful for the website owner is necessary for the visitor.
The categories are only used in the text
Categories do not only need to be described in the cookie banner. They also need to be used in the implementation.
If a script is used for marketing, it should not only be listed under marketing in the cookie list. The script also needs to be conditioned against consent for marketing.
Otherwise, there is a risk that the visitor receives correct information, but that the website still does not follow the choice in practice.
The visitor is not given a clear choice
The visitor should be able to understand the options and make a conscious choice.
A common problem is that it is very easy to accept all cookies, but harder to reject them or make more detailed settings. This can make the choice unclear and reduce both the user experience and trust in the website.
A good cookie dialog should be clear, accessible and easy to use. It should be easy to understand what the different choices mean.
Consent cannot be changed
The visitor should be able to change or withdraw consent.
That is why the cookie dialog should be possible to open again, for example through a clear link in the footer. If the visitor changes their choice, the website needs to adapt to the new choice as far as technically possible.
It is not enough to only collect consent the first time the visitor visits the website.
The cookie list is not up to date
A cookie list needs to reflect the cookies that the website actually uses.
New cookies may be added when the website changes. This can happen through new forms, campaigns, embedded services, plugins, analytics tools, marketing tools or third-party scripts.
If the cookie list is not followed up over time, the information shown to the visitor may become outdated.
Consent is only stored locally
Many cookie banners store the visitor’s choice in the browser. This can help the website remember the choice and decide which scripts may be loaded.
But a locally stored choice is not the same thing as documentation of consent.
When consent is used, the website owner needs to be able to show that consent has been given. This means it needs to be possible to follow up which consent was given, when it was given and which information applied at the time.
Google Consent Mode is set too late
If the website uses Google Consent Mode, consent signals need to be sent in the right order.
A common mistake is that Google tags run before the correct consent defaults have been set. This can cause Google Analytics, Google Ads or other Google tags to receive the wrong signals when the page loads.
The cookie banner therefore does not only need to collect consent. It also needs to work together with tag management.
Third-party services are added without follow-up
Many websites change continuously. New services may be added by marketing teams, developers, agencies or editors.
This can include video, chat, analytics, forms, A/B testing, advertising or embedded content.
Each new service can affect which cookies are set and what consent is required. That is why there needs to be a routine for following up changes.
Withdrawal is not handled in practice
When the visitor withdraws consent, the website needs to respect the new choice.
In practice, this mainly means stopping future scripts and processing that require consent. Cookies that the website can delete should be deleted where technically possible.
Third-party cookies cannot always be deleted by the website. The visitor therefore needs clear information about how such cookies can be removed in the browser.
Summary
Common mistakes in cookie banners often concern the connection between information, consent and technology.
It is not enough for the banner to be shown. The website owner also needs to make sure that:
- the visitor is informed about necessary cookies
- functional cookies, statistics and marketing wait for consent
- scripts are conditioned against the right consent category
- the visitor can reject, change and withdraw their choice
- the cookie list is kept up to date
- consent can be documented and shown afterwards
- new cookies and third-party services are followed up over time
A good cookie banner helps the visitor make a clear choice. A working cookie solution makes sure that the website actually respects that choice.
More about how to avoid common issues
Do you need help reviewing your cookie banner?
CookieTractor helps you handle the cookie dialog, consent, cookie list, documentation and follow-up.
If you are unsure whether your current solution is enough for the requirements you need to consider in the EU or EEA, we can help you review how cookies, consent and scripts work on your website.
Feel free to contact us at info@cookietractor.com.