Skip to main content
Table of contents

Cookies

Cookie consent on GOV.UK

This is technical documentation for the GOV.UK team in the Government Digital Service (GDS).

Overview

(On 2 July 2019 the ICO clarified their position on cookie consent. As and when any changes are made to GOV.UK this guidance will be updated)

GOV.UK sets 4 types of cookies: essential (also called “strictly necessary”); website usage; communications and marketing; settings. These are detailed on the cookie settings page on GOV.UK.

Cookies are set from the first point of entry on GOV.UK and users can manage their consent via the banner or cookie settings page. “Strictly necessary” cookies cannot be switched off by users as they’re essential to site functionality.

Cookie consent is set to last for 1 year, after which the consent cookie will expire and users will be shown the cookie banner and prompted for consent again.

The cookie consent mechanism is made up of 4 main pieces:

When a user first lands on GOV.UK, they are given a default consent cookie that looks like this:

cookie_policy={"essential":true,"settings":true,"usage":true,"campaigns":true}

This cookie_policy cookie is the key to the GOV.UK cookie consent mechanism. If any of these values read as false, cookies of that type will be denied.

For example, the below cookie will result in Google Analytics tracking being disabled for that user:

cookie_policy={"essential":true,"settings":true,"usage":false,"campaigns":true}

If the user clicks “Accept cookies” within the cookie banner or changes their cookie settings on the settings page, they get an additional cookie that ensures they don’t see the cookie banner again:

seen_cookie_message=true

Special Cases

AB Tests

AB Test cookies are set by Fastly. These cookies are categorised as strictly necessary because they provide users with a consistent experience between visits to GOV.UK. If the categorisation of these cookies was to change in the future, this would require additional implementation of cookie consent within Fastly.

Google Analytics

GOV.UK uses Google Analytics to track user journeys.

Unlike other cookies on GOV.UK, Google Analytics (GA) cookies are not set using our cookie helpers. GA cookies are automatically initialised on page load, within Static. Therefore, as well as deleting the GA cookies, we also need to wrap the initialisation of GOVUK.Analytics to ensure the cookies are not recreated.

We also set the following property to disable tracking:

window['ga-disable-UA-26179049-1'] = true;`

This is the recommended approach by Google for user opt-out of tracking.

Youtube

Some pages on GOV.UK contain embedded Youtube videos. On these pages, Youtube sets third-party cookies which we are unable to delete.

If a user does not consent to campaign cookies, we swap the embedded video for a link to the video on Youtube. This means that Youtube does not set any third-party cookies because the video is no longer embedded.

No Javascript

If Javascript is turned off the “accept” button is removed from the banner and the cookie settings form is removed and a message shown instead.

If your cookie is set using Javascript:

  1. Decide which category the cookie falls into
  2. Add the cookie to the list of known cookies
  3. When reading and setting the cookie, make sure you use the cookie helper functions within govuk_publishing_components, e.g:

    window.GOVUK.cookie(‘please set this cookie’, ‘to this value’)

    window.GOVUK.cookie(‘please fetch this cookie’)

Regardless of how your cookie is set, you need to update the cookie details page to list the new cookie. A content designer should be able to help with that.

Changing a cookie’s category

If your cookie is set using Javascript:

  1. Decide which category the cookie falls into
  2. Change the category the cookie is associated with, in the list of known cookies

Regardless of how your cookie is set, you need to do the following:

  • update the cookie details page to list the cookie under the correct section. A content designer should be able to help with that.
  • Update the category descriptions on the cookie settings page if they are no longer correct
  • Reset the banner for all users. Otherwise the consent cookie will stay as the old value reflecting the user’s previous decision, which could change given the new category.
  • Add the new cookie category to the Cookie settings page in Frontend GitHub repo
  • Add the new cookie category to the Cookie details page using Publisher.
  • Add to the default consent cookie
  • Add to ‘approve all’ consent cookie function
  • Add relevant cookies within the list of known cookies
  • Reset the banner for all users. Otherwise the consent cookie will stay as the old value (without the new category) for people who already have the consent cookie, so setting cookies of that new type will fail for those users
  • Remove the cookie category from Cookie settings page in Frontend GitHub repo
  • Remove the cookie category from Cookie details page using Publisher. Delete cookies or move to another relevant category
  • Remove the cookie category from default consent cookie
  • Remove the cookie category from ‘approve all consent cookie’ function
  • Remove cookies from known list OR move to another relevant category
This page was last reviewed on 28 June 2019. It needs to be reviewed again on 28 December 2019 by the page owner #govuk-developers .
This page was set to be reviewed before 28 December 2019 by the page owner #govuk-developers. This might mean the content is out of date.