Toggle menu

Cookie Policy Template and Banner

To help your websites comply with relevant privacy and data protection legislation, our site frameworks implement a standard cookie consent prompt. The prompt is supported by all of our website themes, and allows you to explain the cookies that your site uses, and for site visitors to opt-in to the cookies that get set.

See Cookies Set by GOSS Sites and Products for a list of the cookies our sites set.

Content of the prompt is taken from an article using the Cookie Policy template. This article is picked in your subsite configuration and users can visit the article directly to change their preferences.

The cookie prompt operates in two modes, a compact Banner and extended Dialog.

Note that you should only create one article using this template per subsite.

Dialog (extended) Behaviour

Cookie Dialog

In this mode, when someone visits your website for the first time, the cookie consent prompt is displayed and the rest of the page cannot be interacted with. No cookies are set until the user accepts or rejects cookies, at which point the dialog closes, a cookie is set to record their preferences, and the site can be browsed as normal.

Dismissing the Dialog

The dialog closes when a user either accepts or rejects all cookies, or makes category choices then presses the save button. The text of these buttons is set in the article extras.

Once dismissed a prompt remains visible on the page:

The closed cookie banner

Opening the banner and updating consent will add or remove cookies to reflect the user's new preferences.

Banner (compact) Behaviour

Cookie Banner

In this mode a banner is displayed at the top of the page. Users are free to ignore it and use the site as normal. No cookies are set until the user accepts or rejects cookies, at which point the banner closes and a cookie is set to record their preferences.

The link to "Set cookie preferences" takes the user to the Cookie Policy article. In this mode we recommend putting a link to the Cookie Policy article in one of site menus, in either the header or footer, so that it can be accessed on every page.

Common Behaviour

In both modes users have the option to accept or reject all cookies, or to allow certain categories of cookie, based upon the options you have configured in the article extras.

By default cookies expire after 90 days. You can change this in the Cookie Policy article extras. Once this time has elapsed a user will have to set their preferences again.

Title and Description

The consent prompt title is set in the article extras. The default is "This website uses cookies". You can add text beneath the title using the "Consent prompt" text block.

Accept All/Reject Additional

These buttons will either accept all or reject additional cookies that are not deemed necessary. The banner will then close and the user can browse your site. You can set the text for these buttons in the article extras.

Both options set a cookie, called gi_consent_saved, which is used to record the user's preference.

Necessary Cookies

Some cookies are necessary because they are needed to provide a service. Without these cookies parts of the website would not work. ICO Cookie Guidance (opens new window) gives the examples of security, shopping baskets, and cookies that help deliver data protection law. Necessary cookies set by our sites include the cookie set by the cookie banner, and a cookie set when someone logs into your site.

The title of this section is set in the article extras. Enter the text you would like to appear here in the "Necessary Summary" text block.

Cookie Categories

Rather than accepting or rejecting all non-necessary cookies, users can opt-in to different categories of cookie. The three categories are set up in your Cookie Policy article.

To enable a category, expand the relevant section in the article extras and choose "Include this category". You can set the title for each category and the text of the on/off buttons in the article extras. The text beneath a title is set in the corresponding article text block.

Analytics Cookies

Accepting analytics cookies sets the gi_consent_analytics cookie. Our frameworks check for the presence of this cookie, and if it is found allow analytics cookies to be set.

Our standard sites all support Google Analytics, so we have made changes to the standard analytics scripts used by the sites that will check for consent before setting cookies and sending data to Google Analytics. It's also possible to inject Google Analytics into pages using Google Tag Manager - the banner will block the Google Analytics tag type if a user has opted out of analytics cookies. For this to work make you'll need to add both the GA4 measurement ID and your Tag Manager ID in your Subsite Configuration.

Tag Manager itself isn't blocked by the banner so you should make sure that any tags you use don't set third party cookies.

Social Media Cookies

Accepting social media cookies sets the gi_consent_socialmedia cookie. The example below shows how your social media feeds added via script inlines will need to check for cookie consent. 

Advertising Cookies

Accepting social media cookies sets the gi_consent_advertising cookie. Advertising scripts will need to check consent before they are displayed.

Cookie Policy Article

When viewing the cookie policy article, the article heading, introductory text and article body are displayed in the same way as articles using the Default template. The text and buttons present in the banner are arranged in a table beneath the main article text.

Setting Up the Article

Create an article using the Cookie Policy template. You might like to add it to the menu that appears in your website footer. We recommend creating a Cookie Policy article for each of your subsites.

Complete the article extras and additional text blocks using the descriptions above as guidance. Remember that users will be able to view this article directly by following the cookie policy link in the banner.

Cookie Providers

If you enable the cookie category options in the article extras you must also set which third party providers should be controlled by each category by selecting them in the relevant list boxes.

The providers you can choose from are the most common ones currently in use by our sites. Each provider should only be assigned to a single category. The products we have developed that incorporate these providers into our sites will check these categories and whether a user has given consent for the use of cookies, before cookies are set.

Subsite Configuration

To enable the cookie banner select the Cookie Policy article using the "Cookie Policy" article picker in the subsite configuration. If you don't pick an article, the banner won't appear.

Article Extras

COOKIECONSENTDAYSNumber InputThe number of days after which the cookies set by the banner expire and users will have to reconfirm their consent
COOKIESETTINGSTITLEText InputThe title that appears at the top of the banner
COOKIESAVETEXTText InputThe text of the "save preferences" button
CONSENTSUPDATEDMESSAGEText InputThe message displayed when preferences are set
COOKIENECESSARYTITLEText InputThe title that appears above the "Necessary Summary" text block
Drop-downEnable the relevant cookie category panels
Text InputThe title of the panels that appears above the category text blocks
List BoxPick the third party providers that will be controlled by this category
Text InputThe "on" button
Text InputThe "off" button
CONSENTPROMPTTYPEDrop-downChoose the mode the prompt will use
CONSENTPROMPTTITLEText InputThe title to be displayed as part of the consent prompt
COOKIEACCEPTALLText InputThe text of the "accept all" button
COOKIEREJECTALLText InputThe text of the "reject all" button
COMPACTSETPREFERENCESTEXTText InputThe text of the 'set preferences' link displayed when the prompt type is set to 'Banner (compact)'
COMPACTCHANGEPREFERENCESTEXTText InputThe text of the 'change preferences' link displayed when the prompt type is set to 'Banner (compact)'
COOKIEOPENBANNERTEXTText InputOnce the dialog has closed this text appears on the button to reopen it
CONSENTPROMPTSAVEBUTTONTEXTText InputThe "save and close" button text

Script Inlines - Consent Checking Example

It is possible to embed third-party content into your site using script inlines. If you do this, you'll need to change your embed scripts so that they check for consent before setting cookies.

This example looks at how to do that with a Site Improve script.

Standard Script

The standard script provided by Site Improve looks like this:

    var sz = document.createElement('script');
    sz.type = 'text/javascript';
    sz.async = true;
    sz.src = '//[YOUR_ID].js';
    var s = document.getElementsByTagName('script')[0];
    s.parentNode.insertBefore(sz, s);

Checking for Consent

To convert this into a snippet that doesn't load unless the user has given consent, wrap it in our cookie policy OnConsentListener function:


The script above becomes:

    $(document).ready(function(){'Site Improve', function() {
            console.log('User has consented, so we can now load Site Improve');
            var sz = document.createElement('script');
            sz.type = 'text/javascript';
            sz.async = true;
            sz.src = '//[YOUR_ID].js';
            var s = document.getElementsByTagName('script')[0];
            s.parentNode.insertBefore(sz, s);

Last modified on 25 October 2023

Share this page

Facebook icon Twitter icon email icon


print icon