This guide will help you undertake some of the necessary checks to make sure your consent notice interface and setup are working as expected.
Use Google Chrome (or your favorite browser) as your web browser and open a new incognito window for each step of the test.
✅1. Check the notice behavior
a) Does the text appear as expected?
b) Do the buttons work well?
c) Are there any graphical bugs?
d) Is the banner translated into all selected languages? (Check the enabled languages option in your Consent Notice)
e) Make sure the link to modify your consent choices is present in the footer of your home page or in the privacy policy section.
f) If you use our IAB TCF integration, do the names of IAB partners appear with their logo in the partner view?
-
Access your browser console by right-clicking.
✅ 2. Check that no cookies are dropped before consent is given
-
Go to the Application (Chrome) or Storage (Firefox) section of your browser console
-
Click on the Cookies section on the left
-
Check if only necessary cookies (exempt from consent) are displayed. You should find a Didomi cookie that appears before the user makes a choice whatever it is on the banner:
didomi_token
.📕 The
didomi_token
cookie is exempt from consent because it is used to collect consent.
✅ A. When consent is given for all purposes and vendors
-
When I accept all purposes, do more cookies appear?
🎉 If so, everything is fine! -
Another Didomi cookie called
euconsent-v2
should appear if there is a choice from the user (it contains consent information for IAB vendors and purposes - even if you do not use the IAB integration).
✅B) When all purposes and vendors are refused
-
When I refuse everything, do more cookies appear?
🎉 If not, everything is fine!
📰 Do not hesitate to take a look at this documentation which will guide you to block tags.
✅ C) Editing your choices
- Randomly tap Decline and Accept in the Banner Purposes view, then save.
- Reopen the banner via the link which allows you to modify your choices: it is present in the footer of your website or in the link dedicated to the confidentiality policy.
📰 Here is the documentation technique to do so. - Make sure whatever you chose remains intact on the selected buttons.
⚠️ The CNIL now requires that cookies no longer appear on the browser console when they have been first accepted, then refused. Here is the article that will allow you to delete these cookies!
Before, if you agreed to all (vendors and purposes) and then refused some (or all), you could still see the cookies on your console to keep track of what was accepted at any given time. Although visible, they were no longer processing data (they were no longer read)!
✅ Check the vendor requests sent
- We will detail how to check your advertising and vendor requests, and whether they contain the correct consent information (whether the GDPR applies or not, and the consent string).
"The user has not given his consent to one of the purposes proposed by the vendor. However, he has said yes to the vendor associated with this purpose." We will send a "decline" status to the vendor. As one of the purposes linked to the partner has been declined by the user, the tag cannot be deployed. This article and the third diagram in particular will help you understand the mechanism.
Check network calls
Check network calls when user consent is given
- Click Inspect again.
- Go to the Network section at the top left of your console.
- Accept all partners & purposes on the consent banner, then see the network calls in the "JS" (Javascript) section. Queries are often made in Javascript.
- Click on a network call to get more information about it.
- You can see in the screenshot below a Google Analytics network call.
Check network calls when the Internet user's consent is not given
- Change your choices on the consent banner (footer of your home page or in the privacy policy section).
- Refuse all partners and purposes.
- Save.
- You will observe that the remaining network calls are linked to Didomi, to cookies exempt from consent or to cookies specific and essential to your website. You can access details about each network call by clicking on their name on the left of the console.
Check if network calls contain the consent string
- Go to the Application section on the browser console which will allow you to check the consent string of the IAB vendors.
- Click on Cookies on the left.
- Click on euconsent-v2 for example.
Below is an example of a consent string snippet. However, the consent string is specific to each person! - Copy and paste the consent string and go to https://iabtcf.com/#/decode
- Copy the consent string
🎉 You now have access to consent string information to identify the consent status of a vendor.
💡 If you have any doubts about this verification, do not hesitate to contact your Account Manager.