How to check the web implementation of a consent notice?

This guide will help you undertake some of the necessary checks to make sure your consent notice and setup are working as expected.

Open your Google Chrome, Firefox (or your favorite browser), and open a new “incognito” window for every part of the test

✅ The behavior of the consent notice and interface


  • Is the text appearing smoothly and is readable?
  • Are the buttons working well? 
  • Are there any graphic bugs?
  • Make sure that the link to edit consent choices is present on the footer of your website (on all pages) or in the privacy policy section. 
  • In case you're using IAB TCF standards, do IAB vendors appear in the vendors' view with their logo?

    Nouvelle note.jpeg

  • Access the console of your web browser with a right-click.

✅ Deposit of cookies before consent is given

  • Go in the "Application" (Chrome) or "Storage" (Firefox) section of the browser console, on the top right.
  • Then, after clicking in the cookies section (on the left menu), check if there are only required cookies that are being displayed.
  • You’ll usually find one of Didomi’s cookies:

didomi_token cookie appears before the user makes a consent choice on the banner.


📕 The didomi_token cookie is exempt from consent because it is used to collect consent. 

✅ When consent is given for all purposes and vendors


  • When I accept all the purposes and vendors, do more cookies appear?
    🎉 If it is the case, that's a good sign!
  • Another cookie from Didomi called euconsent-v2 should be displayed after the user has made a choice (this cookie contains the IAB TCF consent string).

    3. Cliquer sur _accepter_ et vérifier les cookies qui se déposent.gif

✅ When I refuse all purposes and vendors

  • When I deny all the purposes, do more cookies appear?
    🎉 If not, that's also a good sign! 

    📰 Feel free to have a look on our technical documentation that will help you check the way you need to block the firing of your tags in case consent hasn't been given.

✅ Changes in the users' choices 

  • Randomly select some "agree" and "disagree" options on the preferences view of the banner and then save your choices.

    Nouvelle note.jpeg

  • Re-open the banner from the link that allows users to modify their consent on the consent notice. You'll usually find it on the homepage's footer or in the Privacy policy section. 
    📰 Here's the technical documentation to add this link.
  • Make sure everything you've chosen remains unchanged.

⚠️ The new CNIL (French DPA) guidelines say the cookies need to disappear (not be visible on the browser) when they have been accepted first, and then denied. Here's the article that will help delete these cookies

Before, if you had accepted everything (vendors & purposes) and then denied some or all of them, you could still see the cookies on your console to keep track of what had been accepted at some point. Even though visible, they would not process anything!

✅ Checking vendors requests sent 

  • We'll be detailing how to check your ads' requests and vendors' requests, and if they contain the proper consent information (whether the GDPR should apply or not, and the consent string).

"The user has not given his consent to one of the purposes linked to a vendor [...]. On the contrary, he browsed through the list of vendors and said yes to this particular vendor. [...] We will send a "false" status to the vendor." As one of the purposes  linked to the vendor was declined by the user, the tag cannot be triggered. Check this article and the third schema in particular to understand the mechanism.

Check the network calls 

Check the network calls once consent is given by the user

 

Click once again on "Inspect" and go to the "Network" section at the top of the console.

  • Accept all vendors & purposes on the consent notice and have a look on the network calls in the "JS" (Javascript) section. These requests are usually sent in javascript.

By clicking on a network call, you can get further information. You can see on the screenshot a call coming from Google Analytics.

Check if there are any more network calls once consent is denied 

  • Change your choices on the banner (homepage's footer or Privacy policy section) of the website, refuse all vendors & purposes and save. 
  • You'll observe that network calls left are all linked with Didomi's, cookies that you've categorized as necessary and specific cookies essential for your website. You can have all details by clicking on the name of the call on the left-hand side of the console.

Check if network calls contain the consent string

  • Go on the "Application" section of the browser console to check the consent string for IAB vendors only. 
  • Click on "Cookies" on the left and then, on "euconsent-v2" for example. 
    To show you an exemple, here is an extract from a consent string. The consent string is unique though.

and click on "Parse".

🎉 You'll then get the info about the consent string applied, to know the consent status of an ad tech vendor.

💡 If you have any doubt, feel free to reach out to your Customer Success Manager with the results you've got!