Cookie Management

While DataGrail Consent prioritizes script or service blocking, you can use DataGrail Consent to manage first-party cookies that store data subject data within the browser, which can be necessary for your company to comply with various industry regulations. For more best practices on managing trackers vs. cookies, see this guide.

If a data subject opts out of a category that matches the rules published on your website, the cookie will be blocked and deleted from your visitors' browsers, in accordance with regulatory policies and frameworks.

First vs. Third Party Cookies

DataGrail can only retrieve and manage cookies that are "first-party" or deployed to your website via scripts that are running on your website. Third-party cookies, or those that have an origin outside of your domain, are impossible to block due to browser security mechanisms. Instead, you should manage the scripts that deploy these cookies directly.

Cookie Scanner

DataGrail Consent includes scanning and auto-classification features to identify and categorize first-party cookies stored on your users' websites.

How it Works

When DataGrail is deployed, every time a user visits your site, the cookies set in the browser (via document.cookie) are sent to DataGrail and added as unmanaged cookies.

Enabling The Cookie Scanner

When you first view the cookies tab in DataGrail Consent, you'll notice there are no rules defined, so no cookies are managed. If you already know the rules you want to define (in the case of migrating from another vendor), you can start adding them within the managed tab.

1. Navigate to Plugins in the Consent Settings page.
2. Toggle the Manage Cookies plugin to on. By selecting this option and publishing our updates, you grant DataGrail permission to deploy our scanning technology and begin cookie sampling from any sites connected to this container.

Scan Results

Since the Cookie Scanner relies on real traffic to your website, it may take a few hours to start seeing scanned cookies populate within DataGrail.

Interpreting Results

Once enabled, you will start seeing results reported to DataGrail in a few minutes within the unmanaged table in the cookies tab:

This table shows all cookies identified by the browser for visitors experiencing your websites. You can use this report to inform the creation of rules that match one or a subset of the cookies visible in the unmanaged tab.

If you want to make a new rule based on a cookie observation, you can select the row entry in the unmanaged tab. If we have a suggested rule, we will prepopulate this for you in the subsequent dialog box.

Where is this cookie coming from?

Most reported cookies should use an identifiable name and have a clear relationship to a service or script deployed on your site. While you should always confirm with your development team, if you are unfamiliar with a cookie, the following tools can help with classification:

• Large Language Models (ChatGPT, Claude/Anthropic): You can ask these tools for help with identifying cookies and even giving you a classification suggestion:
• Online Databases (cookiedatabase.org, cookiesearch.org, etc): These are aggregated, open use tools to search for cookies and retrieve information about cookies in a wiki-like format.

If it's still unclear where the cookie is coming from, it may be a false positive. This means that while it was detected by the scanner, it's likely not being set by your site. It's possible for browser extensions and other local tooling to inject cookies on to the page. In this case, the cookie is out of scope for management by your organization.

Use the Total Observed and Date Observed columns to understand if the cookie is being set consistently. If the cookie was last seen a few weeks ago and has very few occurrences relative to your other cookies, it's likely not being set by your site.

Rule Management

By default, DataGrail will suggest rules that you can use to quickly manage cookies on your websites.

Rule suggestions are based on our models and aggregation of our sampling data, and will continue to improve over time. You can quickly accept these suggestions using the bulk select tool.

Adding Cookie Rules

You can manually add cookie rules to manage specific cookies on your websites. Cookie rules use match criteria to identify which cookies should be blocked and deleted from your visitors' browsers based on their consent preferences.

Follow these steps to add a cookie rule:

1. Navigate to the Unmanaged or Rules tab of the Cookies page.

2. Select Add Rule.

3. Enter the Match Criteria. This is the formula that DataGrail will use to match against the specific cookies that should be blocked and deleted within a data subject's browser storage. You can use wildcard patterns to create flexible rules that match multiple cookies:

   Pattern	Matches	Position	Example
   *	Any characters	End only	datagrail* matches datagrail_session, datagrail_analytics
   {d}	Digit sequences (0-9)	Any	user_{d}_session matches user_12345_session, user_9876_session
   {h}	Hexadecimal sequences (0-9, a-f, A-F)	Any	token_{h} matches token_a1b2c3, token_9f8e7d
   {w}	Alphanumeric sequences	Any	{w}_tracking_{d} matches abc_tracking_123, xyz_tracking_456

4. Enter an internal-only Name, Category, Vendor (optional), Vendor Privacy Policy Link (optional), and Description (optional) for the cookie.

5. Configure Cookie Retention settings:

   • Time: Specify the time period after which this cookie should be deleted by the browser and no longer sent. 400 days by default.
   • Session: Cookie will be deleted by the browser when the current session ends.

6. Select Add Rule.

7. Publish your changes.

After you add the rule, cookies that match this rule become managed and will appear in the Rules tab. If you're using the cookie scanner, you'll see the count of unmanaged cookies reduced by the number of cookies now managed by this rule.

Best Practice

Ideally, you should have no (0) unmanaged cookies. It is best practice to create rules and set them to the essential or uncategorized options so that you have a complete inventory of cookies that are managed by DataGrail, even though the Data Subject visiting your site will not be able to remove them from their browser as a result of their consent preferences.

Unmanaged Cookie Handling

Unmanaged cookies are first-party cookies detected on your site that don't match any of your defined cookie rules. DataGrail allows you to configure default behavior for these unmanaged cookies, ensuring compliance even for cookies you haven't explicitly categorized.

You can configure unmanaged cookie handling at either the global level (applies to all consent containers) or container level (unique settings per container).

Navigate to the uncategorized cookies rule under Consent Management, Cookies, and Rules to manage these settings.

Behavior Options

Choose how unmanaged cookies should be handled:

Behavior	Description	When to Use
Allow All	Load all unmanaged cookies without requiring consent (default)	You have minimal cookie activity or want to gradually implement cookie management
Categorize	Assign unmanaged cookies to a specific consent category and require consent	You want to manage all cookies but need time to create individual rules
Block All	Block all unmanaged cookies from loading	You have strict compliance requirements and want to ensure no uncategorized cookies load

Global vs. Container-Managed Mode

You can configure unmanaged cookie handling in two different modes:

• Global Mode: A single setting applies to all consent containers on your account. Use this mode when you have a single website or consistent requirements across all sites.
• Container-Managed Mode: Each container can have its own unmanaged cookie handling settings. Use this mode when you manage multiple websites with different legal requirements (for example, strict EU rules vs. more lenient US rules).

Mode Transitions

When you switch from Global Mode to Container-Managed Mode, DataGrail automatically copies your current global settings to all managed containers. When you switch back to Global Mode, all container-specific settings are cleared and the global setting takes effect.

Configuring Container-Specific Settings

If you need different unmanaged cookie handling for different websites, follow these steps:

1. Edit the uncategorized cookies rule and select Manage by container and save changes.
2. Navigate to Settings and Containers
3. For each container, choose the appropriate Default Unmanaged Cookie Handling behavior and Consent Category (if using Categorize).
4. Select Save.
5. Publish your changes.

Frequently Asked Questions

Why a cookie name a number or anonymized string?

The cookie scanner leverages information from the browser. Some privacy-centric browsers may anonymize or obfuscate cookie names, which can be pulled in to DataGrail.