Incredibly powerful cookie consent plugin built specifically
for Webflow

Finsweet Cookie Consent gives you the tools you need to fully comply with privacy laws.

• Scripts that issue cookies are not loaded on a page until a visitor accepts cookies
• Visitors are clearly presented with a link to the privacy policy
• Visitors are clearly given the option to accept or deny cookies
• Visitors are clearly given the option to accept or deny cookies by category
• Visitors are clearly given the option to access and change their consent selection after their original selection
• You have the option to store cookie consent selections on a server

'Informational message', or 'implied disclosure', is a type of cookie compliance that informs users that cookies will be used on the site. The user does not have the option to accept or deny the cookies. The user only has the option to close the cookie bar. The bar is simply informing the user of the use of cookies on the website.

This is the most simple option to implement. It requires the least amount of steps when building a cookie bar. Understand that the user does not have access to turn on and off cookies using the 'informational message' option. The preference manager does not work with this option, as there are no cookies or preferences to manage.

'Opt-out of cookies' is a type of cookie compliance that loads cookies by default on the user's first visit to the site. The user then has the option to continue browsing the site with the cookies or deny cookies.

If the user chooses the option to continue browsing with cookies, nothing happens. The user continues to use cookies.

If the user chooses to deny cookies, we remove the cookies from their browser. We allow them to continue browsing the site and disable all use of scripts that issue non-essential cookies.

Important: Option 2 requires using <text-tag>type="fs-cc"<text-tag> on your scripts that issue cookies.

Option 2 has the same implementation steps as Option 3. The key difference between Option 2 and Option 3 is when the cookies are given to the user. Option 2 gives cookies on load. Option 3 gives cookies on the user's acceptance.

'Opt-in to cookies' is a type of cookie compliance that requires the user to specifically accept the use of cookies on the site before we issue cookies. There are no cookies given to the user until they click "Accept" (or a similar confirmation button). This is the highest level of compliance.

If the user chooses to <text-tag>"Accept"<text-tag> cookies, we run all of the scripts that use cookies. The user continues to use the site with cookies. Understand that scripts that use cookies are not loaded on the page until the user specifically accepts the cookie message.

If the user chooses to <text-tag>"Deny"<text-tag> cookies, we allow them to continue browsing the site and disable all use of scripts that issue non-essential cookies.

They are never given cookies and will continue to not get cookies throughout their time on your website.
‍

Be aware: Choosing Option 3 will not report accurate website visitor information. If a user visits your website and chooses to "Deny" cookies, Google Analytics (and other user tracking scripts) will not be loaded to the page. This user would not count as a visitor on your website.

Important: Option 3 requires using <text-tag>type="fs-cc"<text-tag> on your scripts that issue cookies. See the How it works section for more information.

Option 3 has the same implementation steps as Option 2. The key difference between Option 2 and Option 3 is when the cookies are given to the user. Option 2 gives cookies on load. Option 3 gives cookies on the user's acceptance.

‍

This depends on your location, website, users, and how much you or your client is concerned with cookie compliance.

Many websites use Option 1. This requires basic compliance.

Companies concerned about EU Cookie Law, CCPA, GDPR and other privacy laws often choose Option 2 or 3. This gives an additional layer of protection to privacy laws by allowing the user to opt-out of cookie use.

If you or your client want the highest level of compliance, Option 3 + Preference Manager is the highest level of compliance.

If you are unsure, please consult a legal professional.

To be fully compliant with cookie consult laws, yes.

In Option 1, you can not use the Preference Manager. There are no preferences stored and nothing for the user to change. Therefore, there is no need for a Preference Manager.

In Option 2 or 3, you can use the Preference Manager to allow the user to change their cookie preference selections. If a user selects <text-tag>"Accept"<text-tag> or <text-tag>"Deny"<text-tag> in the initial cookie bar message, they can later change their selected option. The ability for the user to change their cookie preferences is required to be fully cookie consent compliant.

Additionally, you can give the user the options to turn on or turn off marketing, personalization, and analytics-based cookies. This gives your users a further layer of cookie preference control.

Essential cookies

These items are required to enable basic website functionality.

Examples of essential cookies:

• The cookie we give the user to remember their cookie preferences

‍

Marketing cookies

These items are used to deliver advertising that is more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the website operator’s permission.
‍
Examples of marketing cookies:

• Facebook
• Twitter

‍

Personalization cookies

These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features. For example, a website may provide you with local weather reports or traffic news by storing data about your current location.

Examples of personalization cookies:

• Weglot

‍

Analytics cookies

These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues. This storage type usually doesn’t collect information that identifies a visitor.

Examples of analytics cookies:

• Google Analytics

By preventing the scripts from running on page load (by setting the <text-tag>type="fs-cc"<text-tag> attribute to them), we can have control over them and choose when should they run.

The FsCC library lets you set up different components where the users can accept, deny or granularly choose what categories of scripts they allow to run.

• First, the library checks if the visitor is a Bot or a user with DoNotTrack settings to prevent displaying the components to them.
• When loaded, the library looks for all the scripts that are set to <text-tag>type="fs-cc"<text-tag> and stores them by category.
• It checks if the user has previously confirmed his consent. If so, it pulls the consent from the user's cookies and runs the scripts that are allowed by switching their type to <text-tag>type="text/javascript"<text-tag>. The state of all the scripts is tracked to avoid running them more than once.
• If the user hasn't confirmed his consent in the past, the library displays the Banner component, where the user can give his consent.
• Once the user gives his consents, the following actions happen:

• <trigger-bullet-1>The consents are stored in a cookie so we can retrieve them in the future. The max-age of this cookie can be modified.<trigger-bullet-1>
• The library runs the allowed scripts.
• A GTM event is pushed to the data layer for every accepted category (only once for each)
• A POST request is made to the API endpoint with the necessary information to store the record:

• <trigger-bullet-2>Unique Universal Identifier for the consent.<trigger-bullet-2>
• The performed action (allow all, deny all or submit choices).
• The consented categories.
• The text is displayed in the <text-tag>Banner<text-tag> component.
• The URL where the user is located and his device.

• The banner closes and the <text-tag>Manager<text-tag> component is displayed, allowing the users to open the <text-tag>Preferences<text-tag> component at any time.
• Every time the user makes any change about his consent, all the cookies of the site (except the <text-tag>HttpOnly<text-tag> ones) are removed before loading the correspondent scripts. Also, a new POST request is performed to the API.
• All components go through an accessibility check before being mounted, making sure Keyboard Navigation users can navigate through them and Screen Readers can identify them.
• All components have built-in animations for showing/hiding them, but custom Webflow Interactions can also be used.
• If <text-tag>debugMode<text-tag> is activated, every action, warning, and error that happens under the hood will be displayed as a floating card.
• When the mode is set to be <text-tag>informational<text-tag> or <text-tag>opt-out<text-tag>, all consents are allowed by default, thus the scripts will always run unless the user denies them.
• The library provides a Javascript API with methods and events that allow developers to extend its functionalities.

The short answer, no.

The explanation: Most of the other cookie consent solutions force to load their script in the <head> before any other script on the page has run. This is done so they can programmatically block the correspondent scripts if needed. This increments the loading speed of the pages because loading their cookie consent blocks the main thread and does not let the rest of the page render.

Our solution is imported with an async attribute and is loaded in the background without blocking the page rendering. Because we ask the users to set the <text-tag>type="fs-cc"<text-tag> to the scripts, we don't need our solution to strictly run before those. By doing this, our solution is more performance-friendly than other cookie consent solutions.

Webflow Forms are not GDPR compliant because they process data on US-based servers.

Check out free/paid services of cookie consent leaders, Iubenda

https://www.iubenda.com/en/consent-solution

According to the GDPR, organizations must provide people with a privacy notice that is:

• In a concise, transparent, intelligible, and easily accessible form
• Written in clear and plain language, particularly for any information addressed specifically to a child
• Delivered in a timely manner
• Provided free of charge

‍

If an organization is collecting information from an individual directly, it must include the following information in its privacy notice:

• The identity and contact details of the organization, its representative, and its Data Protection Officer
• The purpose of the organization to process an users personal data and its legal basis
• The legitimate interests of the organization (or third party, where applicable)
• Any recipient or categories of recipients of an individual’s data
• The details regarding any transfer of personal data to a third country and the safeguards taken
• The retention period or criteria used to determine the retention period of the data
• The existence of each data subject’s rights
• The right to withdraw consent at any time (where relevant)
• The right to lodge a complaint with a supervisory authority
• Whether the provision of personal data is part of a statutory or contractual requirement or obligation and the possible consequences of failing to provide the personal data
• The existence of an automated decision-making system, including profiling, and information about how this system has been set up, the significance, and the consequences

‍

Get a free downloadable template for a GDPR compliant Privacy Policy.

Vlad Magdalin, CEO of Webflow, explains this here:

‍https://forum.webflow.com/t/how-webflow-handles-visitor-traffic-and-form-submissions-for-published-websites/59713

This will prevent the scripts from loading when a user visits your website. This is required for cookie compliance. A user must explicitly allow or accept cookie usage before we load scripts that issue cookies. Adding a custom type value (fs-cc) will prevent the script from loading because the browser will not recognize it as javascript.

Finsweet Cookie Consent for Webflow will programmatically run the script, or prevent the script from running, based on the user's cookie consent preferences.

‍

No! The <text-tag><noscript><text-tag> tags are specifically designed to run when a user has Javascript disabled on the browser. This means that Finsweet Cookie Consent, or any javascript-based cookie consent solution, cannot interact with noscript tags. Since we can not prevent them from running, they are no GDPR compliant.

To be fully compliant, remove all <text-tag><noscript><text-tag> tags included in your third-party scripts. For example, the <text-tag><noscript><text-tag> tag in the Facebook Pixel must be removed.