We recently updated the cookies Drip is setting on users’ websites, to make it easier for you to stay compliant with the EU Cookie Regulations.
With this cookie update, it’s also easier to disable visitor tracking on your website and manage GDPR compliance.
Cookies We Set
The cookie law doesn’t only cover what’s usually known as a “cookie,” but rather all types of data stored in a visitor’s browser. In general, the only difference between cookies and, for example, session storage, is a technical one. Legally, there is no difference.
Cookies
These are the cookies that can be set on your website when using Onsite campaigns, but not all cookies are always set.
_sn_n
Type: persistent cookie (1 year)
Classification: Necessary
Can be opted out: No
Description: This is the necessary cookie set by Onsite campaigns, as it contains technical information so that the campaigns can show properly and tracking works properly. Note that session tracking is not general visitor analytics as that information is found in the _sn_a analytics cookie.
Data stored in the cookie:
Name | Description |
SessionsId | A randomly generated ID of a browser session. |
Campaign closed this session (campaign-specific) | Information if a campaign has been closed by a visitor this session, so that triggers won't automatically show the campaign again this session. |
Query Include (if there's a query in the URL that tells that this campaign should show) | Some websites a very dependent on query strings to operate. For those sites, Drip offers a query targeting option that uses this cookie. This data is only set in the cookie if the query targeting option is used on a campaign. |
Show count (per campaign) | This is a count of how many times a campaign has been shown, so that it will stop showing when the show count set on the campaign has been met. This is used to ensure that a visitor is not shown the same campaign multiple times. |
Sessions show count total (For impression limit) | This is the total count of campaigns shown in a session. This is for the impression limit feature where you can set a total maximum of campaigns any visitor can see in a given session. |
In split test (per campaign) | This tells if a given campaign is running in a split test. Note that this isn't about the analytics data gathered to evaluate a split test, but only to make sure that one of the campaigns in the split test can actually show. |
Split cohort | This tells what split test cohort a campaign is in. This is to make sure that not both campaigns in a split test show to a visitor. |
Consent status |
If consent is not given for analytics or marketing, the status is stored here. |
_sn_a
Type: persistent cookie (1 year)
Classification: Analytics
Can be opted out: Yes
Description: This is the cookie used for visitor analytics tracking. It sets a visitor ID so that the visitor can be identified across sessions. This enables all visitor related analytics data to be shown on the analytics pages in your Dashboard. Note that if a visitor is opted out of this cookie, you will still be able to see how many views and conversions your campaigns had, just not any visitor-related data like referrer, location, and so on.
Data stored in the cookie:
Name | Description |
VisitorId | A randomly generated ID set on the visitor. |
Goal shown (per campaign) | If goal tracking is used, this informs the goal if a campaign has been shown earlier in the same session where the goal conversion happened. |
Goal engaged (per campaign) | If goal tracking is used, this informs the goal if a campaign has been engaged earlier in the same session where the goal conversion happened. |
User Session Start time | A timestamp of when this visitor session started. |
User Session End time | A timestamp of when this visitor session ended. |
💡 You can read more about analytics and handling consent below in the analytics tracking and consent section.
_sn_m
Type: persistent cookie (1 year)
Classification: Marketing
Can be opted out: Yes
Description: This cookie contains information used for marketing related targeting options. Targeting options like the referrer, UTM, or geo-location. Note that if this cookie is opted out, the marketing targeting options will not work, and the campaign will default to not show.
Data stored in the cookie:
Name | Description |
Referrer | If a campaign uses the referrer targeting option, the referrer is stored in the cookie. |
UTM Include | If a campaign uses the UTM targeting option, the information that a campaign should show or not based on the UTM is stored in the cookie. |
URL Sequence | If a campaign uses the URL sequence targeting option, the sequence of URLs a visitor sees is stored in the cookie. |
Pages visited total | If a campaign uses the pages visited targeting option, the total pages visited across sessions is stored in the cookie. |
Pages visited in session | If a campaign uses the pages visited targeting option, the total pages visited in a session is stored in the cookie. |
New visitor | If the new visitor targeting option is used on a campaign, the information that a visitor is new is stored in the cookie for the session. |
Geo location | If the geo-targeting option is used on a campaign, the location is stored in the cookie. |
IP Address | If the IP address targeting option is used on a campaign, the IP address is stored in the cookie |
SNS
Type: Session cookie
Classification: Necessary
Can be opted out: No
Description: This cookie is set on the first page a visitor sees, to make sure that one-time operations only run once. For example, if the geo-targeting option is used, we only want to geo-locate the visitor once, and not on every page.
Data stored in the cookie: 1
SNSubscribed
Type: persistent cookie (1 year)
Classification: Necessary
Can be opted out: No
Description: This cookie is set when a Collect Email Addresses campaign is engaged, so that other Collect Email Addresses can be hidden from the visitor.
Data stored in the cookie: 1
Local Storage
sn_global_countdown_last_reset_timestamp
Type: persistent storage (will delete at end of the session)
Classification: Necessary
Can be opted out: No
Description: This contains a timestamp that resets every time a new page is loaded. This is used for the session logic that is tied to the pricing plan. A session is defined by pages loaded within no more than 30 minutes in the same session. So if a page is loaded after 31 minutes, it will be counted as a new session.
Data stored in the cookie: Unix formatted timestamp
Session Storage
DripOnsite
Type: session storage
Classification: Depending on data is SiteData
Can be opted out: Yes
Description: If data is put into SiteData, it will be stored here for the session.
Data stored in the cookie: SiteData
Managing cookie consent
It is possible to opt out of the marketing cookie, the analytics cookie, and SiteData.
Below is a code snippet that removes consent for each of them.
Not giving marketing consent:
var marketingConsent = false;
if (window['DripOnsite.consent.marketing'] !== undefined && window['DripOnsite.consent.marketing']) window['DripOnsite.consent.marketing'] = true;
else window['DripOnsite.consent.marketing'] = marketingConsent;
Not giving analytics consent:
var analyticsConsent = false;
if (window['DripOnsite.consent.analytics'] !== undefined && window['DripOnsite.consent.analytics']) window['DripOnsite.consent.analytics']= analyticsConsent;
else window['DripOnsite.consent.analytics'] = analyticsConsent;
Not giving SiteData consent:
var sitedataConsent = false;
if (window['DripOnsite.consent.sitedata'] !== undefined && window['DripOnsite.consent.sitedata']) window['DripOnsite.consent.sitedata'] = sitedataConsent;
else window['DripOnsite.consent.sitedata'] = sitedataConsent;
Analytics tracking and consent
When analytics consent is not given (meaning, the analytics cookie consent is set to false), the events that are sent to Drip Analytics are also limited.
All visitor-related tracking is disabled, and only the most basic events are tracked. Those are:
- Page load
- Campaign shown
- Campaign engaged
Normally these events will contain more information about the visitor, like what referrer they came from, what browser and device they are using, what geo-location they have, and more. When analytics cookie consent is not given, those data will NOT be tracked.
Integrating with cookie consent tools
Cookieinformation
You can read Cookieinformation's own guide on how to implement cookie information here.
Cookie information lets you handle consent for three categories: functional, statistics, and marketing.
The default approach when using Cookieinformation (and the cookie law) is that consent is not given until the visitor gives consent.
Since you can handle consent for Drip cookies directly with Drip, it means that you can add the Drip JavaScript snippet for every visitor, and then handle the consent directly with our script. That way, you can still use Onsite campaigns with visitors who have not given marketing or analytics consent.
To default the Onsite campaign consent given for marketing and analytics to false, insert the following code to be fired before the Drip JavaScript snippet:
<script>
// Initialize consent to false
var consentTypes = ['Marketing', 'Analytics'];
// Function to generate consent property name
function generateConsentPropName(prop) {
return 'DripOnsite' + prop + 'Consent';
}
// Set initial consent values
consentTypes.forEach(function (prop) {
var consentPropName = generateConsentPropName(prop);
if (!(consentPropName in window)) {
window[consentPropName] = false;
}
});
// Listen for accept event
window.addEventListener('CookieInformationConsentGiven', function () {
var cookieProps = ['cookie_cat_marketing', 'cookie_cat_statistic'];
cookieProps.forEach(function (prop, index) {
// Check if consent is given for the cookie category
if (window.CookieInformation.getConsentGivenFor(prop)) {
var consentPropName = generateConsentPropName(consentTypes[index]);
window[consentPropName] = true;
}
});
});
</script>
Now, Cookieinformation will handle Onsite consent based on the visitors' choices.
Cookiebot
You can read Cookiebot's own documentation here.
Cookiebot defaults to blocking 3rd party scripts and since you can handle consent with Drip, you can let Cookiebot ignore the Drip JavaScript snippet by adding data-cookieconsent="ignore" on the Drip JavaScript snippet.
<script type="text/javascript" data-cookieconsent="ignore">...
Now that Cookiebot is ignoring the Drip script, you need to implement the following script to place the Onsite cookies based on the consent from Cookiebot.
Run the following script before your Drip JavaScript snippet.
<script>
var consent = ['Marketing', 'Analytics'];
function consentProp(prop) {
return 'DripOnsite' + prop + 'Consent';
}
consent.forEach(function (prop) {
if (!(consentProp(prop) in window)) window[consentProp(prop)] = false;
});
window.addEventListener('CookiebotOnAccept', function () {
['marketing', 'statistics'].forEach(function (prop, index) {
if (window.Cookiebot.consent[prop]) window[consentProp(consent[index])] = true;
});
});
</script>
Integrating with Google Tag Manager’s consent mode
Consent mode lets you communicate your users’ cookie or app identifier consent status to GTM.
You can utilize this to set the users consent to Onsite.
You can read more about Google Tag Manger’s Consent mode here:
https://support.google.com/tagmanager/answer/9976101?hl=en
When your Cookie consent tool is integrated with GTM you only need to do the following to let Onsite adhere the the users cookie consent.
Default Onsite consent
Start by running a tag in GTM that defaults all consent to false.
Onsite Default Consent Tag
<script> // Initialize consent to false
var consentTypes = ['Marketing', 'Analytics'];
// Function to generate consent property name
function generateConsentPropName(prop) {
return 'DripOnsite' + prop + 'Consent';
}
// Set initial consent values
consentTypes.forEach(function (prop) {
var consentPropName = generateConsentPropName(prop);
if (!(consentPropName in window)) {
window[consentPropName] = false;
}
});
</script>
Then you need two tags, that update the consent based on the users decisions:
Marketing and Analytics consent
You create two tags to be fired after the initial tag above
Onsite Marketing Consent Tag
var marketingConsent = true;
if (window['DripOnsite.consent.marketing'] !== undefined && window['DripOnsite.consent.marketing']) window['DripOnsite.consent.marketing'] = true;
else window['DripOnsite.consent.marketing'] = marketingConsent;
Onsite Analytics Consent Tag
var analyticsConsent = true;
if (window['DripOnsite.consent.analytics'] !== undefined && window['DripOnsite.consent.analytics']) window['DripOnsite.consent.analytics']= analyticsConsent;
else window['DripOnsite.consent.analytics'] = analyticsConsent;
On the tags, you go to the “Consent Settings” section and chose “Require additional consent for tag to fire” and in the field below choose the corresponding consent property
For marketing consent
💡 ad_storage
For analytics consent
💡 analytics_storage
Example for Onsite Marketing Consent Tag
Example for Onsite Analytics Consent Tag
All of the above should run before your regular Drip JavaScript Snippet Tag.