Top 10 most common mistakes regarding cookie banners

We get to see a lot of cookie banners and are asked many questions about the right way for a cookie banner implementation. GDPR and ePrivacy regulations can some times be confusing. Here are the 10 most common mistakes regarding cookie banners and a way to solve them:

  1. Prior consent isn’t implemented
    You visit a website, a cookie banner is shown and you get to make a choice what kind of cookies you would like the website to set on your device, great! But when you take a closer look you see that some 50 cookies have already been set without even having made a choice. Cookies should be blocked, except necessary ones, until  you have given your consent.
  2. Pre-ticked check boxes
    Again you are shown a lovely banner on a website. Unfortunately all category check boxes are pre-checked. This is not allowed. You as a visitor should give explicit consent meaning you will have to check the check boxes yourself 
  3. Implied consent
    Okay, you get to see a banner with the text:  “By visiting this website you agree to the use of cookies.

    This actually isn’t a cookie banner but merely a cookie notice. There is no actual choice thus making it implied consent. This can be legal when the website only uses necessary cookies and has an explanation of the cookies used. More often it’s just a notice and cookies of all types, including tracking-cookies are set on your device.
  4. Cookie wall
    A cookie wall is a website’s self-made border that restricts access to it for users who don’t consent to all of the cookies and similar tracking technology present and ready to be activated on the domain. According to the DutchBritish and French DPA cookie walls are not allowed and it is considered a shady practice in the rest of Europe, and is very likely to be outlawed formally in the ePrivacy Regulation.
  5. Not able to change or withdraw your consent
    Nice! You are visiting a website and cookies are blocked until you have consented. Hey, even the banner looks nice! But then after a while you want to change your consent, but there is no way you can change your consent, let alone withdraw it completely. The GDPR states that you should be allowed to change your consent just as easily as you have given it.
  6. No consent log
    All consents must be logged as proof and all tracking of personal data, also by embedded third party services, must be documented, hereunder to which countries data is transmitted.
  7. Out-of-date cookie declaration
    On an average more than 30% of all cookies on a websites changes monthly. You should inform your visitors about your cookies so a cookie declaration generated the 25th of May will most likely be out-of-date.
  8. Do you want to delete our cookies? Whatever it yourself
    So-called sites pointing you to various internet sources explaining you how to remove cookies from your browser. But you shouldn’t have to do that, the website is responsible for setting cookies on your device and thus have a mechanism to remove them as well.
  9. Google Analytics anonimized? Google analytics cookies (doubleclick)
    The Dutch DPA states you can use Google analytics cookies without a users given consent IF you make some changes in your Google Analytics account, making it a “privacy-friendly” implementation (e.g. ip-adresses are anonymized). Of course this is used by many websites to load analytical cookies without consent. But then you see another cookie load on the site, doubleclick, and then you know something went wrong when implementing the privacy-friendly settings in Google Analytics.
  10. Cookie banner? What banner?
    No comment…..

Not sure if your cookie banner implementation is correct?

We have the CookieInfo Quick Scan service. Just enter your website URL and find out if your cookie banner is compliant with GDPR and ePrivacy rules.

  • Compliance: You can ensure that your website is compliant with any legal requirements around the use of cookies, such as the European Union’s GDPR, California’s CCPA or other cookie laws.
  • User Awareness: Your users will be made aware of the cookies being set on their device, which can help to build trust and improve the user experience.
  • Improved User Control: By performing a cookie check, you have identified which cookies and trackers need “prior consent”. Using a Consent Management Platform gives your users control over the cookies being set on their device, which can improve their overall experience on your website.
  • Debugging: By performing a cookie check, you can identify any issues related to cookies on your website, such as errors or broken functionality, and take the necessary steps to resolve them.
  • Better Performance: By only setting necessary cookies, you can reduce the amount of data being stored on a user’s device, which can improve the performance of your website.


Have questions in regard to your cookie banner implementation? Let us know here.

30 day free trial Cookiebot

Cookie scanner, cookie banner, cookie declaration en cookie consent in one solution.

  • Use cookies on your website compliant with GDPR, ePrivacy and cookie legislation
  • Cookie management completely automated
  • Cookie banner based on your corporate identity
  • Automatic composed cookie declaration, always up to date

The Cookiebot solution runs on 500,000+ websites, manages 13 billion User Consents and supports 40+ languages.