Website cookies

iMIS RiSE websites display a cookie consent banner that allows visitors to configure their cookie preferences.

Understanding website cookies

When a user visits an iMIS website and interacts with the cookie consent banner, two cookies are set: cookieconsent_status and cookie_preferences.

Review the following table to understand the two initial cookies:

Table 1: Understanding the initial cookies
Cookie Format Description
cookieconsent_status Plain string (allow or deny) Indicates whether the user accepted or rejected all optional cookies.
cookie_preferences URL-encoded JSON Indicates if a user has consented to optional cookies on a granular, per-category basis.

When a user interacts with the cookie consent banner, the two cookies are set to different values depending on which button the user interacts with on the website banner. Review the following table to understand how the two cookies are modified based on user action:

Table 2: Understanding how cookies are modified based on user action
Visitor Action cookieconsent_status cookie_preferences
Accept All allow { "functional": true, "analytics": true, "marketing": true }
Reject All deny { "functional": false, "analytics": false, "marketing": false }
Customize (accept some categories) deny Depends on user’s selections; for example, selecting Functional and Marketing cookies sets a value of { "functional": true, "analytics": false, "marketing": true }
Customize (accept all categories) allow { "functional": true, "analytics": true, "marketing": true }

The functional, analytics, and marketing keys correspond to the Functional, Analytics and statistics, and Marketing optional cookie types, which are detailed in the following section.

Note: Users cannot disable essential cookies, which are cookies required for the website to function.

Optional cookies

In the cookie consent banner, users can configure their consent to the three following optional cookie types:

  • Functional cookies support optional features that make the site easier for users to use, like remembering language or display settings. Examples include scripts for live chat tools, translation widgets, or video players that save playback preferences.
  • Analytics and statistics cookies track how visitors use the site so you can measure performance and improve user experience. Examples include tools like Google Analytics, Plausible, Mixpanel, or scripts that record page views, click events, or session duration.
  • Marketing cookies track visitors across websites so you can deliver personalized ads or measure how well campaigns perform. Examples include advertising and remarketing scripts like Google Ads, Meta Pixel, LinkedIn Insight Tag, or any tool that builds audience profiles or tracks conversions.

These optional cookie types correspond to the Functional, Analytics and statistics, and Marketing script fields in Site Builder’s Scripts tab.

Rejecting website cookies

The following table details which cookies are automatically and not automatically blocked when all cookies are rejected.

Table: Understanding which cookies are blocked by default
User has opted to "Reject" cookies or has not responded to cookie message yet
Automatically blocked Not automatically blocked

YouTube, Vimeo, and Twitch videos deriving outside of the database, typically through a direct link.

Note: Videos stored in the database do not set cookies, so the Reject option does not apply to these videos.

Cookies deriving from third-party sources, such as Google Analytics, are only blocked if configured. If you are using third-party vendors that collect cookies, you must ask them for the information on how to block the cookies, as iMIS will not automatically block the cookies.

If you have custom scripts that generate cookies outside of the script fields in the Scripts tab, you will need to configure your custom scripts to block cookies if the user rejects them, and you will need to create your own legally-compliant Cookie Policy page with details of your custom cookies.

Configuring custom scripts to use cookies

To use cookies with custom scripts, place custom scripts into the relevant script fields in Site Builder’s Scripts tab to use the cookie consent banner’s optional cookie types. This ensures compliance with cookie consent policies and regulations.

Review the following information to understand the relationship between the fields in the Scripts tab to the optional cookies:

  • Functional – Corresponds to Functional cookies, which support optional features that make the site easier for users, like remembering language or display settings.
  • Analytics and statistics – Corresponds to Analytics and statistics cookies, which track how visitors use the site so you can measure performance and improve the experience.
  • Marketing – Corresponds to Marketing cookies, which are used to track visitors across websites so you can deliver personalized ads or measure how well campaigns perform.

If the custom script cannot be placed into the Scripts tab, such as a script contained in a content page or a content item, the custom script must read the cookie_preferences cookie that contains the optional cookie types (such as in the following Code Sample 1) and check consented cookie types before loading scripts (such as in the following Code Sample 2).

Review the following best practices for configuring custom scripts with cookies:

  • Use the script fields in Site Builder’s Scripts tab whenever possible to use the cookie consent banner’s optional cookie types.
  • Use cookie_preferences instead of cookieconsent_status for any script that must read consent manually. cookie_preferences records a website user’s cookie consent choices, whereas cookieconsent_status records a blanket true or false value.
  • Treat a missing cookie as a rejected cookie. Until a website user interacts with the cookie consent banner and makes a cookie decision, neither cookie_preferences nor cookieconsent_status are set, and only essential functions will run.
  • Re-check consent on each page load. Website users can change their cookie preferences through the Cookie Preferences link at the bottom of every iMIS RiSE website.
Copy

Code Sample 1: Reading the cookie_preferences cookie

/**
 * Returns the parsed cookie_preferences object, or null if the cookie
 * is absent or cannot be parsed (i.e., the visitor has not yet responded
 * to the consent banner).
 *
 * @returns {{ functional: boolean, analytics: boolean, marketing: boolean } | null}
 */
function getCookiePreferences() {
    var match = document.cookie.match(/(?:^|;\s*)cookie_preferences=([^;]*)/);
    if (!match) {
        return null;
    }
    try {
        return JSON.parse(decodeURIComponent(match[1]));
    } catch (e) {
        return null;
    }
}
Copy

Code Sample 2: Checking the consented cookie types

var prefs = getCookiePreferences();

if (prefs && prefs.analytics) {
    // Safe to load analytics scripts (e.g., Google Analytics, Matomo)
}

if (prefs && prefs.marketing) {
    // Safe to load marketing/advertising tags (e.g., Facebook Pixel)
}

if (prefs && prefs.functional) {
    // Safe to set cookies that store visitor preferences
}

if (!prefs) {
    // Visitor has not made a consent choice yet — only essential cookies are allowed
}

Updating the Cookie Policy

The out-of-the-box Cookie Policy document is located in the footer of all Quick Start Sites, such as the Member Responsive site.

Updating the out of the box cookie policy in the sitemap

If you are working with a copy of this website, you may need to update the Cookie Policy document, so that the content of the policy is fitting to your organization.

To update the cookie policy document, do the following:

  1. Make a copy of the Cookie Policy content record:
    1. In the Document browser, copy and paste @/iSamples/SharedContent/Cookie_Policy into the navigation bar.
    2. Alternatively, in the Document browser, navigate to Quick Start Sites > Shared and then select the Cookie Policy record.
  2. Make the required changes to the copy. The Cookie Policy content record has specific instructions about what must be updated.

    3. The Cookie Policy content record has specific instructions about what must be updated.

  3. Add the new content record to your website:
    • If you have a sitemap item specifically for a Cookie Policy, update the sitemap item to point to the new content record (RiSE > Site Builder > Manage sitemaps).
    • If your website has Show a cookie warning enabled, update the Content or URL to link to field to point to your new content record (RiSE > Site Builder > Manage websites > Look and feel tab).

Updating cookie preferences

Users can also update their cookie preference choice (accept or reject) after interacting with the cookie consent banner.

By default, there is a hidden link on the bottom left of all website pages that will bring back the cookie preferences message. When you hover the bottom-left area of the window, a Cookie Preferences link appears. Clicking the link will bring back the cookie consent banner.

Site with cookie warning message at the bottom of the screen

If you would like to add an additional link that users can access their Cookie Preference from, use the following HTML, changing the “Link goes here” text to a text of your choosing:

<a href="" onclick="document.body.getElementsByClassName(&quot;cc-revoke&quot;)[0].click(); return false;">Link text goes here</a>

There is an example of the above link in the out-of-the-box Cookie Policy document (@/iSamples/SharedContent/Cookie_Policy).

Link to change the cookie settings