Hello. If you have installed wordpress on your Infinityfree account and need to install the cookie consent banner, in order to know which exact cookies does your site have, do you have to analyze (using an online cookie scanner) your infinityfree domain (in which is wordpress installed), or the cookies you have to know about are the ones used on wordpress?
I don’t really know what you are thinking about, because the InfinityFree subdomain and WordPress exists with each other and does not form a conflicting situation.
The cookies WordPress uses is pretty much what your domain is using with the sole addition of the security cookie.
But even with that you shouldn’t worry about the difference too much because it is technically a “required cookie” and operates on your own domain exclusively, meaning you don’t have to give it an option on the cookie banner.
4 Likes
Sorry if I am not explaining myself clearly as I am a bit confused about these subjects, and cookie requirements are different in Europe and USA. If the user does an online cookies scanning, all resulting detected cookies are the sum or both cookies, Infinityfree´s ones plus wordpress´ones?
Yes they’ll get both cookies, your WordPress cookies plus one security cookie InfinityFree uses.
4 Likes
I have to specify or clarify that the Infinityfree address link I am scanning does not show any reference to Wordpress. It is the general host address. Wordpress, as you know is installed on that host(I don´t know if this adds anything substantial).
Then, Infinityfree only uses one cookie always (security cookie)? Is this a functional one?
By default WordPress won’t have any cookies set for visitors, that’s why you may not get any results of WordPress.
Keep in mind that WordPress is a software you can install. Installing WordPress doesn’t mean that you should see anything from wordpress.com.
Also if you are scanning something like infinityfree.com then please note that cookies on the hosting website itself is not related to your website and you should not include these in your cookie banner.
2 Likes
No, I am not scanning “Infinityfrre.com”, I am scanning the exact name of my Infinityfree site ( generic names are: “site.rf.gd”; “somename.great-site.net”, etc.) such an address is the one about which scanning says there are two cookie types: “Necessary”, and “other” (no specification about this being third party, functional, etc). Thanks.
Then it’s just the cookie scanner thing. They organize the cookies detected in that way and there’s nothing we could do for this.
InfinityFree just puts one cookie which should be detected as a first party cookie, so I would guess “Necessary”. All “other” cookies is probably added by something like analytics tools (that you have installed by yourself, if any).
2 Likes
A cookie scanner doesn’t “know” what a cookie is for. It’s your website, you should know what cookies are on it, and then tell visitors what those cookies do.
Of course, reality can be a bit more difficult and it’s not always so easy to know what cookies are used so those scanners help. But it won’t give you a ready-made cookie policy, you still need to check what it found, figure out what set it and determine if you want or need that cookie and why.
The scanners can help a bit by identifying known cookies (I would expect it to recognize cookies from Google Analytics for example). But again, you need to check their work.
5 Likes
I have not installed anything, except only wordpress, Elementor, Astra, and 2-3 more plugins.
-Is there any (easy) way for me to manually check to see how many, and which cookies are there on my site?
-Be that as it may, if 2-3 scan analyzers say there are also “other” cookies installed, should I simply, in order to comply with European regulations, to state or say (cookie consent banner) that “Necessary” and “other” cookies are used, together with theAccept/refuse options?
Thank you.
I would advise against using Elementor, free hosting is not quite powerful enough to run it well.
7 Likes
One quick way to check is to open an incognito window, go to your website and open the developer tools to see the cookies. You can access it by pressing the F12 button on your keyboard, then go to Application → Storage → Cookies.
However, that only tells you which cookies are added right away on the home page. Other functionality on your website may add other cookies, which both this basic check and those scanners might not pick up on.
I’m not a lawyer, so don’t take this as legal advice. But based on my understanding: no, a banner that asks consent for “other” cookies is not compliant. If those scanners couldn’t identify what a cookie does, that doesn’t mean you can just lump them into an “other” category. You are responsible for knowing what every cookie on your site does and being able to explain it to your visitors. Consent under the GDPR must be specific and informed, and vague categories don’t meet qualify.
Also keep in mind that not every cookie requires consent. Cookies that are strictly necessary for your website to function (like session cookies) don’t need it. You generally only need consent for cookies used for things like analytics, social integrations and ads.
Honestly, if you’re using WordPress with a few plugins, you’re running software you didn’t build, and reverse engineering exactly what cookies each component sets and why is a lot of effort for very little gain. Especially for a small personal site. If you’re not deliberately using analytics or marketing tools, your site is most likely only setting functional cookies that don’t require consent in the first place.
5 Likes
Thanks for your answers. Then, could be a reasonable action, in practice, in general, in each free website, to install a general cookie consent banner, informing that the web uses cookies for its correct functioning, and some of these cookies could be third party ones (as this depends on multiple and changing factors), offering the option of accepting or refusing?
Since the cookies used by InfinityFree’s security system are essential to being able to use a site at all, I would say that they aren’t required to be consented to own their own, at least from what I understand of Admin’s explanation. In any case, “installing” such a widget on every site hosted on InfinityFree seems infeasible.
7 Likes
Again, that completely defeats the purpose of cookie consent banners.
We cannot enforce a one-size-fits-all solution because every website is different and there is no way for us to know or tell what cookies a website uses and what legal ground they have for that.
The only cookie we place ourselves is technically required as it’s part of a security system, which means that no consent is necessary.
If you’re not sure what cookies your plugins set, and you’re not deliberately using analytics or marketing tools, you’re probably better off without a consent banner than with a vague one that doesn’t actually comply.
6 Likes
Thanks for all your answers. It is an interesting subject. I tried the incognito windows option, f12 and there are, always, a few(the exact number changes)functional cookies,from wp and from Infinityfree. But then as I told you, although most web scan checkers confirm that there are only functional cookies, some others even state that there are google non essential ones. A web developer once told me that it is nearly impossible to know all cookies that in any future moment your website will load when fully interacting online, as they will change , although your website main ones are, as with Infinityfree and WP , functional cookies. So, in practice, what is the most common and frequent actions carried out by common web creators when creating a cookie banner for a simple site: it is, as you say not to install consent banner, or might be a valid one to manually check cookies at your website(incognito windows) plus performing a few scannings and according the results, install or not the banner? By the way, could you let me know which are the best, most accurate online free cookie scans? Thank you.
Both manual checks and cookie scanners will simply not give you the complete picture. That’s what I’m trying to make clear. If you ran your checks, then you should have a pretty good starting point to decide whether you need to ask for consent at all and decide whether you want a cookie banner, and what exactly you should ask for consent for.
If you’re not sure what a certain cookie is for or if you actually have it on your site, just search online to learn more about that specific cookie, what sets it and what it’s used for.
I don’t have recommendations for cookie scanners because I think it’s a fundamentally wrong approach. It sounds like you’ve used a few of them, so I suggest to combine their results and investigate any discrepancies by hand.
And if that all sounds like too much work, then I suggest to just skip the cookie banner entirely. Doing is properly is a lot of work, and it’s really not that critical for many sites.
5 Likes
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.