Cookie Consent
A mechanism that informs website visitors about the use of cookies and tracking technologies and collects their explicit consent before non-essential cookies are placed, as required by privacy regulations like GDPR and the ePrivacy Directive.
Cookie consent is more than a banner; it is a functional system that must correctly categorize cookies (essential, analytics, marketing, etc.), block non-essential cookies until consent is given, record and store consent preferences, allow users to change their preferences at any time, and respect those preferences across pages and sessions.
QA testing for cookie consent involves verifying that: no non-essential cookies are set before consent, accepting only 'analytics' cookies does not also enable marketing cookies, rejecting all cookies still allows the site to function, and consent preferences persist correctly. Tools like CookieBot, OneTrust, and Osano are commonly used consent management platforms.
Why It Matters for QA Teams
A cookie consent banner that does not actually block cookies until consent is given is a legal liability, not a compliance measure. QA must verify the technical implementation, not just the visual presence of a banner.
Example
QA tests the cookie consent flow by rejecting all optional cookies, then inspecting the browser's cookie storage. They discover that the Google Analytics cookie (_ga) and a Facebook pixel cookie (_fbp) are still set. The consent management platform was configured to show the banner but was not integrated with the tag manager to actually block these scripts. The implementation is fixed to conditionally load scripts based on consent state.