DigiConsent organizes cookies into four standard categories that align with GDPR requirements and privacy best practices. Understanding these categories is essential for proper configuration, compliance, and transparent communication with your website visitors. This comprehensive guide explains each category in detail, showing you how to use them effectively for managing consent and tracking scripts.
Why Cookie Categories Matter
Privacy regulations like GDPR require granular consent—users must be able to accept some types of cookies while rejecting others. Simply asking for blanket permission for “all cookies” violates the principle of specific consent. Cookie categories provide the structure needed for this granular control.
Categories also help users make informed decisions. When users understand what each category does and can choose individually, they’re more likely to consent to at least some tracking. Many users who would reject “all cookies” will accept analytics if it’s separated from marketing tracking.
The Four Standard Categories
DigiConsent implements four cookie categories based on international privacy standards and GDPR guidance. These categories cover all common cookie use cases while keeping the system simple enough for users to understand.
Necessary Cookies
Necessary cookies are essential for your website to function properly. They enable basic features that users expect as part of the service they’re requesting.
What Makes a Cookie “Necessary”
A cookie is necessary only if the website genuinely cannot function without it. GDPR interprets “necessary” narrowly—convenience features or enhanced experiences don’t qualify. The cookie must be essential for delivering the service the user is actively requesting.
Examples of truly necessary cookies:
- Session Management: Cookies that maintain your logged-in state as you navigate between pages
- Authentication Tokens: Security tokens that verify your identity and prevent unauthorized access
- Shopping Cart: Cookies that remember items you’ve added to your cart in e-commerce sites
- Form Data: Temporary storage of multi-step form data so you don’t lose progress
- Load Balancing: Cookies that route your requests to the correct server in multi-server environments
- Security Cookies: CSRF tokens and other security mechanisms that protect against attacks
What is NOT necessary:
- Analytics tracking (even though it helps you improve the site)
- Remembering user preferences like theme or language (these are convenience, not necessity)
- Personalized content recommendations
- Social media integration or sharing features
- Live chat or customer support widgets
- Any advertising or marketing tracking
How Necessary Cookies Work in DigiConsent
Scripts added to the Necessary category behave differently from other categories:
- Always Execute: Necessary scripts run immediately on page load, regardless of consent mode (opt-in, opt-out, or notice-only)
- No User Control: Users cannot disable necessary cookies through the consent banner. The category doesn’t appear as a toggleable option in the settings modal
- No Consent Required: Because these cookies are essential, GDPR doesn’t require consent for them
What to Add to Necessary Category
Be conservative about what you add here. Only include scripts that are genuinely required for core functionality:
Security Services: If you use Google reCAPTCHA for spam protection on forms, this belongs in Necessary (DigiConsent provides a Quick Add field for reCAPTCHA). The Quick Add automatically generates the correct implementation code.
Essential Maps: If your business model requires Google Maps functionality (like a store locator that’s central to your service), it may qualify as necessary. Use the Quick Add field for Google Maps API key. However, if maps are just a nice enhancement, they belong in Functional instead.
WordPress Core: WordPress’s own cookies for logged-in users and comment forms are already handled by WordPress itself and don’t need to be added to DigiConsent.
Important Warning: Don’t abuse the Necessary category by adding analytics or marketing scripts here to bypass consent. This violates GDPR and undermines the entire purpose of consent management. Regulators actively look for this violation during audits.
Analytics Cookies
Analytics cookies track website usage to help you understand visitor behavior and improve your site.
Purpose of Analytics Cookies
Analytics cookies collect data about how visitors interact with your website:
- Which pages are viewed and for how long
- Where visitors come from (search engines, direct visits, referrals)
- What devices and browsers people use
- How visitors navigate through your site
- Where visitors drop off or exit
- Which content is most engaging
- Conversion paths and goal completions
This information helps you optimize user experience, create better content, fix technical issues, and understand your audience. While analytics are valuable, they’re not strictly necessary for the site to function, so they require user consent.
Common Analytics Services
Google Tag Manager (GTM): A tag management system that loads and manages your analytics and marketing scripts. If you use GTM, enter your GTM-XXXXXXX container ID in the Quick Add field. DigiConsent automatically generates the necessary GTM code for both head and body sections.
Important GTM Note: If you use Google Tag Manager, you should manage all your tracking tags inside GTM, not by adding them separately to DigiConsent. Add only the GTM container code to DigiConsent. Then configure consent triggers inside GTM to respect user choices.
Google Analytics 4 (GA4): Google’s analytics platform for tracking website and app usage. Enter your G-XXXXXXXXXX measurement ID in the Quick Add field. DigiConsent generates the gtag.js implementation code automatically.
Important: Don’t use both the GTM and GA4 Quick Add fields. If you’re using GTM, manage GA4 inside your GTM container. Use the GA4 Quick Add only if you’re implementing Google Analytics directly without Tag Manager.
Hotjar: A behavior analytics tool that provides heatmaps, session recordings, and user feedback. Enter your numeric Hotjar site ID in the Quick Add field for automatic code generation.
Matomo: Privacy-focused analytics platform (formerly Piwik). Matomo doesn’t have a Quick Add field, so you’ll need to manually add your Matomo tracking code in the Script Management section.
Other Analytics Tools: For services without Quick Add support (Heap, Mixpanel, Amplitude, etc.), use the Manual Script Management section to add your tracking code.
Script Management for Analytics
The Analytics category provides three script injection points:
Head Scripts: Most analytics tools, including Google Analytics and GTM, recommend placing their code in the head section for earliest possible loading. Use this for tracking codes that need to run before content renders.
Body Scripts: Some analytics tools provide separate body scripts (like GTM’s noscript tag). Add these to the Body Scripts section.
Footer Scripts: Analytics scripts that don’t need to run immediately can go in the footer, which may improve page load performance. Some analytics tools work fine when loaded late.
Google Consent Mode Integration
If you use Google services (Analytics, Ads, Tag Manager), enable Google Consent Mode v2 in the General Settings tab. This integration allows Google to collect some anonymized data even when users reject analytics cookies, using privacy-preserving measurement techniques.
With Consent Mode enabled, users who reject cookies won’t be tracked with cookies, but Google can still provide some high-level insights through modeling and aggregation. This balances privacy with data utility.
Marketing Cookies
Marketing cookies track users across websites to deliver personalized advertising and measure campaign effectiveness.
Purpose of Marketing Cookies
Marketing cookies enable sophisticated advertising capabilities:
- Retargeting/Remarketing: Show ads to people who previously visited your website
- Conversion Tracking: Measure which ads lead to purchases or sign-ups
- Audience Building: Create custom audiences based on website behavior
- Lookalike Audiences: Find new potential customers similar to your existing visitors
- Cross-site Tracking: Follow users across different websites to build profiles
- Personalized Ads: Deliver ads tailored to individual interests and behavior
Marketing cookies are the most privacy-invasive category and often the first thing privacy-conscious users reject. They’re also facing technical challenges as browsers increasingly block third-party cookies.
Common Marketing Services
Facebook Pixel (Meta Pixel): Tracks conversions from Facebook ads and enables retargeting. Enter your 15-16 digit Facebook Pixel ID in the Quick Add field. DigiConsent automatically generates the Facebook Pixel code with PageView tracking.
TikTok Pixel: Similar to Facebook Pixel but for TikTok advertising platform. Enter your TikTok Pixel ID in the Quick Add field for automatic code generation.
LinkedIn Insight Tag: Tracks conversions from LinkedIn ads and enables LinkedIn audience building. Enter your LinkedIn Partner ID (numeric) in the Quick Add field.
Google Ads Conversion Tracking: If you use Google Ads, conversion tracking is best managed through Google Tag Manager (add GTM to Analytics category) or by using Google Analytics 4 with linked Google Ads account.
Other Advertising Platforms: For platforms without Quick Add (Twitter Pixel, Pinterest Tag, Snapchat Pixel, etc.), manually add tracking codes in the Script Management section.
User Acceptance Patterns
Marketing cookies typically have the lowest acceptance rates. Many users accept analytics cookies (which seem less invasive and more beneficial to them) while rejecting marketing cookies. Typical patterns:
- 60-70% of users who customize settings accept Analytics
- Only 30-50% accept Marketing
- Privacy-conscious users almost always reject Marketing
Expect reduced retargeting audience sizes and incomplete conversion tracking when using opt-in consent. This is the privacy trade-off for compliance.
Functional Cookies
Functional cookies enable enhanced features that improve user experience without tracking for advertising purposes.
Purpose of Functional Cookies
Functional cookies add capabilities beyond basic website operation:
- Live Chat: Customer support chat widgets that remember conversation history
- Social Media Features: Share buttons, social feeds, or social login
- Video Embeds: YouTube, Vimeo, or other video players embedded in pages
- Interactive Maps: When not essential for your business (unlike a store locator)
- User Preferences: Remembering language, theme, or other customization choices
- Personalization: Content recommendations based on behavior
The line between Functional and Necessary can be blurry. The test is: can users complete their primary task without this feature? If yes, it’s Functional. If no, it might be Necessary.
Common Functional Services
Intercom: Live chat and customer messaging platform. Enter your Intercom App ID in the Quick Add field. DigiConsent generates the Intercom widget code automatically.
Zendesk Chat: Customer support chat widget. Enter your Zendesk Chat Key (UUID format) in the Quick Add field for automatic implementation.
YouTube Embeds: If you embed YouTube videos, they set cookies for tracking and personalization. Use YouTube’s privacy-enhanced mode (youtube-nocookie.com) when possible to minimize cookies, but you may still want to include YouTube in Functional category.
Social Media Widgets: Facebook Like buttons, Twitter feeds, Instagram embeds all set cookies. Add their embed codes to Functional category.
Other Services: Drift, Crisp, LiveChat, Olark, or any other chat/support widgets belong in Functional category.
Acceptance Rates
Functional cookies have mid-range acceptance rates, typically between Analytics and Marketing. Users who want enhanced features (especially live chat for support) will accept this category. Users focused on minimal tracking will reject it.
Configuring Cookie Categories
Access category settings by going to DigiConsent → Settings and clicking the Cookie Categories tab. You’ll see tabs for each of the four categories.
Category Settings
For Analytics, Marketing, and Functional categories (not Necessary), you can configure:
Enable This Cookie Category: Toggle whether the category appears in the consent banner. If disabled, the category won’t be shown to users, and scripts in it won’t load. Use this to hide categories you’re not using.
Enable by Default: When enabled, this category will be pre-selected when users open the Settings modal. This doesn’t mean users automatically consent—they still must save their preferences. It just makes acceptance easier by pre-checking the box.
Important: Using “Enable by Default” is debatable from a compliance perspective. The safest approach is leaving all categories unchecked by default, requiring users to actively select what they accept.
Category Name: Customize the category name shown to users. The defaults (“Necessary Cookies,” “Analytics Cookies,” etc.) are standard and understood, but you can change them if needed.
Category Description: Explain what the category does in plain language. This description appears in the Settings modal when users customize their preferences. Be specific and honest. Good descriptions help users make informed decisions and can improve acceptance rates.
Adding Scripts
Each category provides Quick Add fields for popular services and Script Management sections for manual code entry. Use Quick Add when available—it’s faster and less error-prone.
For manual script entry:
- Choose the appropriate script location (Head, Body, or Footer)
- Paste your complete tracking code including script tags
- Click Save Settings
- Clear your website cache
- Test that scripts load after consent is granted
Best Practices for Category Management
Audit Regularly: Review your cookie categories periodically. Plugins or theme updates may add new tracking scripts that bypass DigiConsent if not configured properly.
Document Your Choices: Keep notes on why you categorized each script the way you did. This helps during compliance audits and when training new team members.
Test After Changes: Whenever you add or modify scripts, test in opt-in mode to ensure scripts are properly blocked until consent and execute correctly after acceptance.
Remove Unused Scripts: Don’t leave old, unused tracking codes in your categories. Remove scripts for services you no longer use to minimize data collection and privacy risk.
Be Conservative with Necessary: When in doubt, don’t put a script in Necessary. It’s better to over-protect privacy than to risk non-compliance.
Write Clear Descriptions: User-facing category descriptions should explain benefits and be honest about data collection. Transparency builds trust and can improve acceptance rates.
Understanding and properly using cookie categories is fundamental to effective consent management. By organizing your scripts correctly, providing clear descriptions, and respecting the purpose of each category, you create a compliant system that balances privacy protection with the functionality your website needs. DigiConsent’s category system makes this complex task manageable, but your thoughtful configuration makes it effective.