HubSpot consent banner | Frequently asked questions

Find answers to the most commonly asked questions about website consent management tools in HubSpot.

General

How does HubSpot track website visitor activity?

HubSpot uses cookies to track your website visitors and contacts. A cookie is a small text file that is left behind on a visitor's browser when they come to your site. When the HubSpot software runs on your website, it leaves behind a cookie on your visitors’ browsers that helps HubSpot identify them on future visits.

Should I adjust my privacy policy?

If your business has a presence in Europe, or if you store any data on contacts in the European Union (EU), you must adjust your privacy policy to comply with EU laws. The EU has mandated that member countries create laws that require websites to gain consent from end users prior to storing data on a website visitor’s computer. These regulations are designed to help your website visitors protect their privacy and determine how their behaviors online are used by others.

Under the GDPR, if a contact of yours is an EU citizen, they must be given notice that you're using cookies to track them (in a language they can understand), and they need to consent to being tracked by cookies. HubSpot allows you to set this privacy policy, show it to your visitors, and prompt them to consent to allow cookies to comply with EU regulations.

Please note: while HubSpot provides cookie tracking and consent banner tools, your legal team is the best resource to give you compliance advice for your specific business circumstances. In addition, while these features help to enable compliance, there's no one solution that fits every situation. Learn more in the HubSpot GDPR Playbook.

What's the difference between first-party and third-party cookies?

First-party cookies are set and stored by a website's domain. Often times, these cookies are used to collect analytics data, remember language settings, or store shopping cart contents. Information collected by first-party cookies doesn't leave the website. 

Third-party cookies are set by a server outside of the website's domain and are commonly associated with website functionality and ad targeting. Information collected by third-party can be used by companies outside of the website you're visiting.

Are HubSpot's cookies first-party or third-party?

The HubSpot tracking code script drops first-party cookies. Though the HubSpot tracking code collects data to personalize the site visitor's experience, the data is not shared across websites and it belongs only to your HubSpot account.

Learn more about which cookies HubSpot sets in a visitor's browser.

Implementation

Why is my consent banner not appearing on my external page?

For HubSpot's consent banner to manage cookies on an external page, your website needs to have the HubSpot tracking code installed. If your account was created after November 2022, you'll first need to add your external domain to your consent management settings.

If your consent banner isn't appearing on your external page, ensure that the external page URL matches the domain and URL path rules configured in your cookie policy. If your cookie policy is configured to target specific countries, users who visit your page using location altering tools such as a VPN may not see the banner as expected for that country.

Why is my consent banner appearing in an iframe?

A consent banner that is configured to target all URLs will load on all pages that contain your HubSpot tracking code. Because an iframe embeds a page within another page, an iframe embedded page with the tracking code is expected to load the consent banner too. 

You can resolve this by configuring your consent banner to only appear on specific domains and URLs. Alternatively, you can remove the HubSpot tracking code from the page being loaded in the iframe. Be aware that removing the tracking code will remove tracking capabilities from that page if it's being used elsewhere outside of the iframe.

Why is my consent banner reappearing after accepting/declining?

This issue may occur for a couple reasons:

• The visitor may be using a browser setting or extension to automatically clears cookies, which may be removing the consent banner preference cookies.
• If you're embedding a page with an iframe, the SameSite flag restricts the iframe page from being able to read or set cookies on its domain when it differs from the parent page's domain. As a result, HubSpot will be unable to store the banner preference selected in the iframe.

How can I manage HubSpot cookies with a third-party cookie banner?

Unless you're using the Cookiebot integration, managing HubSpot cookies with a third-party banner requires a custom developed setup, such as:

• Using the cookie banner API to manage HubSpot cookies through the third-party banner. 
• Using a combination of CSS and JavaScript to hide HubSpot's banner from the visitor, then configuring the third-party banner's button clicks to correspond with HubSpot banner button clicks. This would enable you to automatically set HubSpot consent banner preferences through your third-party banner without displaying both to visitors.

Why are HubSpot cookies loading without accepting cookie consent?

If HubSpot cookies are loading before consent has been collected, it's likely that your consent banner policy type is set to Notify visitors that your site uses cookies . Instead, ensure that your banner is set up to either require opt-in or display cookies by category. You can update this setting any time within each banner's settings.

Learn more about customizing your consent banner's settings.