CookieInformation.Optimizely 2.2.1.8

CookieInformation Optimizely Content Cloud (EPiServer) Integration

Thank you for installing this integration between Cookie Information's Consent Management Platform (CMP) and Optimizely’s Content Management Platform. The integration consists of a set of tools that help you to easily comply with current regulations by collecting and documenting valid consents from your visitor, in accordance with GDPR and ePrivacy. In the following instructions you'll learn which tools and functionalities are included and how to start using them.

Background

The EU’s privacy legislations, GDPR and ePrivacy, provide European website owners with a complex set of challenges. You can quickly start collecting valid consents on your website. With a few steps you have access to the tools you need to become compliant. The platform makes editing & customizing your Consent Solution easy.

• Simple setup
• Manage scanning depth & frequency
• Block cookies until users have given their consents
• Unlimited test domains
• Create custom popups or choose between multiple templates
• Improvement of opt-in rates
• 40+ languages for multilingual websites
• Shared-consent for multibrand organizations

Besides the functionalities native to the Cookie Information Platform, this integration lets you easily control cookies set in different places in Optimizely, including:

• Cookies set by server-side Optimizely functionality, add-ons, and your own server-side code (Visitor Groups, A/B Testing, e-commerce, etc.).
• Cookies set by JavaScript (your own or 3rd party) referenced in site views and scripts (e.g. Optimizely Profile Store tracking, ODP, Google Analytics).
• Cookies set by embedded elements in site views or in editor-provided content (YouTube, Disqus, LinkedIn embeds, ShareThis, etc.).
• Cookies set in views or embedded elements: helper methods allow developers to wrap code and only emit it if consent has been given.
• Cookies in embedded HTML inserted by editors: Visitor Group criterion allows personalization to show the cookie-setting content only with consent.
• Server-side cookies: middleware automatically “washes” any cookies without consent from the response and can optionally expire old cookies when consent withdrawn.
• Injection of the Cookie Consent banner (localized) and shortcut to the Cookie Information Dashboard in Edit mode.
• Tag managers are supported but must be handled separately; refer to support.cookieinformation.com.

Overview

Included components:

• Consent pop-up registration (auto injection of Cookie Information script unless disabled).
• IVisitorConsentService (VisitorConsentService) for querying consent to categories or specific cookies.
• ICookieMappingService (CookieMappingService) for mapping cookie names (exact or regex) to categories.
• Tag Helpers (ConditionalConsentTagHelper + children) for conditional rendering based on live consent changes.
• Html helpers: CreateConditionalCookieScript and ShowOnConsent for conditional script/content injection.
• CookieConsentCriterion visitor group criterion for personalization.
• CookieWashingMiddleware for response-set cookie filtering & optional removal of previously set cookies.
• Optimizely UI integration (dashboard menu item).

All components can be enabled/disabled or customized via configuration (appsettings.json) or during initialization (.AddCookieInformation()).

Installation and Configuration

1. Create a Cookie Information account (https://cookieinformation.com/registration) if you do not already have one and configure your domains (including internal test domains). Without domain configuration the consent pop-up will not appear.
2. Install the NuGet package.
3. Register in dependency injection (Program.cs / Startup.cs):

services.AddCookieInformation(o => o.SetDefaults());

4. (Optional) Add the cookie washing middleware (ASP.NET Core middleware, not an old "HTTP Module"):

app.UseCookieInformationToCleanResponse();

Configuration happens through CookieConsentOptions either via appsettings.json or the options lambda.

Example appsettings snippet:

"CookieInformation": {
  "RegisterConsentScript": true,
  "ManageCspNonce": true
}

Or via code:

services.AddCookieInformation(o => { o.SetDefaults(); o.RegisterConsentScript = true; o.ManageCspNonce = true; });

Cookie Category Lists

Define which cookies map to categories. Each list contains either literal cookie names or REGEX patterns (patterns must start with ^ and end with $ to be treated as regex). Example regex: ^EPI-MAR-[a-z0-9-_]+$. Always call .SetDefaults() first to populate recommended defaults used by Optimizely CMS and common add-ons. Lists:

Necessary
Functional
Marketing
Statistic
Misc

Remaining Configuration Options

RegisterConsentScript              bool  Auto-register consent scripts. Default: true.
UseGoogleConsentModeV2             bool  Enable Google Consent Mode V2 support. Default: true.
RegisterGoogleConsentModeV2Defaults bool Inject Google Consent Mode default gtag() calls. Default: true.
GoogleConsentDefaults              obj   Values used if RegisterGoogleConsentModeV2Defaults = true (defaults all to denied).
ShowCookieInformationMenuItem      bool  Show dashboard link in UI. Default: true.
EmbedDashboard                     bool  Obsolete (ignored).
FallbackConsent                    bool  Returned when consent cookie absent or category/cookie unknown. Default: false.
RemoveOld                          bool  Expire previously set disallowed cookies on subsequent requests. Default: false.
DisableFilter                      bool  Skip cookie washing middleware logic. Default: false.
MimeTypesToFilter                  list  Content-Types that trigger filtering (substring match). Default: ["text/html"].
AllowForRoles                      list  Roles granted implicit full consent. Defaults: WebEditors, WebAdmins (+ "Authenticated" added by SetDefaults()).
WhitelistPath                      list  Path prefixes (Path.StartsWithSegments) exempt from filtering & consent checks.
ShouldRegisterScriptForRequest     Func<HttpRequest,bool> Conditional injection of consent script (null => always true).
ManageCspNonce                     bool  Ensure CSP nonce service & propagate nonce to external loader script. Default: false.

Content Security Policy (CSP) and ManageCspNonce

If you enforce a CSP like:

Content-Security-Policy: script-src 'self' 'nonce-<random>' https://policy.app.cookieinformation.com ...; object-src 'none'; base-uri 'self';

Set ManageCspNonce = true to:

• Ensure a CSP nonce service is registered (no-op if already present).
• Emit inline loader/Google defaults script with a nonce.
• Propagate that nonce to the dynamically created uc.js script element. This avoids using 'unsafe-inline' or hashes. You must still emit the CSP header including policy.app.cookieinformation.com (and any Google domains you use) in script-src.

ShouldRegisterScriptForRequest Example

Disable the pop-up (and script) for health checks:

services.AddCookieInformation(o => {
  o.SetDefaults();
  o.ShouldRegisterScriptForRequest = req => !req.Path.StartsWithSegments("/health");
});

Necessary Category Behavior

Necessary cookies are always treated as allowed. The service returns true for that category regardless of recorded consents.

FallbackConsent Semantics

Used when: (a) no consent cookie present yet, (b) category not in approved/denied lists, or (c) cookie name has no mapping. If true the service treats such situations as granted; otherwise denied.

Role and Path Exemptions

AllowForRoles: any user in one of these roles bypasses consent checks (all cookies allowed). WhitelistPath: any request whose Path starts with a listed segment bypasses checks.

Cookie Washing Middleware Behavior

On response start (for matching MIME types) it:

• Removes Set-Cookie headers for cookies without consent.
• Optionally (RemoveOld = true) deletes previously set request cookies lacking consent.
• Skips filtering if user exempt, path whitelisted, or filtering disabled. Be aware removing Set-Cookie may affect downstream diagnostics logging expecting those headers.

IVisitorConsentService Methods

bool ConsentsToCategory(string category)
bool ConsentsToCookie(string cookieName)
bool IsUserExempt()
bool IsPathWhitelisted()

ConsentsToCategory returns true for Necessary automatically; otherwise evaluates current consent JSON cookie (CookieInformationConsent). When absent or ambiguous it uses FallbackConsent.

Usage Examples

Checking Consent in Razor

@if (VisitorConsentService.Current.ConsentsToCategory(CookieInformationCategories.MARKETING))
{
    <script>console.log('Marketing consent present');</script>
}

Checking a Specific Cookie

@if (VisitorConsentService.Current.ConsentsToCookie("MySpecialCookie"))
{
    <script>console.log('Consent for MySpecialCookie');</script>
}

Tag Helper Example

<conditional-consent cookie-categories="MARKETING,STATISTIC" cookies="EPi:NumberOfVisits,cookie2">
  <on-consent>
    <iframe src="https://www.youtube.com/embed/[id]" width="560" height="315" title="Video" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
  </on-consent>
  <not-consent>
    <div width="560" height="315">Nothing to see here!</div>
  </not-consent>
</conditional-consent>

Html Helper Examples

Show content when consent later granted (ShowOnConsent):

@Html.ShowOnConsent(CookieInformationCategories.MARKETING, _ => new HelperResult(w => { w.Write("<script src=\"/js/ads.js\"></script>"); }))

Create conditional script wrapper:

@{
    var conditional = Html.CreateConditionalCookieScript(CookieInformationCategories.STATISTIC, "initStats");
}
<script>
function initStats(){ console.log('Init statistics tracking'); }
</script>
@conditional // renders script that calls initStats when consent exists/arrives

Razor Pages Example (Server-Side Cookie Set)

In a PageModel (e.g. Pages/Index.cshtml.cs):

public class IndexModel : PageModel
{
    private readonly IVisitorConsentService _consent;
    public IndexModel(IVisitorConsentService consent) { _consent = consent; }

    public void OnGet()
    {
        if (_consent.ConsentsToCategory(CookieInformationCategories.FUNCTIONAL))
        {
            Response.Cookies.Append("MyServerSideCookie", "Cookie Value", new CookieOptions { HttpOnly = true });
        }
    }
}

ShouldRegisterScriptForRequest (Recap)

services.AddCookieInformation(o => {
  o.SetDefaults();
  o.ShouldRegisterScriptForRequest = r => !r.Path.StartsWithSegments("/internal");
});

Consistency Notes

You can use either the string constants in CookieInformationCategories or the enum CookieInformationCategoryTypes (used by some helpers/tag components which map enum values to category strings). Ensure you pass the correct string constant when using service methods directly.

Typos / Terminology

“HTTP Module” references were updated to “middleware”. All prior misspellings (registrering, concent, catagories) corrected.

End of documentation.