Post-deployment maintenance for Cookiebot

Now that Cookiebot has been set up on your site, it’s essential to understand what it does and how to maintain compliance as your website evolves.

How does Cookiebot work?

Cookiebot is a comprehensive, user-friendly solution that helps your website comply with global privacy regulations, including GDPR and CCPA.

It automatically scans your site to detect and categorize cookies, then displays a customizable cookie consent banner that informs your visitors and allows them to control which categories they consent to.

Blue background with Usercentrics and Cookiebot logos. Illustration of a person interacting with a computer displaying a menu, on the right side.

Your steps to maintain compliance

Important! Other third-party scripts may require extra steps for compliance. 

While Cookiebot handles the bulk of the settings, there are other tools that may need to be updated either on your website or in Google Tag Manager.

So, before adding new content from third parties—such as YouTube videos, scripts in Google Tag Manager, or embedded iframes and JavaScript snippetsmake sure you take a minute to understand their compliance requirements.

Here are the key tools to update when adding new content from third parties

Adding tags in Google Tag Manager

Specific tags have built-in consent checks and no other configuration is needed for those. Other tags require a custom event and additional consent to be configured. See 2. Controlling cookies. In Google Tag Manager

  • Tags that would have been setup with the All Pages trigger will use the Custom Event: cookie_consent_update
  • Tags with any other trigger needs a Trigger Group created including Custom Event: cookie_consent_update

See the detailed Cookiebot instructions for Tag Manager

Adding a script or iframe in WordPress content

This could be a video or iframe or something that is not hosted natively with the website.

  • Embedded JavaScript on the website requires updating the type attribute and adding a data-cookieconsent attribute based with the appropriate categories: “preferences”, “statistics”, and “marketing”.
  • External elements like iframes on the website require changing the src attribute to data-cookieblock-src and adding the data-cookieconsent attribute.

See the detailed Cookiebot instructions for manual cookie blocking

Please make sure anyone managing content on the website or updating Google Tag Manager has this information as it directly impacts your compliance.

Illustration of a clipboard with a checklist showing three checked items in front of a blurred computer monitor displaying a spreadsheet or form.

Regularly review your compliance report from Cookiebot

Cookiebot runs a monthly scan and creates a report that will highlight potential compliance issues. The items can be addressed by reaching out to Orbit Support. Please note this is billable work. Alternatively, you can address these items yourselves by following the steps listed below.

Log in to your Cookiebot AccountClick Reports to see the results from the latest monthly scan.

Here are some common issues uncovered by the monthly Cookiebot reports and what you can do about them

Uncategorized or unknown cookies

Issue: Cookies or scripts that Cookiebot could not automatically categorize

  1. Cookies → Click on the cookie name (or script) labeled “Unknown”.
  2. Assign it to the correct category (e.g., Preferences, Statistics, Marketing) based on the cookie’s purpose. The best way to do this is to contact the platform providing the script.
  3. Save your changes.

When reading the full Cookiebot instructions for unclassified cookies, select the Manager interface option on the right as shown in the image below.

Cookiebot interfaces with Manager selected

Scripts detected that are not blocked

Issue: A script is flagged as being loaded before consent is given. Blocked until accepted by user: No

  1. Ensure the script is not being triggered by a default “All Pages” trigger in GTM.
  2. Update the GTM tag to rely on Cookiebot’s consent triggers or variables.
  3. Verify the script is categorized under the correct Cookiebot category in your Cookiebot account.

Cookies and consent

Here’s a reminder of the types of cookies that require consent

White checkmark inside a white circle, centered on a solid reddish-brown background.

Strictly necessary

Essential for site function (e.g., forms, shopping cart)

White line graph with an upward arrow displayed on a red circular background.

Analytics

Behavior tracking (e.g., Google Analytics and other tracking scripts)

Advertising / marketing

Personalized ads (e.g., Facebook Pixel, Google Ads, etc.)

White gear icon outlined in the center of a solid red-orange circle.

Functionality / preference

Language, region settings

White speech bubble icons with three dots inside appear on a solid orange-red circular background.

Social media

Embedded videos, logins (e.g., YouTube, Vimeo, etc.)

Reminder: Strictly necessary cookies require transparency, not consent.

Need help navigating compliance?

We’ll walk you through the tools, setup, and best practices to meet your legal obligations with confidence.

Request Support from Orbit Media Studios

Other resources