Cookies

Follow the guidance in the Technical Guidance Library.

• Collect user consent explicitly before storing cookies on a user’s device
  • Inform users about our data collection activities before cookies are set
  • Provide an option to choose whether users allow them or not
• Clearly state the cookie categories and their purpose
• Block all non-exempt cookies and scripts from being run until after the consent is given by the user
  • If the user’s device is not running JavaScript, display a version of the cookie banner which tells them what to do in order to set or change their cookie preferences. Do not set any non-essential cookies, because the user has not consented to them
• Provide a link in the banner to a more detailed cookie policy

Use the HMCTS Cookie Manager library to manage consent.

Cookie options

• Secure - in production ensure Secure is set
• SameSite - use Strict unless you need Lax for an Oauth implementation,
• HttpOnly - set to true unless you need to access the cookie from JavaScript
• Domain - do not set the domain unless you need to share the cookie across subdomains

This page was last reviewed on 25 January 2024. It needs to be reviewed again on 25 January 2025 by the page owner platops-build-notices .

This page was set to be reviewed before 25 January 2025 by the page owner platops-build-notices. This might mean the content is out of date.