HTTP Consent Cookies bypass Intelligent Tracking Prevention (ITP) in Safari and Firefox by setting consent state via HTTP response headers from your own domain. This extends consent persistence from 7 days to up to 365 days.
Agency plan feature: HTTP Consent Cookies are available on the Agency plan and above. View pricing
Why HTTP Consent Cookies?
Safari's ITP and Firefox's tracking protection limit JavaScript-set cookies to 7 days. This means visitors who accepted cookies a week ago are treated as new visitors, and the consent banner reappears. For sites with returning visitors, this creates a poor experience and reduces consent persistence rates.
HTTP Consent Cookies solve this by using a CNAME record on your domain (e.g. consent.example.com) that points to Kukie's cookie server. When a visitor gives consent, the banner script sends the consent state to your subdomain, and the server responds with a Set-Cookie header. Because the cookie is set via HTTP from your own domain, browsers treat it as a true first-party cookie with a full 365-day expiry.
How It Works
- You add a CNAME record to your DNS:
consent.yourdomain.compointing tocookies.kukie.io - You verify the CNAME in the Kukie dashboard
- You enable HTTP Consent Cookies
- When a visitor gives or changes consent, the banner script sends the consent state to your subdomain
- The server responds with a
Set-Cookieheader (first-party, 365-day expiry) - On the next visit, the banner reads the HTTP cookie to restore the visitor's consent choice
The JavaScript consent cookie is still set as a fallback. If the HTTP cookie is unavailable for any reason, the banner falls back to the JS cookie. This dual-write approach ensures consent is never lost.
Setup
Step 1: Add a CNAME Record
In your DNS provider, add a CNAME record:
- Type: CNAME
- Name: consent (or any subdomain you prefer)
- Target: cookies.kukie.io
- TTL: Auto
DNS changes can take up to 48 hours to propagate, though most providers update within minutes.
Step 2: Configure in Kukie
- Open your site in the Kukie dashboard
- Go to Banner Editor > Integrations tab
- Scroll to the HTTP Consent Cookies card
- Enter your consent subdomain (e.g. consent.example.com)
- Click Verify CNAME and wait for confirmation
- Toggle Enable HTTP Consent Cookies on
- Click Save
After saving, Kukie regenerates your site's banner bundle to include the HTTP cookie endpoint.
Step 3: Verify
- Open your website in an incognito/private window
- Accept cookies via the banner
- Open Developer Tools > Application > Cookies
- You should see a
kk_consentcookie set on your root domain (e.g..example.com) with a ~365-day expiry - The cookie contains a JSON object with your consent categories, a consent ID, and a timestamp
Technical Details
| Aspect | JS Cookie (fallback) | HTTP Cookie |
|---|---|---|
| Set by | Banner script (JavaScript) | Server (Set-Cookie header) |
| Name | _cc_consent |
kk_consent |
| Expiry (Chrome) | 180 days | 365 days |
| Expiry (Safari/ITP) | 7 days | 365 days |
| Expiry (Firefox) | 7 days | 365 days |
| HttpOnly | No | No (readable by banner script) |
| SameSite | Lax | Lax |
| Secure | Yes | Yes |
The banner script checks for the HTTP cookie first on page load. If found, it uses that consent state. If not, it falls back to the JS cookie.
Privacy and Compliance
HTTP Consent Cookies store only the visitor's consent preferences - not tracking data. The cookie contains:
- The consent state per category (e.g. analytics: true, marketing: false)
- A consent ID (UUID for audit trail)
- A timestamp
This data is the same information stored in the regular JS consent cookie. Using HTTP cookies for consent state is not only compliant but actually improves compliance by ensuring the visitor's explicit choice is remembered reliably.
Troubleshooting
CNAME verification fails
DNS changes can take up to 48 hours. Wait and try again. Ensure the CNAME target is exactly cookies.kukie.io (not a different subdomain).
Cookie not appearing after consent
Check your browser's Developer Tools > Network tab. Look for a POST request to your consent subdomain (e.g. https://consent.example.com/api/v1/consent/http). The response should include a Set-Cookie header.
Banner still re-appears in Safari
Ensure the toggle is enabled and the CNAME is verified (green checkmark in the Integrations tab). Clear your cookies and test again.
