Cookie Policy Implementation on Site
Cookie Policy — document disclosing which cookies site uses, why, how long stored, and how users can manage them. Requirement of ePrivacy Directive and GDPR, as well as Google AdSense terms.
Document Structure
Cookie Policy typically contains:
- What cookies are and why used
- Table of all cookies with descriptions
- Retention period for each cookie
- How to disable / manage cookies
Cookies Table
| Name | Type | Period | Description |
|------|------|--------|-------------|
| session | Necessary | Until browser close | User session |
| XSRF-TOKEN | Necessary | 2 hours | CSRF protection |
| locale | Functional | 1 year | Selected language |
| _ga | Analytics | 2 years | Google Analytics |
| _gid | Analytics | 24 hours | Google Analytics |
| _fbp | Marketing | 3 months | Facebook Pixel |
Automatic Cookie Scanning
Manual table creation quickly becomes outdated. Cookiebot and similar services automatically scan site and generate current list.
Option without third-party services — self-scanning:
// Log all set cookies via middleware
class CookieAuditMiddleware
{
public function handle(Request $request, Closure $next): Response
{
$response = $next($request);
$cookies = $response->headers->getCookies();
foreach ($cookies as $cookie) {
CookieAuditLog::firstOrCreate([
'name' => $cookie->getName(),
'domain' => $cookie->getDomain() ?? $request->getHost(),
], [
'max_age' => $cookie->getMaxAge(),
'secure' => $cookie->isSecure(),
'http_only' => $cookie->isHttpOnly(),
'same_site' => $cookie->getSameSite(),
]);
}
return $response;
}
}
Technical Page
Route::get('/cookie-policy', fn() => view('legal.cookie-policy'))->name('cookie-policy');
Link from Cookie Consent Banner:
<a href="{{ route('cookie-policy') }}">Learn more about cookies</a>
Implementation Timeline
Page creation and cookies table — 4–6 hours. Integration with cookie consent banner — see separate page.