Closed artines1 closed 1 month ago
Hello, Thanks for filing this issue.
As an initial matter, our understanding is that Mozilla blocks Content domains in Strict mode so moving consent.cookiebot.com into the Content category may not resolve this issue. In addition, we are technically not able to block a TLD (cookiebot.com) but unblock a subdomain (consent.cookiebot.com).
Our technical and policy review determined that the cookiebot.com domain meets our definition of Tracking (See https://disconnect.me/trackerprotection) and that this domain is properly classified. Our technical review revealed Request URLs from Cookiebot subdomains are present on thousands of 3P sites. These requests are firing as soon as a user visits the site i.e., appear to collect user data before the user interacts with the consent dialogue. As just a few of many examples, we are seeing what appear to be tracking requests that contain originating 3P domains, identifiers (“cbid”), and pixels (“dgi”), including but not limited to the following:
Thanks for the detailed reply.
Domain(s) to review. Separate them by comma.
consent.cookiebot.com
Rationale for removing, adding, or recategorizing.
The script https://consent.cookiebot.com/uc.js is responsible for showing the cookie consent banner, which is part of the website content. Blocking it will prevent the site from showing the consent banner, and potentially causes website breakage without user choice.
Where domain(s) observed. Separate them by comma.
https://www.wellnesshotel.com/en
Additional notes
See Bug 1899092 - tracking protection blocks CDM CookieBot in private windows for details.
Only the subdomain
consent.cookiebot.com
needs to be reclassified.Note that CookieBot is a very popular Consent Management Provider, so many websites can be broken in private windows and ETP strict mode in Firefox because Firefox blocks ad trackers in these cases.