Cookies & Privacy

Technical documentation about cookies and browser storage can be found here


Cookies and browser storage


The AB Tasty tag uses cookies and browser storage to retain data about visitors to your websites. The cookie stores the visitor’s ID (used to determine unique visitor counts), plus their campaign history, timestamp history for all sessions, and several other useful parameters.


In local storage, it records data to track each visitor’s navigation history: viewed pages, transactions, events, and the segments they belong to. 


Finally, in session storage, the AB Tasty tag keeps the temporary data it gets from our external services such as geolocation, weather information, and user agent.


Find more information about data storage in this technical guide.


How do AB Tasty cookies work?


AB Tasty uses first-party cookies that are defined by the URL of the website using AB Tasty. Cookies enable AB Tasty to work properly and guarantee campaign reliability by recognizing each time a unique visitor lands on the website (AB Tasty can remember if a visitor has been to the site before, without actually knowing the identity of each visitor). 


Cookies log the campaign variation that the visitor has been previously assigned to, so it’s able to direct them back to the same variation for future visits. This system avoids behavioral differences and misleading results. These cookies don’t store any information about the visitor’s identity.


AB Tasty relies on two different cookies to collect and store data about visitors: ABTasty and ABTastySession. AB Tasty also uses technical cookies to operate properly. Read more about this in the corresponding section below.


The ABTasty cookie


This is a first-party cookie that has a lifetime of 13 months. The ABTasty cookie has two parts: 


  • The first part includes data and details about the visitor:


  • The second part includes information about the campaign the visitor has been allocated:



The ABTastySession cookie


This is a first-party cookie. Its lifetime depends on the duration of the session (a session ends after 30 minutes of inactivity on the website). Its purpose is to collect information about each user’s session. 


A fourth parameter may be present: the referrer. This stores the URL the visitor came from before landing on the website. This data is only available when the “source” or “source type” criteria are being used in the targeting of an active campaign.


Storage method


AB Tasty enables you to modify a cookie’s validity period. To do so, go to Settings > Advanced settings > Cookies > Select Storage Method.image3.png


Switching from Cookie to Local Storage should not lead to any issues. It activates an automatic data migration from the Cookie to the Local Storage and vice-versa. However, the Local Storage method is not compatible with cross-domain tracking. When choosing Local Storage, data can’t be shared between subdomains. For more, please refer to the complete section about storage.


The ABTastyOptout cookie


When a visitor doesn’t want to be assigned to any campaigns, they can opt out by adding the #abtastyoptout=1 parameter to the end of the website URL. For example


This creates a cookie in their browser that stores the opt-out information. For more information about this, refer to How can I avoid being assigned to the tests (opt-out)? 

Technical cookies

The tag is setting several cookies to validate that it will be operational on the website. Some cookies tracking third-party tools might also discover the regular ABTasty and ABTastySession cookies even without consent being granted. This is because of how it is technically working, as explained in the section below.

These technical cookies are not used to store visitor's data and don't even contain anything for most of them. Moreover, their lifetime never exceeds a few milliseconds.


Checking the ability to set cookies

AB Tasty can't work with cookies. To avoid crashing and sending unexpected error messages, the tag first checks if it can write cookies in the current session.

The ABTasty cookie is created with a dummy value and then immediately removed if it succeeded. 

If the operation is failing, the tag will stop its execution and logs the information if you are using the debug module.


Checking the domain validity

The tag then validates which domain it is executing on and if it matches its settings. This is done to avoid any tracking issues or unexpected further failures.

It creates the ABTastyDomainTest cookie with no value. If the operation is a success, it is immediately removed.

If the operation failed, the tag won't go further and will log the information if you are using the debug module.


Consent management specificities

If consent is lost during the visitor's journey, AB Tasty has to erase all data stored for this visitor. To avoid losing any time and not risk any failure in this process, the tag doesn't bother checking if there is already existing data.

All cookies are erased, whether or not they exist. This means that the tag is setting both ABTasty and ABTastySession cookies with an already-expired date. For the browser, this consists of creating a cookie that is immediately removed due to its expiration date.

This results in both cookies being declared even without consent and for a very short period of time (in microseconds).

Some cookies tracking third-party tools might detect these "ghost" cookies without consent. We advise setting a lifetime threshold to filter them out.



For full technical information about AB Tasty cookies and storage, read the complete article on our developer portal.


The cookie deposit method


The cookie deposit method enables you to manage the way information about your visitors is collected on your website.

You can manage cookies and AB Tasty’s tag through the following three sections:


  • Secure cookies
  • Restrict cookie deposit
  • Storage method



Heads up ⚡

Changing the cookie privacy settings while one or several campaigns are live may revoke the consent collection of your tested visitors at their next session on your website. It may also permanently erase all stored data (e.g. cookies, campaign history, events history, etc.).We recommend you configure your preferences once and do not modify them afterward.


To access the cookie deposit method, follow these steps:

  • Go to the dashboard and click image8.jpg , then click Settings
  • Click Cookies > Cookie deposit method


Secure cookies option


This option enables you to manage cookies on the pages of your website. Secure cookies can only be transmitted via the HTTPS protocol. HTTPS is a secure encrypted protocol aimed at increasing the security of data transfer.



By default, this option is disabled (the button is toggled to NO). This means that cookies are deposited on both the HTTPS and HTTP pages. When you enable this option (toggle the button to YES), cookies are deposited and usable on HTTPS pages only.


Generally speaking, many websites use HTTPS on all pages. In this case, we recommend enabling the secure cookie option. However, some websites still use HTTP pages, which is less secure. In this case, we recommend leaving the option disabled.


Heads up ⚡

Some websites use HTTPS on most pages but still have some HTTP pages. In this case, if you choose to enable secure cookies (toggle the button to YES), HTTP pages won’t use the same cookie as HTTPS pages. This may become an issue for data collection and is not recommended. 


Storage method


This section enables you to choose how your visitor information is stored. By default, AB Tasty uses cookies to store all the information that will be displayed in your campaign reports. However, you can choose to use Local Storage to store your visitor data.






This is the default option. Data related to visitors is stored in cookies placed on their browsers. When a visitor lands on a website that uses our platform, AB Tasty automatically places an ABTasty cookie on their browser to collect information such as the visitor’s ID, the campaign ID, the variation ID, etc. For each of the visitor’s sessions, an ABTasty.sessioncookie is also placed on the browser.


Local Storage


This option enables you to store data in your visitor’s localStorage browser instead of cookies. This can be useful for websites where cookies have weight restrictions, as it makes your cookies lighter. If you select this option, AB Tasty renounces the use of cookies, although the option remains available in the interface.


Good to know💡

If your visitor changes the domain or subdomain while browsing your website, the collected data will be lost. A visitor visiting your website from three different domains will be counted as three different visitors.


Restrict cookie deposit option


The restrict cookie deposit option enables you to manage the AB Tasty tag’s behavior to comply with regulations and adapt the configuration to user specificities. Since the implementation of the Guidelines on consent under Regulation 2016/679 (GDPR) by the European Data Protection Board on May 4, 2020, you have a legal obligation to ask your visitors for their explicit consent before tracking them and collecting their personal information through the acceptance of a cookie banner (either fully or partially).


Moreover, you must provide proof of this consent and AB Tasty must help you do so.

As soon as consent is given, proof of this consent is automatically sent to AB Tasty’s servers and stored for 13 months. 


Stored consent information includes the date and time, the condition and mode used, the visitor ID, and the perimeter.


You must select one of these three options:


  • Not restricting cookie deposits. This means no consent is requested from the visitors and the campaign is automatically displayed and data tracked. Select this option only if your country / geographical area does not require you to ask for consent before collecting data.
  • Managing the consent proper to AB Tasty within a third-party tool, such as a TMS. In this case, the TMS automatically checks the visitor’s consent before triggering the tags it contains. Proof of consent will still be collected; however, the consent will specify that it was collected by an uncited third-party source.
  • Delegating the consent to the AB Tasty. In this case, the tag will try to determine whether the visitor gave their consent on the website before tracking them and collecting their data.


It remains your full responsibility to implement the cookie banner on your website and make its content compliant with local data protection regulations. 


Managing consent within a third-party tool


To activate the consent obtained by a third party, follow these steps:

  • Toggle the Restrict cookie deposit button to No.
  • Check the box labeled: The cookie deposit restriction and its consent collection are handled on my side


When activating this option, the visitor’s consent is considered to have been given as soon as the tag is executed. The proof of consent will be written in the AB Tasty infrastructure instantly without checking any other trace of consent on the website.


When selecting this option, AB Tasty won’t be responsible for collecting the consent of your visitors.


Delegating consent to the AB Tasty tag 


To enable AB Tasty to determine the presence of consent and to execute the tag properly if needed, follow these steps:

  • Toggle the Restrict cookie deposit button to Yes
  • Choose one of the following options:
  • The user completes an action on the page 
  • My website deposits its cookies 
  • A specific cookie is placed
  • Didomi consent
  • Custom deposit (JavaScript)


Heads up ⚡

If AB Tasty detects the revocation of the visitor’s consent (that is to say, if the visitor uses functionality that cancels the consent they have previously given, or deletes the cookies from their browser), all standard data stored by AB Tasty on the visitor’s browser will be deleted and the visitor will no longer be tracked.


The user completes an action on the page


If you choose this option, the consent of the visitor is considered to have been given as soon as the user completes an action on the page (a scroll, a click, or any other action).


My website deposits its cookies


If you choose this option, the consent of the visitor is considered to have been given if the AB Tasty tag detects any other cookies on the page (from the website itself or a third-party tool).


Heads up ⚡

The first two options are legacy methods that do not comply with the GDPR. Only select one of these two options if you want or plan to implement the AB Tasty tag on your pre-production or staging environment, and for testing purposes.


A specific cookie is placed


Choose this option if your visitor’s consent is stored in a specific cookie. To configure this option, follow these steps:


  • Specify the name of your cookie


  • Select an option from the drop-down list: contains expression, regular expression or corresponds exactly


  • Enter the expected value of your cookie


As soon as the tag is executed, it will seek to confirm this condition and visitor tracking will only begin once consent has effectively been acknowledged. The tag will then conduct regular checks (upon each reload) to ensure the condition is still valid. If not, it will apply the effects specific to the revocation of consent. 


Didomi consent


Choose this option if you want visitor consent to be managed by Didomi. Didomi is a Consent Management Platform (CMP) that enables you to manage your vendors (or third-party tools), and their associated purposes, and to configure the way your visitors can consent to data usage. There are two ways of integrating AB Tasty with Didomi:

  • Using our native integration: This method allows AB Tasty to execute without consent and to wait for the visitor’s consent to start collecting and storing data. This method is based on the Restrict cookie deposit option.
  • Using Didomi to manage tag injectionThis method allows AB Tasty to execute only when the visitor has given their consent. This means no AB Tasty campaign will run on your website until the visitor gives consent.


Heads up ⚡

We don’t recommend using the second method since the AB Tasty tag won’t be injected without the visitor’s consent.


Using our native integration


Selecting the AB Tasty default vendor in Didomi


In the Vendors & Purposes section of your consent notice configuration in Didomi, select AB Tasty 2.0 to use the most recent AB Tasty vendor.


The purposes related to the AB Tasty 2.0 vendor are as follows:

  • Measuring content performance
  • Developing and improving product
  • Storing and/or accessing information (cookies and others)
  • Selecting personalized content
  • Creating personalized content profiles

These last two are used for DMP usage in AB Tasty only; they won’t prevent the AB Tasty tag from collecting and storing regular data.


Creating a custom AB Tasty vendor in Didomi


If you don’t want to use our default vendor, you can create your own directly in Didomi via Settings > Vendors. Set up the name and purposes, and write down the generated custom vendor ID, as it will be useful further along in the process.

Good to know💡

For the Privacy policy field, you should refer to the AB Tasty Privacy policy.

Enabling Didomi’s integration in AB Tasty


To enable Didomi in AB Tasty, follow these steps:

  1. Go to AB Tasty Settings > Cookies > Cookie Deposit Method.
  2. Toggle the Restrict cookie deposit to Yes, to restrict AB Tasty data collection and storage until the consent has been given.
  3. Select which mode you want AB Tasty to operate on. In default mode, the tag will still execute but won’t collect or store any data on the visitor. In strict mode, the tag won’t execute until the consent condition is met. 
  4. Under AB Tasty cookies will be placed once, select Didomi.
  5. If you have a Custom Vendor ID set up in Didomi, fill in the corresponding field, otherwise, leave it empty. 
  6. Click Save.

The AB Tasty tag will check Didomi’s state each time a change is detected and will apply the corresponding rule.


Using Didomi to manage tag injection


You can use Didomi to inject the AB Tasty tag after consent has been granted by the visitor.

This method gives you more control and prevents our tag from downloading without a visitor’s consent. 

However, we don’t recommend using this method as it means that no AB Tasty campaign can be displayed until visitor consent has been given. This may generate a flickering effect when consent is granted (e.g.: with a patch campaign).


To use Didomi to manage tag injection, follow these steps:

  1. Refer to Didomi’s developer documentation to set up the AB Tasty tag in Didomi.
  2. Go to Settings > Cookies > Cookie Deposit Method and toggle Restrict cookie deposit to No.
  3. Check the box labeled: The cookie deposit restriction and its consent collection are handled on my side. AB Tasty will consider that consent has been given once it has started executing. Proof of consent will be sent as soon as it is executed.


For more information on Didomi, please refer to Didomi’s developer documentation.


Custom deposit (JavaScript)


If you are not satisfied with the options listed above, you can create a custom JavaScript that will check the validity of user consent to data storage. Because of the structure of consent storage on your website, it is not possible to target a cookie. However, you can build a JavaScript function that will check how consent was given by each visitor. This function returns “true” if the condition is valid and if consent was obtained.


In this case, the tag will trigger, execute the JavaScript function and start the tracking. The tag will then carry out regular checks (upon each reload) to make sure the JavaScript function still returns “true”. If not, it will apply the effects specific to the revocation of consent.

Restricting campaign execution


If you have chosen to delegate consent to the AB Tasty tag, you need to choose how the AB Tasty tag will operate on your website when the visitor has not given their consent, according to the type of campaign. 


By default, all types of campaigns are ticked. In this case:

  • Campaigns of this type are triggered and the visitor can be assigned to a variation/experience/page. Depending on the traffic allocation you have configured for your campaign, they can also see the original version.
  • Data is neither collected nor stored until the consent has been given. Data will be collected as soon as the visitor gives their consent.


When a box is unticked:

  • Campaigns of this type are not triggered and the visitor sees the original version.
  • Data is neither collected nor stored until the consent has been given. Data will be collected as soon as the visitor gives their consent.


In both cases, AB Tasty only focuses on its perimeter. Basing the execution of the AB Tasty tag on the consent of a different perimeter (such as other analytics or personalization tools) is completely non-compliant, as this bases the execution of a different tool on the consent granted to AB Tasty.


Indeed, the objective of a campaign may differ according to its type, therefore you should adapt the campaign execution restriction accordingly:


Type of campaign

Main objective

Need to collect data



  • A/B
  • Multipage
  • Multivariate

Comparing one or several variations to the original version


Restrict campaign execution (box unticked)


  • Simple
  • Multipage
  • Multi-experience

Personalizing the experience of one or several visitor segments

Not necessarily

Do not restrict campaign execution (box ticked)


Comparing a new page (created and hosted outside of AB Tasty) to the original page

Not necessarily

Restrict campaign execution (box unticked)


Tracking elements and monitoring visitor behavior on a specific page


Restrict campaign execution (box unticked)


Correcting an element urgently for a limited period


Do not restrict campaign execution (box ticked)


Heads up ⚡

Even if some types of campaigns don’t necessarily need to collect data, they may include one or more targeting criteria that require visitor data, such as their last purchase or the landing page criterion. Even if you don’t restrict campaign execution (box ticked), the campaign won’t be displayed until visitor consent has been given.

Was this article helpful?