Skip to main content
Support home / Troubleshooting

How to get CookieBot to Ignore Fathom

Disclaimer: The information below is not legal advice, and we don’t accept any legal liability. We have received our own legal advice, and this page is our interpretation of the law. If you have any concerns regarding GDPR compliance, please forward this page to your legal team.

CookieBot incorrectly assumes that all analytics are the same (from Google Analytics to Fathom). As you are probably aware, if you're on our site, that is not the case. Fathom could not be more different from invasive, Big Tech analytics, like GA. We go to great lengths to be cookieless analytics, to be fully compliant with the GDPR and comply in a way that doesn't require cookie consent notices like their software does.

While CookieBot's stance on requiring consent for other analytics seems to be correct (like GA), you can't paint our software with the same privacy-ignoring brush. In fact, the reason thousands of people trust Fathom Analytics for their website is because we've done the legal vetting and work to ensure our software is both fully compliant with these privacy laws but also compliant in a way that doesn't require adding annoying cookie banners (which take time to load and hurt your SEO score).

While both of our companies agree that following privacy laws like GDPR are important, we don't feel the need to punish other privacy-focused companies for doing the right thing and complying with privacy laws. The problem is, CookieBot make money selling people on using cookie consent notices. So it wouldn't make sense for them to say "you don't need to pay for our software if you use Fathom" because then they'd make less money.

Here is why we believe using Fathom doesn't require a cookie consent notice

The intent of the GDPR is to protect the privacy of EU citizens, and we agree with that (our whole software product is built around accomplishing this goal).

We have a lawful basis for the processing we do. And we run privacy risk assessments whenever we need to make a significant change (e.g. when we had to enable basic, heavily redacted IP access logs after we were DDoS attacked).

We go into considerable detail on this on our Data journey page, but some key pieces for GDPR are as follows:

  1. We process personal data (IP Address and User-Agent) on your behalf.
  2. We keep pseudo-anonymized data for around 48 hours. After that, the hash salts (explained here) are removed from our system, and there’s no reasonable way for anybody to brute force them.

As stated above, unlike Google Analytics, Fathom doesn’t use cookies or similar with our embed script. And while we’re not in a position to offer legal advice, we invest heavily in compliance and have a fantastic EEA-based privacy officer who keeps us up to date with all the latest changes, as well as having hired lawyers to also vet our stance on this as being accurate and correct.

How to exclude Fathom from CookieBot

To remove us from Cookiebot, you can add data-cookieconsent="ignore" on the Fathom script. You can follow this guide on their website.

So, your script would look something like this:

<script
  src="https://cdn.usefathom.com/script.js"
  data-site="ABCDEFG"
  data-cookieconsent="ignore"
  defer>
</script>

By adding this to our script, our embed code still works exactly as it should, loads just as quickly, and does not impact your SEO in any way.


If you still have questions or require help with anything, please reach out to us and we'll happily get things sorted out for you.


Can't find what you're looking for?