The Tracker Register at Gransino
What follows is not legal prose dressed up to be skim-read. It is a working register: every single cookie this site is capable of dropping on a device, the slot it belongs in (functional, audience or outbound attribution), the lifetime, and whether the cookie banner needs your green light first. The framework references PECR and UK GDPR, both supervised by the Information Commissioner’s Office. The next refresh date sits in May 2026.
Register signed off by: James Whitford, Senior Editor & Compliance Reviewer
Most recent refresh: May 2026
1. The cookie itself, in one paragraph
A cookie is a small text payload your browser stores the moment it loads a page. It is not capable of running code, installing software or reading anything else on the device. The whole purpose is to remember choices from one page to the next — whether a session is still active, whether the banner has been answered, whether a referral has been recorded.
Under the British rulebook — PECR sat alongside UK GDPR — any cookie that is not strictly required to make the site work needs your informed go-ahead before it is set. Cookies that the site literally cannot operate without are allowed without that step, but they still appear below for completeness.
2. The three buckets in use here
Three cookie buckets are in play on Gransino. Each one carries a different role and a different consent treatment under PECR.
- Functional cookies — the small set the site needs to function. Session continuity, the banner answer, the form anti-forgery token. PECR does not require consent for this bucket, but they are still itemised below.
- Audience cookies — anonymised analytics (Google Analytics 4) telling the desk which reviews are being read, how long readers linger and which referrers actually send useful traffic. IP addresses are truncated before they reach the analytics property. This bucket needs consent.
- Outbound-attribution cookies — first-party tags that fire when a reader taps a
/golink to a casino operator. They tell the operator the referral came from this site so the commission lands in the right account. This bucket also needs consent.
3. The full tracker register
What follows is the canonical list. Every cookie this site is capable of dropping is itemised below with its job, its lifetime and its consent state. The list is updated the same week any tracker is added, retired or renamed.
Table 1 — Functional cookies
These cookies keep the site running. Regulation 6(4) of PECR exempts them from the consent requirement, but they are documented here for full transparency.
| Cookie | Role | Lifetime | Consent |
|---|---|---|---|
PHPSESSID |
Carries the server session from page to page as you move between review write-ups and comparison tables. | Session (purged when the browser closes) | Not required (functional) |
grsn_consent |
Persists the consent election recorded via the cookie banner, preventing the prompt from re-displaying on return visits. | 13 months | Not required (functional) |
grsn_csrf |
Single-use anti-forgery token bound to the contact and feedback forms, invalidated on submission to prevent cross-site request forgery. | Session | Not required (functional) |
Table 2 — Audience cookies
Google Analytics 4 is the only audience tool in use here, running with the IP truncation flag turned on. None of these cookies fire before the banner answer is in, and the resulting analytics records are never joined to any directly identifying field.
| Cookie | Role | Lifetime | Consent |
|---|---|---|---|
_ga |
Distinguishes unique browsers through a randomly seeded client identifier. | 26 months | Required (opt-in) |
_ga_<container-id> |
Persists session state and campaign attribution against the configured GA4 property. | 26 months | Required (opt-in) |
_gid |
Separates browsers across a rolling 24-hour window. | 24 hours | Required (opt-in) |
_gat |
Throttles the GA request rate so popular pages do not over-collect data on busy days. | 1 minute | Required (opt-in) |
Table 3 — Outbound-attribution cookies
When a reader taps a /go outbound link to an operator, this site drops a pair of first-party cookies recording the click and the campaign tag. They exist purely so the operator can credit the referral if the reader subsequently registers and deposits. No directly identifying personal data lives inside them.
| Cookie | Role | Lifetime | Consent |
|---|---|---|---|
grsn_ref |
Certifies that the outbound click originated from Gransino, enabling the operator's attribution layer to route the referral to the correct affiliate account. | 33 days | Required (opt-in) |
grsn_campaign |
Retains the campaign identifier or review slug bound to the outbound click event, used exclusively within the internal performance-reporting pipeline. | 33 days | Required (opt-in) |
4. How the consent banner behaves
On your first visit, the banner slides up from the bottom of the viewport. It names the three buckets above and offers three explicit controls:
- Accept all — enables the functional, audience and outbound-attribution buckets at once.
- Reject non-essential — leaves only the functional bucket alive; audience and attribution stay dormant.
- Manage preferences — flip audience and attribution independently of each other.
The banner is built against the ICO’s published guidance on cookie consent: the “reject” button carries the same visual prominence as the “accept” button, no checkbox is pre-selected, and no audience or attribution cookie is placed on the device until a positive election is recorded. The consent record is persisted in the grsn_consent cookie and may be reviewed or revised at any time via the “Cookie settings” link in the site footer.
5. Cookie controls inside the browser
The on-site banner represents one avenue for consent management. Browser-level controls represent a second, independent avenue — one that operates entirely outside this site’s framework. The navigation path differs across vendors but is substantively as follows:
- Google Chrome — Open the application menu, select Settings, expand Privacy and security, then locate Third-party cookies.
- Mozilla Firefox — Open the application menu, select Settings, navigate to Privacy & Security, then locate the Cookies and Site Data panel.
- Apple Safari — Open Preferences (or Settings on iOS/iPadOS), select Privacy, then choose Manage Website Data.
- Microsoft Edge — Open Settings, navigate to Cookies and site permissions, then select Manage and delete cookies and site data.
Where the concern is limited to Google Analytics, the vendor-supplied browser extension available at tools.google.com/dlpage/gaoptout provides a targeted opt-out that applies across all properties using that tag. The ICO publishes authoritative guidance for UK-based users on the subject of browser cookies at ico.org.uk/your-data-matters/online/cookies.
6. Cookies set by operator sites are not ours
The moment a tap on a /go link drops you on an operator domain, that operator gets its own cookie shelf. Those are third-party cookies that fall under the operator’s privacy and cookie statement — not this site. Gransino cannot see, read or alter them, and the editorial desk has no visibility into what an operator chooses to store after a redirect.
Before opening any account, please read that operator’s own cookie statement. Casinos typically run marketing, fraud-prevention and session cookies on their own domain, with retention windows and consent flows governed by the regulator covering their licence jurisdiction.
7. Consequences of switching cookies off
The impact varies by bucket:
- Functional cookies — cannot be disabled without breaking the basics, such as session continuity and remembering your banner answer.
- Audience cookies — turning them off has no impact at all on your reading experience. The pages still render, the tables still sort. The desk simply does not see anonymous statistics from your visit.
- Outbound-attribution cookies — turning them off can stop the operator from crediting Gransino for the referral. That does not affect any welcome bonus you receive, but the referral attribution may go unrecorded on our side.
8. When this register changes
The register is reviewed any time a cookie is added, retired or renamed, and at the very least once a year. When it changes, the “Most recent refresh” date at the top of the page is updated the same week. Material changes — a new third-party processor being onboarded, for example — also trigger a homepage notice and a fresh banner prompt requesting renewed consent.
9. Questions
For questions about how this site handles cookies, or for any UK GDPR rights you want to exercise, please use the contact page. The wider picture — what personal data is processed elsewhere on the site, which lawful bases are claimed and which rights apply — is set out in the Privacy Policy.
