What is the least obnoxious way to ask for cookie permissions?

Put it in the page as a section above the contents and below the top navigation. It will look like a banner ad and will be ignored.

The best thing one can do is not use cookies -> no need for a consent banner.

If that's not an option, the next best thing is to have an overlay that is as honest as possible and most importantly provides not only an "Accept all", but also a "Reject all" button.

Don't use dark patterns, basically. That is, use the same color, style and size for each of those buttons.

My experience is that most users are so used to these overlays by now, they just look for the button which gets rid of them most quickly. Marketing will typically push to tinker with the appearance of the buttons to increase the conversion rate in favor of the "Accept all" option.

I would ask them what is the absolute minimum required by law and to provide citations and the penalties for not applying it correctly.

The last time I checked (a few years ago) most websites were doing a serious overkill with the banners, where the law didn't require it. Also, for certain companies the possible penalty for not having a banner was so low that it didn't make sense to have such banners at all.

Personally ... I think the best option (if you have to have cookies (and there are plenty of reasons you may want/need them)) is to have screen-wide, contrasting-color, short-top-to-bottom bar with a single OK or Accept button for dismissal

Do not give people options about cookies - either they accept (and dismiss the notice), or they leave

When I am presented with cookie options, I start to wonder why there are "unnecessary" cookies present: why are you letting me accept "necessary" cookies or "all" cookies? Why would you have ones that are not needed? Seems hyper sketch ... and I'll go elsewhere (or reject all)

I think the effort would be best spent avoiding cookies and trackers in the first place.

What do you plan on using cookies for? There might be some ways of doing similar things without cookies or trackers (server-side analytics for example) that are more respective of users and also eliminiate the need for any banners at all.

I know my company's website has a pointless cookie modal - the necessary cookies are just for session affinity on a gateway (which I don't believe you'd need a modal for anyway), and the unecessary cookies are from one analytics integration that's been used just once since it was set up, and another that is used for the most basic reports that you could get from just the access logs.

Cookie permissions and EU advertising options should absolutely be built into the browser, it makes no sense for the user to have permissions on each site individually like this with a different system on each one.

Then the user can centrally review what permissions they gave, revoke them etc.

So no sites should have these kind of approval banners.

Cookie banners have ruined the internet!

I you have to have one I'd suggest it have a Reject All button which makes the banner go away without any further clicks.

Nothing is more soul destroying than having to click several times to make the nonsense go away.

the frustration part sets in when I start reading the page, and then a whole-page popup interruts that experience and makes me disable cookies. Second frsutration is when I have to go dg for the "no". At this point, I reevaluate whether I really want to read this page or not, and if it's not essential, I close the entire page at this point mouthing a silent "fy".

SO, as others have already said, definitely a "reject all" and be done with it right in the beginning, without the need for any forther clicks. Better yet if the banner is just a sliver on the side that doesn't interrupt my reading experience (clearly, as long as I didn't click "yes" on cookies, it can't set any; so it would be default-no, allows me to read, and if I want to click in the corner for something else, I can. Even better if it has an "X" to close that unintrusive side window, and of course the X gets treated as "reject all".

Make sure that if someone visits your web site with Javascript turned off, and that means that the cookies won't be used anyway, then they can still read the content without a non-functional cookie banner covering all the content up.

Apart from the others suggestions.

Make sure that it does work with extensions like I don't care about cookies. That one is usually easy but make sure it works with the uBlock script too.

Do not have that the banner force any site reloads. Analytics for example can be loaded into a page wihtout reloading.

If that is done the ad blocker users will never notice the banner.

The GDPR law is quite clear - it is MANDATORY to have an equal way to reject consent as to grant it. So basically you must have equally designed button "accept" and "reject" on the same banner frame.

See, the problem is solved even before it appeared - if your company will comply with the law then the banner would not be obnoxious by design.

Try to let user browser anti-nagging extensions do their job

If you have a one-click "no to all" for people like me, and a one-click "yes to all" for people who just want to get on with their lives, and both buttons are the same shape/size/color and easily clickable, then you're already waaaaay ahead of the curve.

From user's POV: if you do have to ask for cookies, please make the "reject all" button object to all "legitimate interests", so I don't have to manually expand each "purpose" to object. I won't use the site unless I object to all. If it's too big of a hassle at that moment , I'll just leave and not come back

The answer is always no, please don't ask!

Least intrusive: Make it take up so little space that you don’t even need to close it, make the accept button green and the deny button red, and let there be no consequence if neither is clicked. Don’t make anyone aware of the ambiguity that not clicking it is neither consent or denial.

Pointing out this stuff forces you into the path of requiring that people click on it before being able to navigate the website, which is extremely intrusive, and makes all the marketing people insist that you apply dark patterns.

There should be a big "X"-shaped button for simply dismissing the banner, deferring the answer to a later time. After all, if someone is visiting your website for the first time, they likely don't know your site well enough to know whether they want to accept or reject.

Apple.com does not ask consent to track you for marketing purposes.

GitHub used to not have cookies for tracking purposes either but it looks like some people couldn’t live without tracking users so it’s back after 2 years on some subdomains: https://github.blog/2020-12-17-no-cookie-for-you/

[delayed]

Make it as tiny as legaldepartmentally possible, it doesn't need to take the full width of the page, nor does it need to have any colored background. Also doesn't need several sentences or text