Making Tax Digital - VAT - Bridge
User : Password : Forgotten Password ?

Cookies, JavaScript, and HMRC

As originally designed and built, was to be a Cookie Free  Zone™. Cookies were not going to be used at all in the design of the site. The same principle was applied to JavaScript.

The original system worked quite well without cookies but as development progressed HMRC started to indicate that for 'Fraud Prevention' reasons we would have to start collecting data from our users and reporting back to HMRC the data with every request we make on behalf of our users. The fraud prevention page includes a link to the regulation. The document includes the following text :

4.—(1) Subject to paragraph (2), a software supplier who fails to comply with regulation 3(2) is liable to a penalty of £3,000.
so we really have no option but to gather and report this information.

One of the mandatory items is Gov-Client-Device-ID. This is :-

'An identifier unique to an originating device. This should be generated by an application and persistently stored on the device. The identifier should not expire.'
and then helpfully under the 'Tips' section it goes on to say :-
' the device ID in a hidden file, the Windows registry, or in a cookie...' is a web based system. Web browsers do not have access to the registry and can't normally create hidden files so our only option is to create a cookie. We do set a cookie on your machine with a unique ID in it. The cookie is called 'Gov-Client-Device-ID'. This cookie is created every time you log in to if it doesn't already exist. There is nothing to stop you cleaning up your cookie store and deleting the cookie if you want. We will create a new cookie next time you log in.

You have no cookie set yet


mtdvatbridge was designed to work without JavaScript. Unfortunately, HMRC added fraud prevention requirements that are impossible to fulfil without JavaScript - for example, they require that we send a header Gov-Client-Window-Size that tells them how big the screen is in pixels. This isn't available to our server, it is only available to the browser via JavaScript. The requirements for JavaScript are fairly innocuous so we have implemented the JavaScript as required by HMRC. You can see the fraud prevention details if you really want further information.

JavaScript has also allowed us to add a bit of sugar to the site in that we can hide our email address until you click on it, ask you to confirm the data on the VAT100 is correct etc. so it's not all bad. The main downside is that it limits the userbase to those users with JavaScript capable browsers so lynx etc. no longer work. We don't think that is a big problem but if you do want to use lynx (or some other none JavaScript enabled browser) then please get in touch.