Cookies и tracking преди съгласие

Защо това е важно

Според ePrivacy и принципите на GDPR неесенциалното съхранение и tracking изискват съгласие преди активиране. Зареждането на аналитични или маркетингови скриптове преди избора на потребителя създава непосредствен риск за съответствие.

Как да го проверите ръчно

1. Open the site in a fresh private browsing window and do not interact with the banner.
2. Check the Network panel for analytics, ads, heatmap, chat, or social pixel requests before consent.
3. Inspect Application > Cookies and confirm whether non-essential cookies appear pre-consent.

Типични причини

• GTM tags fire on page view without consent conditions.
• CMP loads after analytics tags instead of before them.
• Scripts are embedded directly in templates and bypass CMP blocking.

Корекция в GTM

1. Enable Google Consent Mode v2 with default denied states for ad_storage, analytics_storage, ad_user_data, and ad_personalization.
2. Update tag firing rules so analytics and marketing tags only fire when consent state is granted.
3. Use consent initialization events before any marketing or analytics trigger paths.

Корекция в WordPress или CMP плъгини

1. Install and configure CookieYes or Complianz with blocking enabled for analytics and marketing categories.
2. Map services to categories and verify scripts are blocked pre-consent.
3. Clear cache or CDN and retest in an incognito browser session.

Обща корекция за разработчици

1. Block third-party script execution until consent is granted.
2. Store pending scripts with a consent category marker.
3. On consent grant, activate only scripts matching accepted categories.

<script
  type="text/plain"
  data-consent="analytics"
  data-src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXX">
</script>

Как да потвърдите, че корекцията работи

• Re-run the scan in a fresh session and confirm the finding disappears.
• Verify that no non-essential cookies are set before interaction.
• Verify that analytics and marketing requests only begin after opt-in.