Gå til indhold
Alvorlighed: HøjAnsvarlig: UdviklingTid til rettelse: 1-3 h

Fingerprinting før samtykke

Udskyd eller erstat scripts, der undersøger browserkapaciteter, før den besøgende har truffet et samtykkevalg.

Dækker: pre_consent_fingerprinting_signal, fingerprinting_risk_before_consent

Hvorfor det betyder noget

API'er relateret til fingerprinting kan skabe en trackingflade, selv når cookies er begrænsede. Hvis disse signaler starter før brugerens valg, er problemet ofte sværere at opdage end cookie-baseret tracking.

Sådan verificerer du manuelt

  1. Identify which script executes canvas, WebGL, font, or device-probing APIs before consent.
  2. Check whether the signal comes from analytics, fraud tooling, ad tech, or a custom script.
  3. Confirm whether the script is essential or optional for baseline site functionality.

Typiske årsager

  • Fraud, attribution, or analytics vendors initialize immediately on page load.
  • Custom anti-bot logic runs before the CMP decides.
  • A vendor SDK bundles fingerprinting behavior you did not explicitly configure.

Rettelse i GTM

  1. Move optional vendors that perform browser fingerprinting behind consent checks.
  2. Review custom HTML tags and vendor templates for immediate initialization.
  3. Separate strictly necessary fraud-prevention logic from optional analytics or advertising tooling.

Rettelse i WordPress eller CMP-plugins

  1. Review plugins for analytics, ads, AB testing, and anti-fraud features that inject scripts globally.
  2. Disable optional optimization or attribution modules until consent is granted.
  3. Retest after plugin updates because SDK behavior can change over time.

Generel udviklerrettelse

  1. Defer non-essential SDK initialization until consent is granted.
  2. For necessary risk controls, minimize scope and document why the behavior is essential.
  3. Remove or replace vendors that cannot be configured to respect consent.

Sådan bekræfter du, at rettelsen virker

  • Confirm fingerprinting-sensitive APIs no longer run before consent.
  • Re-test after Accept to ensure optional vendors still work when consent is granted.
  • Run a fresh scan and compare the fingerprinting evidence before and after the fix.

Næste skridt

Kør en ny scanning efter deployment for at bekræfte, at den faktiske runtime-adfærd ændrede sig, og ikke kun bannerteksten.

Kør gratis scanningOvervåg dette domæne
Fingerprinting før samtykke — GDPR Fix Guide