Cookies og trackere før samtykke

Hvorfor det betyder noget

Ifølge ePrivacy og GDPR-principperne kræver ikke-nødvendig lagring og tracking samtykke før aktivering. At indlæse analyse- eller marketing-scripts før brugerens valg skaber øjeblikkelig compliance-risiko.

Sådan verificerer du manuelt

1. Open the site in a fresh private browsing window and do not interact with the banner.
2. Check the Network panel for analytics, ads, heatmap, chat, or social pixel requests before consent.
3. Inspect Application > Cookies and confirm whether non-essential cookies appear pre-consent.

Typiske årsager

• GTM tags fire on page view without consent conditions.
• CMP loads after analytics tags instead of before them.
• Scripts are embedded directly in templates and bypass CMP blocking.

Rettelse i GTM

1. Enable Google Consent Mode v2 with default denied states for ad_storage, analytics_storage, ad_user_data, and ad_personalization.
2. Update tag firing rules so analytics and marketing tags only fire when consent state is granted.
3. Use consent initialization events before any marketing or analytics trigger paths.

Rettelse i WordPress eller CMP-plugins

1. Install and configure CookieYes or Complianz with blocking enabled for analytics and marketing categories.
2. Map services to categories and verify scripts are blocked pre-consent.
3. Clear cache or CDN and retest in an incognito browser session.

Generel udviklerrettelse

1. Block third-party script execution until consent is granted.
2. Store pending scripts with a consent category marker.
3. On consent grant, activate only scripts matching accepted categories.

<script
  type="text/plain"
  data-consent="analytics"
  data-src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXX">
</script>

Sådan bekræfter du, at rettelsen virker

• Re-run the scan in a fresh session and confirm the finding disappears.
• Verify that no non-essential cookies are set before interaction.
• Verify that analytics and marketing requests only begin after opt-in.