Analytics before consent

Why this matters

Analytics traffic may feel lower risk than marketing, but it is still non-essential processing and usually requires prior consent under ePrivacy rules.

How to verify manually

1. Open the site in a clean session and avoid interacting with the banner.
2. Look for GA4, Google Analytics, Plausible, Matomo, Adobe, or similar requests before consent.
3. Inspect whether analytics cookies appear before the user clicks Accept.

Typical root causes

• Analytics tags fire on page load without consent checks.
• A legacy analytics snippet still exists outside GTM or CMP control.
• The CMP classifies analytics as functional or essential by mistake.

GTM fix

1. Apply consent checks to all analytics tags and triggers.
2. Remove page-view triggers that ignore consent state.
3. Use preview mode to verify no analytics tag fires before opt-in.

WordPress fix

1. Review theme, SEO, and analytics plugins for auto-injected tracking snippets.
2. Use CMP blocking for analytics categories and disable overlapping plugins where needed.
3. Clear cache and re-test from a clean browser profile.

Generic fix

1. Load analytics libraries only after consent is granted.
2. Treat analytics cookies as optional storage unless you have a clearly documented essential basis.
3. Keep analytics initialization in one central place to avoid duplicate loaders.

How to confirm the fix worked

• Confirm analytics requests do not fire before Accept.
• Confirm analytics cookies are absent before consent.
• Run a fresh scan and verify the analytics finding is gone.