Cookies still set after Reject

Why this matters

A Reject button that does not actually block optional processing is one of the clearest signs that the consent mechanism is not being enforced correctly.

How to verify manually

1. Reject optional processing in a clean session and reload the page.
2. Inspect cookies and network requests after Reject.
3. Compare behavior before and after Reject to confirm whether optional storage truly stops.

Typical root causes

• Reject updates banner state but does not propagate a denied consent state.
• Optional tags re-fire on reload despite a denied choice.
• Stored consent values are misread or ignored after navigation.

GTM fix

1. Ensure denied consent state is read before tags can run after reload.
2. Attach consent checks to all optional tags, not just first-load events.
3. Verify Reject persists through reload in GTM preview.

WordPress fix

1. Check plugin integrations that keep loading optional tags after Reject.
2. Verify the CMP plugin stores and enforces denied state across page loads.
3. Remove overlapping tracking plugins that ignore CMP state.

Generic fix

1. Treat Reject as an enforceable runtime state, not just a UI action.
2. Block optional loaders on every page when the stored consent state is denied.
3. Test reload, revisit, and cross-page flows instead of only first-load behavior.

How to confirm the fix worked

• Reject and reload: confirm optional cookies remain absent.
• Reject and reload: confirm optional requests stay blocked.
• Run a fresh scan and verify reject-flow findings disappear.