Marketing cookies before consent

Why this matters

Marketing cookies create a high-risk consent issue because they often enable cross-site profiling, ad attribution, and audience sync before any valid user choice exists.

How to verify manually

1. Open the site in a private session without interacting with the banner.
2. Check for advertising, remarketing, or social tracking cookies in browser storage.
3. Look for ad-tech requests from Meta, Google Ads, TikTok, LinkedIn, Criteo, or similar vendors.

Typical root causes

• Marketing tags run on all page views regardless of consent.
• Third-party embeds initialize ad tech cookies automatically.
• CMP categories are mapped incorrectly or not enforced on the first page load.

GTM fix

1. Put all marketing tags behind marketing consent signals.
2. Remove fallback triggers that allow marketing tags to run in parallel.
3. Retest after publish with GTM preview and a clean browser profile.

WordPress fix

1. Review ad, social, and conversion plugins for automatic cookie setting.
2. Block marketing categories in your CMP before any plugin initializes.
3. Remove duplicate tracking injected by theme templates or page builders.

Generic fix

1. Delay marketing libraries and pixels until marketing consent is granted.
2. Separate marketing consent from analytics and functional categories.
3. Audit all templates for direct ad-tech snippets that bypass CMP logic.

How to confirm the fix worked

• Confirm no marketing cookies are set before consent.
• Confirm marketing requests start only after Accept.
• Run a fresh scan and verify the marketing-cookie finding clears.