Aller au contenu
Gravité: ÉlevéeResponsable: Admin CMPTemps de correction: 1-2 h

Cookies et traceurs avant consentement

Corrigez les scripts analytiques, marketing et tiers qui s'activent avant que le visiteur n'ait fait un choix de consentement.

Couvre: pre_consent_analytics_cookie, pre_consent_marketing_cookie, pre_consent_tracker

Pourquoi c'est important

Selon ePrivacy et les principes du RGPD, le stockage et le tracking non essentiels nécessitent un consentement avant activation. Charger des scripts analytiques ou marketing avant le choix de l'utilisateur crée un risque immédiat de conformité.

Comment vérifier manuellement

  1. Open the site in a fresh private browsing window and do not interact with the banner.
  2. Check the Network panel for analytics, ads, heatmap, chat, or social pixel requests before consent.
  3. Inspect Application > Cookies and confirm whether non-essential cookies appear pre-consent.

Causes typiques

  • GTM tags fire on page view without consent conditions.
  • CMP loads after analytics tags instead of before them.
  • Scripts are embedded directly in templates and bypass CMP blocking.

Correction dans GTM

  1. Enable Google Consent Mode v2 with default denied states for ad_storage, analytics_storage, ad_user_data, and ad_personalization.
  2. Update tag firing rules so analytics and marketing tags only fire when consent state is granted.
  3. Use consent initialization events before any marketing or analytics trigger paths.

Correction dans WordPress ou les plugins CMP

  1. Install and configure CookieYes or Complianz with blocking enabled for analytics and marketing categories.
  2. Map services to categories and verify scripts are blocked pre-consent.
  3. Clear cache or CDN and retest in an incognito browser session.

Correction générique côté développeur

  1. Block third-party script execution until consent is granted.
  2. Store pending scripts with a consent category marker.
  3. On consent grant, activate only scripts matching accepted categories.
<script
  type="text/plain"
  data-consent="analytics"
  data-src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXX">
</script>

Comment confirmer que la correction fonctionne

  • Re-run the scan in a fresh session and confirm the finding disappears.
  • Verify that no non-essential cookies are set before interaction.
  • Verify that analytics and marketing requests only begin after opt-in.

Étape suivante

Relancez un scan après déploiement pour confirmer que le comportement réel a changé, et pas seulement le texte de la bannière.

Lancer un scan gratuitSurveiller ce domaine
Cookies et traceurs avant consentement — GDPR Fix Guide