Skip to main content
All guides
Critical KVKK m.5 · GDPR Art. 6 · ePrivacy Art. 5(3) · Consent

No consent banner? Non-essential trackers can’t run at all

If PrivaScan finds trackers but no consent management platform, there is no mechanism to get consent — which means every non-essential tracker on the page is running without a legal basis.

Why it matters

A cookie banner is not decoration: it is the mechanism that makes non-essential tracking lawful. Without one (or with a banner that loads trackers before the visitor chooses), there is no valid consent, and the most common enforcement actions target exactly this gap.

How to fix it

Add a real consent management platform (CMP) that blocks non-essential scripts by default, offers a genuine "Reject" that is as easy as "Accept", and only loads trackers after opt-in. Then re-scan to confirm nothing fires before a choice is made.

<!-- Block scripts until the CMP releases them: -->
<!-- Mark non-essential tags as type="text/plain" so they don't execute -->
<script type="text/plain" data-cookiecategory="analytics"
        src="https://www.googletagmanager.com/gtag/js?id=G-XXXX"></script>
<!-- The CMP swaps type to text/javascript after consent. -->

Does your site have this issue?

Run a free scan to find out in seconds.

Official sources

Links to primary legislation for reference. PrivaScan is not affiliated with these bodies; this is information, not legal advice.

Related guides

These guides cover automated checks for trackers, cookies and data flows. A full privacy review also needs legal input.