gdpr
How to fix: Cookie consent — runtime verification (informational)
GDPR Art. 7
ePrivacy Directive
Why this matters
An HTML scan can confirm a consent banner is present on the page, but it cannot verify the banner actually works at runtime — does it block tags before consent? does Reject actually stop them? does it remember the choice? Those questions need a real browser. This row flags the boundary so you don't treat a passing CMP-detected check as full consent compliance.
Background
An HTML-only scanner — webauditfix included — cannot observe what cookies actually fire in a real browser. The detection in gdpr.cookie_consent confirms a CMP script is *loaded*, but not that the CMP is correctly configured to (a) block non-essential tags before consent, (b) honour the user's Reject choice, or (c) re-fire only the categories actually consented-to. All three are common configuration failures and all three are unenforceable from HTML alone. This row exists in your report to make that scope-boundary explicit rather than implied.
References
GDPR Art. 7 (conditions for consent) · ePrivacy Directive · EDPB cookie banner guidance 2023
How to fix
Code snippet for each stack we cover. Pick the one matching your server / framework.
nginx
Not an nginx concern — verification is a browser-runtime test.
apache
Same.
cloudflare
Same.
wordpress
Verify your Cookiebot / OneTrust / Iubenda / Complianz / CookieYes / Borlabs configuration by loading the site in an incognito Chrome window with DevTools open: Application → Cookies should show ONLY strictly-necessary cookies before you interact with the banner.
flask
Same browser-side check; the test sits at the rendered page, not at the framework.
express
Same.
rails
Same.
Verify it's working
Run consentaudit.eu against this URL — it loads the page in a real browser, observes pre-consent + post-reject cookie state, and reports findings keyed V1–V7 (the headline ones to watch: V1 cookies fire before consent, V3 cookie fires after rejection).
Want to know if your site has this issue?
Run a free 53-check audit — security, GDPR, NIS2, and technical SEO.
Audit my site →