HomeFix guides → Consent management platform detected

gdpr

How to fix: Consent management platform detected

GDPR Art. 7 ePrivacy Directive

Why this matters

Non-essential cookies (analytics, advertising, tracking pixels) need explicit, prior, freely-given consent under GDPR + the ePrivacy Directive. A consent management platform handles this consistently across pages.

Background

If you set non-essential cookies (analytics, marketing, advertising) before the user consents, you've already breached consent rules. A compliant banner: rejecting must be as easy as accepting; the default state of toggles must be OFF; the wording must say what each category does; and the choice must be revocable. 'By using this site you accept cookies' is not consent under EDPB guidance. Note: our check is an HTML-only signal — we detect the presence of a CMP script, but we don't run JavaScript to verify the banner actually blocks tags before consent or honours rejection. For that deeper cookie-flow audit, complement this report with a real-browser scanner such as consentaudit.eu.

References

GDPR Art. 7 · ePrivacy Directive · EDPB cookie banner guidance 2023

How to fix

Code snippet for each stack we cover. Pick the one matching your server / framework.

nginx
Not an nginx concern — frontend/script responsibility.
apache
Same.
cloudflare
Same.
wordpress
Complianz, Termly, CookieYes or Borlabs Cookie plugins — but review the configuration. Defaults often allow categories before consent.
flask
Use a CMP (Cookiebot, Iubenda, Termly, Didomi). Don't fire analytics / ad scripts until consent is received per category.
express
Same — integrate a CMP and gate third-party script loads behind the consent state.
rails
Same; the CMP belongs at the frontend.

Verify it's working

Open in incognito → reject all cookies → DevTools Application/Storage shows ONLY strictly-necessary cookies set. For automated verification, run consentaudit.eu against the page.

Want to know if your site has this issue?

Run a free 53-check audit — security, GDPR, NIS2, and technical SEO.

Audit my site →