SaaSalystSaaSalystBeta
Scan Your App
criticalCompliance & Legal

Cookie Tracking Before Consent

SaaSalyst checks whether your site sets tracking cookies before obtaining user consent. Tracking before consent is a GDPR violation that can result in significant fines.

What SaaSalyst Checks

SaaSalyst scans for tracking cookies and analytics scripts that fire before a cookie consent mechanism is activated. We detect cookies set on initial page load before any user interaction with a consent banner.

Why This Matters

Under GDPR, setting non-essential cookies before obtaining explicit consent is illegal for EU visitors. Fines for cookie consent violations have reached millions of euros. Many SaaS products unknowingly violate this by loading analytics scripts before the consent banner is interacted with.

How to Fix It

  1. Implement a consent management platform (CMP) like Cookiebot, OneTrust, or a custom solution that blocks tracking scripts until consent is given
  2. Configure your analytics tools to require consent before initializing — GA4, Mixpanel, and others support consent mode
  3. Audit your page load sequence: no analytics, ad, or tracking scripts should fire before the consent banner receives a positive response
  4. Test with browser DevTools: clear cookies, load the page, and verify no tracking cookies appear before clicking 'Accept'

Frequently Asked Questions

What counts as tracking before consent?

SaaSalyst flags this when analytics scripts, advertising pixels, or session recording tools fire before a user interacts with a cookie consent banner. Under GDPR, only strictly necessary cookies (authentication, security) may be set without consent.

Does this apply to US-only SaaS products?

If any EU visitor can access your site, GDPR applies. SaaSalyst rates this as critical severity because GDPR fines are calculated as a percentage of global revenue, making this a high-risk compliance gap for any SaaS product with international traffic.

Check Your SaaS Now — Free

SaaSalyst scans your website in 30 seconds and checks for Cookie Tracking Before Consent along with 40+ other business readiness signals.

Scan Your App

Related Checks SaaSalyst Runs