Violations
Social media tracker persists after rejection
medium Cookie Consent
Regulation
ePrivacy Directive — Cookie ConsentHow common
Common when social widgets are embedded directly in HTML rather than loaded via a tag manager. The CMP cannot block hardcoded iframes.
What this means
A social media tracker or embedded widget continued to send data to a social platform after the visitor explicitly rejected cookies. The visitor clicked “Reject all,” but the social tracking persisted.
Why this matters
Post-rejection social tracking is problematic because social platforms build cross-site profiles of users. When a visitor rejects cookies but social trackers persist, the platform continues to receive browsing signals that contribute to profiling — exactly what the visitor tried to prevent.
How to fix
- Use click-to-load for all social embeds: do not load any social iframe or script until the visitor actively interacts with a placeholder
- Remove hardcoded social scripts from templates: move all social integrations to a tag manager with consent-aware triggers
- Test the rejection flow: after clicking “Reject all,” verify in the network tab that no requests go to
facebook.com,linkedin.com,twitter.com, etc.
Check your website for this violation
Free scan — no registration required. Results in 30 seconds.
Scan now