SecureSpells: One-Off Compliance Audit
Find GDPR violations that happen before consent
Start new thread
Ott Ristikivi – Founder of SecureSpells®

Your cookie banner is UI. GDPR is behavior.

by

Most teams ship a banner + policy update and call it “done.”

But the expensive failures are usually runtime:

scripts and third-party calls that fire before consent, or a banner that doesn’t actually change what loads.

We’re building SecureSpells around that gap — headless browser audits with real evidence (not another cookie list).

Question (pick a side):  

Is it acceptable for a marketing site to load analytics before consent if it’s “just analytics”?

16 views

Add a comment

Replies

Best
Ott Ristikivi – Founder of SecureSpells®

In audits we usually see issues like:

- Analytics firing on first load  

- GTM triggering before consent  

- Consent banners not actually blocking scripts  

We test behaviour before vs after consent in a real browser session.

Curious where people draw the line here — strict blocking vs “practical analytics”?