How to Test Your Cookie Banner (5-Minute Compliance Check)

You’ve added a cookie banner to your website. It pops up when people visit. It has an “Accept” button and maybe even a “Reject” option. You feel good about your privacy compliance. But here’s the uncomfortable truth: most cookie banners don’t actually do anything.

They look like they’re working. They display a message. They collect clicks. But behind the scenes, Google Analytics, Facebook Pixel, and other tracking tools are firing away before anyone clicks “Accept.”

That’s not just a technical problem—it’s a legal violation of GDPR, CPRA, and other privacy laws.

The good news? You can test your cookie banner in about 5 minutes using free browser tools. No technical expertise required.

Let’s walk through exactly how to check if your cookie banner is actually blocking cookies before consent.

Why This Test Matters

Before we get into the how-to, let’s be clear about why this is important.

Under GDPR (European Union) and similar opt-in laws, non-essential cookies cannot be placed on a visitor’s device until they give explicit consent. That means:

• Google Analytics can’t load
• Facebook Pixel can’t fire
• Marketing tracking can’t start
• Third-party scripts can’t run

All of these must be blocked by default until someone clicks “Accept.”

Under CPRA (California) and similar opt-out laws, tracking can happen by default, but visitors must have an easy way to opt out—and when they do, tracking must stop immediately.

Most website owners assume their cookie banner handles this automatically. It usually doesn’t.

What You’ll Need

To test your cookie banner, you’ll need:

• A web browser (Chrome, Firefox, Edge, or Safari)
• Your website URL
• 5 minutes

That’s it. We’ll be using your browser’s built-in developer tools. Don’t worry—it’s easier than it sounds.

The 5-Minute Cookie Banner Test

Step 1: Open Your Site in Incognito/Private Mode

First, open your website in a private browsing window. This ensures you’re starting fresh without any stored cookies or previous consent choices.

How to open private browsing:

• Chrome: Press Ctrl+Shift+N (Windows) or Cmd+Shift+N (Mac)
• Firefox: Press Ctrl+Shift+P (Windows) or Cmd+Shift+P (Mac)
• Edge: Press Ctrl+Shift+N (Windows) or Cmd+Shift+N (Mac)
• Safari: Press Cmd+Shift+N (Mac)

Navigate to your website, but don’t click anything on the cookie banner yet.

Step 2: Open Developer Tools

Now we need to open your browser’s developer tools to see what’s happening behind the scenes.

How to open developer tools:

• Chrome/Edge/Firefox: Press F12, or right-click anywhere on the page and select “Inspect”
• Safari: Enable developer tools first (Safari → Settings → Advanced → Show Develop menu), then press Cmd+Option+I

You’ll see a panel open at the bottom or side of your browser with tabs like “Elements,” “Console,” “Network,” etc.

Step 3: Check What Cookies Are Loading

This is where we see if cookies are loading before you’ve given consent.

In the developer tools panel:

1. Click the “Application” tab (Chrome/Edge) or “Storage” tab (Firefox) or “Storage” in Safari
2. In the left sidebar, expand the “Cookies” section
3. Click on your website domain

You’ll now see a list of all cookies currently set on your site.

What you’re looking for:

You need to evaluate what cookies are present based on their purpose, not just their names. Here’s how to think about it:

Non-essential cookies that shouldn’t load before consent:

• Analytics cookies (like those from Google Analytics, but not limited to GA)
• Marketing and advertising cookies
• Social media tracking cookies
• Any cookie used for tracking user behavior across sites
• Cookies from third-party services that aren’t required for the page to function

Common examples include cookies from Google Analytics (often starting with _ga), Facebook tracking, marketing platforms, heatmap tools, and advertising networks – but this isn’t an exhaustive list. Any cookie used for tracking or marketing purposes needs consent first under opt-in laws.

Essential cookies that are okay before consent:

Essential cookies are those strictly necessary for the website to function as requested by the user. These typically include:

• Session cookies that maintain your login state
• Shopping cart cookies
• Security cookies (like CSRF protection)
• Load balancing cookies
• The cookie consent tool’s own cookie (that stores your consent choice)

Important caveat: Just because a cookie claims to be “essential” doesn’t make it essential. We often see sites incorrectly categorizing analytics cookies as essential. True essential cookies must be required for the basic functionality the user requested – if your site works without it, it’s not essential.

Step 4: Check the Network Tab

Now let’s verify that tracking scripts aren’t loading.

1. Click the “Network” tab in developer tools
2. Refresh the page (but still don’t click the cookie banner)
3. Look through the list of files loading

What to look for:

Look for requests to domains that are clearly related to tracking, analytics, or advertising rather than your core website functionality.

Common patterns that indicate tracking scripts:

• Requests to analytics platforms (like Google Analytics domains, but many others exist)
• Requests to social media tracking domains
• Requests to advertising networks
• Requests to marketing automation platforms
• Requests to heatmap or session recording services

The key question: Is this script necessary for the basic page to display and function, or is it collecting data about user behavior? If it’s collecting behavioral data, it shouldn’t load before consent under opt-in laws.

Note: You don’t need to recognize every domain. If you see dozens of third-party requests loading before you’ve clicked anything on the cookie banner, that’s a red flag that scripts aren’t being properly blocked.

Step 5: Test the “Reject All” Button

Now let’s test what happens when someone rejects cookies.

1. Clear everything by closing the private browsing window and opening a new one
2. Go back to your website
3. This time, click “Reject All” or “Decline” on your cookie banner
4. Check the Application/Storage tab again for cookies
5. Check the Network tab again for tracking scripts

What should happen:

After clicking “Reject,” you should see:

• No analytics or marketing cookies
• No tracking scripts loading
• Only essential cookies present

If Google Analytics or Facebook Pixel loads after someone clicks “Reject,” your cookie consent system isn’t working.

Step 6: Test the “Accept All” Button

Finally, let’s verify that tracking DOES start after consent.

1. Open another fresh private browsing window
2. Visit your site
3. Click “Accept All”
4. Check the cookies and network requests

What should happen:

After clicking “Accept,” you should now see:

• Analytics cookies appearing
• Marketing cookies if you use them
• Tracking scripts loading in the Network tab

If these still don’t appear after accepting, your cookie implementation has a different problem—things aren’t loading even when they should.

Common Problems and What They Mean

Based on this test, here are the most common issues we see:

Problem 1: Cookies Load Before Consent

Symptom: You see analytics or tracking cookies immediately when you load the page

What this means: Your tracking scripts are loading normally, and your cookie banner is just cosmetic. It’s not actually blocking anything.

The fix: You need to configure your cookie consent tool to actually block scripts, not just display a banner. This typically requires:

• Changing how Google Analytics is loaded
• Wrapping tracking scripts with consent attributes
• Using Google Tag Manager with proper consent configuration

Problem 2: Scripts Load But Cookies Don’t

Symptom: You see tracking scripts in the Network tab, but no cookies in the Application tab

What this means: Scripts are loading, but they’re not setting cookies yet—possibly because of browser settings or script configuration.

The fix: This might actually be working correctly if the scripts are loaded but waiting for consent to start tracking. Check your cookie tool’s documentation.

Problem 3: Nothing Changes After Rejecting

Symptom: Same cookies and scripts appear whether you click “Accept” or “Reject”

What this means: Your cookie banner is displaying but not connected to your actual tracking implementation.

The fix: Your cookie consent tool needs to be properly integrated with your tracking scripts. This often requires developer assistance.

Problem 4: Cookie Banner Doesn’t Appear

Symptom: No cookie banner shows up at all

What this means: Either the cookie banner isn’t installed correctly, or it’s only showing to certain regions

The fix: Check your cookie tool’s installation and geolocation settings.

Advanced Test: Check GPC Compliance

If you want to go one step further, you should test whether your site honors Global Privacy Control (GPC) signals.

What is GPC? It’s a browser setting that automatically tells websites “I opt out of data sharing.” Under California law (CPRA), sites must honor this signal.

How to test GPC:

1. Enable GPC:

• In Brave browser, it’s on by default
• In Firefox: Settings → Privacy & Security → Enable “Tell websites not to sell or share my data”
• In Chrome: Install the DuckDuckGo Privacy Essentials or OptMeowt extension

2. Visit your site with GPC enabled
3. Check cookies and scripts

What should happen: With GPC enabled, no tracking cookies should load—even if you never see the cookie banner. The GPC signal itself should block tracking.

If tracking still happens with GPC enabled, your site isn’t compliant with CPRA and similar laws.

What to Do If Your Cookie Banner Fails the Test

If your cookie banner didn’t pass these tests, don’t panic. This is really common.

Here are your options:

Option 1: Check Your Cookie Tool Settings

Many cookie consent platforms have the capability to block scripts, but it’s not always enabled by default. Check your tool’s dashboard for settings like:

• “Block scripts before consent”
• “Auto-blocking”
• “Prior consent mode”
• “Cookie blocking”

Make sure these are turned on.

Option 2: Review Your Script Installation

If you’re using Google Analytics, Facebook Pixel, or other tracking tools, check how they’re installed:

• Are they added through plugins that might bypass cookie consent?
• Are they hardcoded in your theme files?
• Are they loading through Google Tag Manager?

Each of these methods requires different configuration to work with cookie consent.

Option 3: Use Google Tag Manager with Consent Mode

Google Tag Manager (GTM) with Consent Mode is one of the more reliable ways to handle cookie consent. It requires:

• Setting up Google Tag Manager
• Configuring Consent Mode v2
• Connecting your cookie consent tool to GTM
• Testing everything thoroughly

This is usually a job for a developer unless you’re comfortable with technical implementation.

Option 4: Get Professional Help

Cookie compliance isn’t always straightforward. If you’ve tried adjusting settings and things still aren’t working, it might be time to bring in help.

At Hey Reliable, we handle complete cookie compliance implementation for WordPress and other platforms. We:

• Audit your current setup
• Install and configure proper cookie consent tools
• Block scripts correctly
• Test everything across devices and regions
• Ensure GPC compliance
• Document everything for your records

Request a compliance quote and we’ll walk you through what we find and how to fix it.

Why “Looking Compliant” Isn’t Enough

Here’s what we hear a lot: “But I have a cookie banner. Doesn’t that count for something?”

Unfortunately, no. Privacy laws care about what your site actually does, not what it says it does.

Think about it this way: Having a “Do Not Track” banner that doesn’t block tracking is like having a “No Soliciting” sign while leaving your door wide open. The sign doesn’t matter if it’s not connected to actual action.

Regulators and privacy advocates are increasingly testing websites to see if cookie banners actually work. If yours doesn’t, you’re at risk for:

• Regulatory fines (up to €20 million or 4% of revenue under GDPR)
• Consumer lawsuits (especially under CPRA)
• Loss of customer trust
• Damaged business relationships

The Bottom Line on Testing Your Cookie Banner

Testing your cookie banner takes 5 minutes and can save you from serious compliance problems.

Quick recap of the test:

1. Open your site in private browsing
2. Check what cookies load before clicking anything
3. Test what happens when you reject cookies
4. Test what happens when you accept cookies
5. Verify that only essential cookies load by default (for GDPR) or that opt-out actually works (for CPRA)

If tracking cookies load before consent, your banner isn’t working—even if it looks like it is.

The most important takeaway: Don’t assume your cookie banner is working just because it’s visible. Test it. And if it’s not working, fix it before it becomes a legal problem.

Need Help Fixing Your Cookie Compliance?

If you tested your cookie banner and discovered it’s not actually blocking tracking, we can help.

We offer Privacy & Cookie Compliance implementation where we:

• Audit your entire cookie setup
• Install and configure proper consent management
• Block scripts and cookies correctly
• Test across devices, browsers, and regions
• Ensure GPC compliance
• Provide documentation of implementation

Still have questions about testing your cookie banner? Reach out at info@heyreliable.com—we’re here to help.

Mary Marnell

Managing Partner · LinkedIn

Mary Marnell is Managing Partner at Hey Reliable, a front-end and WordPress development agency known for delivering clean, reliable code for agencies, marketing teams, and growing businesses. She joined the company in 2017, became partner in ... read more