I'm getting these additional requests. They're being blocked, so result in a warning message in the console. Didn't see anything in network requests for them.
It's tracking cookies. I have Google, Facebook and Hotjar cookies set on initial request before even having seen the cookie consent box.
However that's how the vast majority of sites implement the cookie consent regulation, and authorities (like ICO in UK) has decided to not do anything about it.
According to the GDPR even an IP address needs consent, and those are inherently transmitted when loading a third-party library regardless of cookies. Given that social media sharing isn’t a necessary function of the website, they should be asking for consent before loading the libraries, or just using a locally-hosted icon pointing to a sharing link, so that the target social network gets the data only when the button is actually clicked.
You can drop cookies that are “essential to running your business” without consent, the gdpr tcf 1.1 consent management platforms drop a “euconsent” cookie to store your consent choice lol.
- https://static.hotjar.com/c/hotjar-1043047.js?sv=5
- https://cse.google.com/adsense/search/async-ads.js
- https://connect.facebook.net/en_US/fbevents.js
Also, the site is setting a cookie even though I've not consented.
EDIT: Also, one of the lambeth.gov js scripts was written by "rob" in 2015. Hi Rob!