← knowledge.oriz.in

Cookie banner policy — none by default; Klaro lazy-loaded only for EU+tracker pages

decision securityprivacygdprcookie-bannerklarogeoposthogga4

Cookie banner policy — none by default; Klaro lazy-loaded only for EU+tracker pages

Decision

The family runs NO cookie banner by default across *.oriz.in. The default analytics signal — Cloudflare Web Analytics — is cookie-less, samples no PII, and falls under the GDPR "strictly-necessary / no consent required" carve-out.

A consent banner (Klaro) loads only when both conditions are true on a given pageview:

  1. The page actually mounts a cookie-issuing trackerPostHog in identified mode, GA4 (when added), or any other tracker that drops a non-strictly-necessary cookie.
  2. The edge identifies the visitor as EU / UK (Cloudflare CF-IPCountry header in [EU member states] ? {GB, IS, NO, LI}).

Non-EU visitors see no banner. Pages without cookie-issuing trackers load no banner. Klaro's bundle is fetched from jsDelivr only on the small intersection of (EU visitor) × (tracker-bearing page).

Why

Implications

Default surface

Tracker-bearing pages

CSP delta

When to revisit

What we don't do

Cross-refs