CMP configuration functionality_storage

iubenda (CMP) — consent fix

iubenda is detected as the CMP, but the configuration often makes the collected consent invalid. Common mistakes: (1) "consent on scroll / continued browsing" is enabled, so cookies are accepted automatically without an active choice, (2) there is no clear reject button on the first layer, (3) tracking scripts (Google Analytics, Meta Pixel) load via GTM or are hardcoded and fire before the visitor makes a choice. iubenda itself is not a tracker — the problem is the configuration, which renders the consent legally invalid.

Domains

  • iubenda.com

Cookies

  • _iub_cs-*
  • euconsent-v2

Iubenda is not a tracker, but a comprehensive Consent Management Platform (CMP) and legal policy generator. If our scan flags Iubenda as a violation, it does not mean that Iubenda itself is stealing data. It means that your configuration of the Iubenda banner violates the GDPR. As a result, the consent you collect is legally invalid.

Why Iubenda triggers a warning

Because Iubenda is highly customizable and relies on integrating different "licenses" for different legal clauses, it is easy to misconfigure the banner during setup.

The three most common mistakes are:

  1. Implied Consent via scrolling: The banner is set to accept all cookies automatically if the user simply scrolls the page or clicks anywhere outside the banner. Under the GDPR, consent must be an active, explicit choice.
  2. Missing Deny button: The banner includes an 'Accept' button and a 'Learn more' link, but forces the user to navigate through multiple layers to reject tracking. A clear 'Reject' or 'Deny' button must be visible on the first layer.
  3. Failed Script Blocking: Iubenda is installed, but the tracking scripts (like Google Analytics or Meta Pixel) are hardcoded into the site or load via Google Tag Manager before the visitor interacts with the banner.

The Fix: Make Iubenda GDPR-compliant

Follow these steps in the Iubenda dashboard to make your banner fully compliant.

1. Disable "Consent on Scroll"

  1. Log in to your Iubenda dashboard and select your project.
  2. Navigate to the Privacy Controls and Cookie Solution section.
  3. Click on Edit for your cookie banner.
  4. Scroll down to the Advanced settings or behavioral settings.
  5. Ensure that the option Consent on scroll and Consent on continued browsing are completely disabled. Consent must only trigger upon clicking 'Accept'.

2. Add a clear 'Reject' button

  1. While still in the banner configurator, look for the button layout options.
  2. Enable the Reject button on the first layer of the banner.
  3. Make sure the color scheme of the Reject button provides enough contrast so it is clearly visible and not hidden with a deceptive transparent background.

3. Test if scripts actually wait

If your banner is perfectly configured, but your scripts ignore it, you still have a data leak. Have you implemented GTM or added scripts directly? Make sure you use Iubenda's specific JavaScript wrapper (_iub.csConfiguration) to pause scripts, or configure Google Consent Mode v2 so that tags in GTM only fire after approval.

How to Verify the Fix

Perform a full test via your browser to ensure your changes work.

  1. Open your website in an incognito window.
  2. Review the banner: is there a clear Reject button? Does scrolling the page trigger an automatic acceptance?
  3. Click on Reject.
  4. Open Developer Tools (F12) and check the Network tab. There must be no network requests to Facebook, Google Ads, or other trackers visible.

Not sure if the fix worked, or want to verify that no other scripts are leaking data? Run a free scan with ConsentChecker.eu for instant confirmation.

Sources

Go directly to iubenda

View the official documentation and configuration options for iubenda.

View iubenda →

Check your own site

Scan your website for free to see if iubenda (CMP) (or other trackers) loads before consent.

Start free scan →