Advertising marketing

Meta Pixel / Facebook — consent fix

Meta Pixel (connect.facebook.net/en_US/fbevents.js) loads before consent and sets _fbp (tracking cookie, 90 days). This sends page views and events to Facebook/Meta before the visitor has given consent. The Dutch DPA has specifically enforced this.

Domains

  • facebook.net
  • connect.facebook.net
  • facebook.com
  • fbcdn.net

Cookies

  • _fbp
  • fr
  • datr
  • wd

The Meta Pixel (typically loading from connect.facebook.net/en_US/fbevents.js) is often detected firing before the user has given consent. When it fires, it sets tracking cookies like _fbp (valid for 90 days) and sends page view events to Meta/Facebook.

This violates the GDPR. The Dutch Data Protection Authority (AP) and other EU regulators have explicitly enforced against websites sending data to Meta before consent is granted.

Why this happens

This issue generally occurs because the Meta Pixel Tag in Google Tag Manager (GTM) is set to fire on All Pages, or the Meta Pixel base code is pasted directly into the website's <head> section without any consent gating. Unlike Google tags, the standard Meta Pixel does not natively integrate with Google Consent Mode v2 without additional configuration.

Step-by-Step Fix Instructions

If the Pixel is installed via Google Tag Manager (Recommended)

  1. Use an Exception Trigger (The Standard Fix) The most reliable way to prevent the Meta Pixel from firing early is to add an Exception Trigger.

    • Open your Meta Pixel Tag in GTM.
    • Go to the Triggering section.
    • Add an Exception (block) trigger. If you don't have one, create a new trigger of type Custom Event, name the event .* (and enable regex), and set it to fire on Some Custom Events where Consent State — marketing_storage (or ad_storage) does not equal granted (or equals denied).

  2. Configure Consent Requirements

    • Go to Advanced Settings > Consent Settings in your Meta Pixel Tag.
    • Select Require additional consent for tag to fire.
    • Enter ad_storage (or marketing_storage depending on your CMP setup).
    • Ensure Consent Mode v2 is properly configured so the default state is set before this tag is evaluated.

If the Pixel is hardcoded in the HTML

If you have the Meta Pixel snippet directly in your HTML <head>:

  1. Move it to GTM (Best Practice) Remove the snippet from your HTML and implement it in Google Tag Manager using a Custom HTML Tag. Then apply the Exception Trigger mentioned above.

  2. Wrap it in a Consent Check (Alternative) If you must keep it in the HTML, you need to modify the code so it only executes if consent has been given. This requires an API provided by your specific Cookie Management Platform (CMP).

    For example, if you use Cookiebot, you can modify the script tag:

    <!-- Change type="text/javascript" to type="text/plain" and add data-cookieconsent -->
<script type="text/plain" data-cookieconsent="marketing">
  !function(f,b,e,v,n,t,s)
  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?
  n.callMethod.apply(n,arguments):n.queue.push(arguments)};
  // ... rest of Meta Pixel code ...
  fbq('init', 'YOUR_PIXEL_ID');
  fbq('track', 'PageView');
</script>

Verification

Use the Meta Pixel Helper Chrome extension or your browser's Network tab.

  1. Clear your cookies.
  2. Load your website without clicking anything on the cookie banner.
  3. Check the Meta Pixel Helper or Network tab. No PageView event should be sent to Facebook until you click "Accept" on the cookie banner.

No CMP yet?

A Cookie Management Platform (CMP) handles consent automatically for Meta Pixel / Facebook and other trackers — including the correct GTM integration.

Cookiebot → CookieYes → CookieFirst → Complianz → Borlabs Cookie → Enzuzo → ConsentOS →

Check your own site

Scan your website for free to see if Meta Pixel / Facebook (or other trackers) loads before consent.

Start free scan →