Reject-Path Guides

If the dsgvochecker.de reject-path test flags your site, the cause is almost always a CMP-specific misconfiguration. This page links to the diagnosis guides for the CMPs most common in the DACH market — each with the four most common causes and sources from the official vendor docs.

TL;DR: Three CMPs cover >60% of the DACH market: Cookiebot (international, market leader), Usercentrics (German, Munich), Borlabs Cookie (WordPress standard). Each has a diagnosis guide with the four most common reject-path leaks.

What is the reject-path violation?

Banner is in place, user clicks "Reject", trackers run anyway. That's a GDPR violation.

A cookie banner is in place, the user clicks "Reject" — and trackers run anyway. This is the most common GDPR violation around cookie banners, established by the ECJ ruling C-673/17 Planet49 and by CNIL fines totalling €210M against Google and Facebook. For smaller sites, such violations rarely end in multi-million euro fines, but they are a very common basis for cease-and-desist letters from competitors and consumer associations.

Which CMP guides exist?

Three vendor guides — Cookiebot, Usercentrics, and Borlabs Cookie for WordPress.

Cookiebot

Danish provider, one of the market leaders in DACH. Most common reject-path issues: auto-blocking script not loaded first, falsely marked data-cookieconsent="ignore", GTM without Consent Mode, server-side-tagging endpoints outside the auto-blocker list.

Cookiebot diagnosis →

Usercentrics

German provider (Munich), strong growth. Most common reject-path issues: service templates wrongly classified as "Essential", GTM implementation without auto-blocking, Google Consent Mode v2 not enabled, custom services without manual init block.

Usercentrics diagnosis →

Borlabs Cookie (WordPress)

WordPress standard in the DACH market. Most common reject-path issues: scripts not registered as a Borlabs cookie entry, cache serves an un-blocked version, iFrame embeds bypass the Content Blocker, theme-owned JS libraries outside of wp_enqueue_script.

Borlabs diagnosis →

Which CMP is widespread in the DACH market?

Cookiebot, Usercentrics, and Borlabs together cover most of the market. From publicly available CMP detection statistics:

• Cookiebot — market share approx. 20-25% on DACH sites with a banner
• Usercentrics — market share approx. 10-15%, strongest among German mid-market companies
• Borlabs Cookie — approx. 30-40% market share among DACH WordPress sites with a banner
• Others (OneTrust, Klaro, iubenda, self-built) — the remainder

If your CMP is not in the three above: the general principles (script ordering, Consent Mode integration, cache hygiene) apply to all. For specific help, reach out — we will add more CMPs once enough requests come in.

What is the right order of correction?

Scan first, apply the matching vendor guide, clear cache, re-scan.

If you don't know where to start, work in this order:

1. Free scan at dsgvochecker.de — shows which trackers leak specifically
2. Read the matching vendor guide above — check each of the four most common causes
3. Cache hygiene — clear CDN, WordPress cache, browser cache after every change
4. Re-scan — verify the test reports "Reject path clean"
5. Full audit for $4.95 — for recurring problems, with three-phase comparison + Markdown report by email

Run the reject-path test now → Free · CMP detection + pre-consent trackers + GDPR verdict