At ObservePoint, a Tag refers to a snippet of code, usually JavaScript, implemented on a website or app to collect and transmit data about user interactions, behaviors, and events. Tags are commonly associated with third-party tools and platforms, such as analytics (e.g., Google Analytics), advertising (e.g., Facebook Pixel), marketing automation, or other digital tools.

Tags serve several purposes:

A browser “cookie” is a small file that a website stores on your computer or device when you visit it. This file helps the website remember things about you, like your preferences, login details, or items in your shopping cart, so you don’t have to re-enter them every time you visit. Cookies make browsing more convenient, but they can also be used to track your online activity for advertising or analytics purposes.

What is the difference between a tag and a Cookie?

In short:

What are Approved and Unapproved Tags/Cookies?

Approved Tags are those reviewed by members of the Privacy team within your organization.

Unapproved Tags are those Tags that are not included in the approved list (referred to in ObservePoint as Consent Categories).

Technologies that are commonly considered not strictly necessary on websites are typically those that are used for purposes beyond basic website functionality, such as marketing, analytics, and personalization. These technologies may collect personal data or track users across sites, and they often require user consent under privacy laws like the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).

Some of the most common not strictly necessary technologies include:

Analytics and Tracking: These technologies are used to gather data about user behavior on the site, such as Google Analytics or similar tools. While they help website owners understand user activity, they are not essential for the basic operation of the site.

Advertising: These technologies are used for targeted advertising and tracking users across different websites. They help display personalized ads but are not necessary for the functioning of the website.

Social Media: Features like the "Like" or "Share" buttons from platforms like Facebook or Twitter, which track user interactions with social media. While these provide social sharing features, they are not essential for the core functionality of the site. Social Media technologies commonly serve non-essential advertising purposes as well.

Live Chat and Chatbots: These technologies enhance user experience but are not critical for basic site functions. They may collect user data or track interactions.

Third-party Widgets and Embeds: Examples include embedded videos, maps, or other content from external services (like YouTube or Google Maps). These services may collect user data or track behavior. Some vendors will offer a “cookie-less” version that complies with user consent preferences.

Personalization: Technologies that remember user preferences or past activities to provide personalized experiences (e.g., personalized content, language settings) are considered non-essential in some jurisdictions.

A/B Testing Tools: These tools test variations of website content to optimize user experience but are not crucial for website functionality.

These technologies are often subject to user consent regulations, meaning that users must be informed about their usage and given the option to accept or reject them. Websites should ensure they only use strictly necessary technologies for basic functionality (such as authentication or shopping cart functions) unless they have obtained the user's consent.

A GPC (Global Privacy Control) Signal is a browser signal that allows users to communicate their privacy preferences to websites they visit, specifically requesting that their personal data not be sold or shared. It’s an important feature in the context of consumer privacy laws, such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) in the European Union.

When a user enables the GPC signal in their browser, it sends a signal to websites they visit, indicating the user's preference to opt out of the sale of their personal information. Websites that recognize and respect the GPC signal should honor the user's request to limit data sharing or selling.

Why is it important to monitor a website with the GPC signal enabled?

In short, monitoring a website with the GPC signal enables businesses to comply with privacy regulations, maintain trust with users, and ensure proper data handling practices.

What is an Opted In Audit?

An Opted In Audit is one that is configured to reflect a user who has accepted all cookies. Depending on the website visitor’s location, they may be opted in by default when visiting web pages. In other regions like Europe, Brazil, and Quebec (Canada), users must explicitly accept cookies to be opted in.

What is an Opted Out Audit?

An Opted Out Audit is one that is configured to reflect a user who has declined all cookies. Depending on the website visitor’s location, they may be opted out by default when visiting web pages. This is true in Europe, Brazil, and Quebec (Canada), where users must explicitly accept cookies to be opted in and no action is required to be opted out.

Based on ObservePoint customer data, the most popular Consent Management Platforms on the market in 2025 are: