How to Remove Cookie Consent Banners Without Losing Your Analytics Data

This is not a necessary cost of doing business. It is the cost of a specific technical choice: using cookie-based analytics. Change the tool, lose the banner, keep the data.

Where the Problem Comes From

GDPR, specifically Article 6, requires a lawful basis for processing personal data. Analytics cookies are personal data. They create persistent identifiers that track individual visitors across sessions and across time. Because analytics cookies are not strictly necessary to deliver the website, you cannot claim they are essential. You need consent.

The consent must be freely given, specific, informed, and unambiguous. The visitor must be able to decline with equal ease. No pre-ticked boxes. No "by continuing to browse, you consent." The result is a banner that has to appear, has to offer a real choice, and has to block the tracking until the user makes that choice.

That is the entire source of the problem. Consent banners exist because cookie-based analytics tools require consent. The solution is not a better consent banner. It is removing the condition that requires consent.

Common Approaches That Do Not Work

Before getting to the actual solution, it is worth naming the approaches that look tempting but create more problems than they solve.

Simply not showing a banner. This is not a workaround. It means you are running cookie-based analytics without a legal basis. Fines from European data protection authorities are real. The Austrian DSB, France's CNIL, Italy's Garante, and others have all issued enforcement actions against companies for exactly this. A fine is more expensive than a CMP subscription.

Dark-pattern banners. Making "Accept All" a large green button and burying "Decline" in small gray text under a "Manage Preferences" link has been explicitly prohibited. The Court of Justice of the EU ruled in Planet49 (C-673/17, October 2019) that the decline option must be as easy to exercise as accept. Dark patterns are not a compliance strategy. They are a compliance violation that eventually gets caught.

Claiming legitimate interests. Article 6(1)(f) legitimate interests is sometimes proposed as a way to run analytics cookies without consent. The European Data Protection Board has been clear that analytics cookies cannot generally rely on legitimate interests because they are not necessary for the service the user requested. This approach requires a Legitimate Interests Assessment and has a poor track record with regulators when applied to behavioral tracking. Without a legal opinion specific to your situation, claiming legitimate interests for analytics cookies is not a reliable compliance path.

Shorter cookie lifetimes. Reducing your analytics cookie from 2 years to 30 days does not change whether it is personal data. It reduces the data retention period, which helps with storage limitation obligations, but the consent requirement remains the same.

The Actual Solution: Cookieless Analytics

A cookieless analytics tool does not set cookies. It does not store IP addresses. It does not create persistent visitor profiles. It collects page-level events, aggregates them, and gives you the same dashboard you already use, without the underlying data being personal data in the GDPR sense.

If the tool processes no personal data, GDPR consent requirements do not apply to it. You do not need a consent banner. Not because of an exemption, but because the regulation simply does not apply when there is no personal data.

Here is what Abner does specifically:

• No cookies are set at any point
• IP addresses are hashed with a daily-rotating salt before any processing
• The hash is used only within the same calendar day to distinguish unique visitors from repeated pageloads
• At midnight, the salt rotates and the link between hash and IP address is permanently severed
• Raw IP addresses are never stored anywhere in the system

The result is that the database contains no personal data. There is nothing a regulator could point to as an identifiable record of an individual.

What You Keep and What You Lose

The practical concern when switching from cookie-based analytics is: what am I giving up?

What you keep:

• Pageview counts, per page and aggregate
• Unique visitor estimates (within a session window)
• Session data and bounce rate equivalents
• Top pages, sorted by traffic
• Referrer sources: where visitors came from
• UTM parameter tracking for campaigns
• Custom events (button clicks, form submissions, feature usage)
• Real-time active visitor counts
• Geographic breakdown by country and region
• Device type, browser, and operating system
• 100% of your data, not 60-70% after consent dropoff

What you lose:

• Persistent individual user tracking across visits separated by more than a session window
• Identifying when the same person visits your site across multiple days without logging in
• Cross-device tracking for anonymous visitors
• Remarketing audiences built from behavioral history (but this requires separate consent anyway via advertising pixels)

For most SaaS analytics use cases, the items in the "lose" column are not things you were acting on. The question "did this specific anonymous visitor come back three weeks later" is rarely actionable at the individual level. Aggregate retention patterns, which cookieless tools can measure, are the useful version of that question.

Before and After: Consent Flow Comparison

Step-by-Step: Switching from Google Analytics to Cookieless Analytics

This is a practical migration. It takes about two to three hours across two weeks.

Step 1: Choose a cookieless analytics tool

Your main options, all of which eliminate the consent banner requirement for analytics:

• Plausible: AGPL open source, EU-hosted, $9/mo for up to 10K pageviews. Clean interface, well-established.
• Fathom: Canadian company, cookieless, $14/mo for 100K pageviews. Simple and reliable.
• Simple Analytics: Dutch company, EU-hosted, $9/mo. Minimal feature set.
• Abner: Starts at $19/mo for web analytics. SaaS metrics (MRR, churn rate, LTV, ARPU via Stripe) included from the Pro plan at $49/mo. 14-day free trial, no credit card required.

If you are running a SaaS product and want web analytics and revenue metrics in one place without running two separate tools, Abner is built for that. If you only need web analytics, Plausible or Fathom are both solid choices.

Step 2: Install the new tracking script

For Abner, this is a single script tag. Add it before the closing </head> tag:

<script defer data-site-id="YOUR_SITE_ID" src="https://www.abner.app/abner.js"></script>

The core script is under 2KB. It loads asynchronously and does not block page rendering. Web Vitals collection is lazy-loaded separately at around 1.9KB, only when the page is idle.

For Plausible or Fathom, the integration is similar: one script tag, no configuration required.

Step 3: Run both tools in parallel for two weeks

Do not remove Google Analytics immediately. Run both tools simultaneously for 14 days. Compare the numbers:

• Pageview counts will differ. GA undercounts because of consent dropoff and ad blocker interference. Your cookieless tool will usually show higher numbers. This is expected and correct.
• Referrer data may differ. GA sometimes obscures referrers that it cannot attribute. Cookieless tools report the raw referrer header more faithfully.
• Session counts will differ because the definition of a "session" varies between tools.

The goal is not to reconcile the numbers exactly. It is to confirm the new tool is collecting data correctly and to understand the baseline difference before you cut over.

Step 4: Remove Google Analytics

Remove the GA script tag from your site. If you are using Google Tag Manager, remove the GA4 tag from your container. Confirm in your network inspector that no calls to analytics.google.com or gtag are being made.

Step 5: Remove your Consent Management Platform

If Google Analytics (or other tracking tools requiring consent) was the only reason you had a CMP, you can now cancel it. Check whether you have any other cookies requiring consent first: advertising pixels, marketing attribution tools, A/B testing tools that use cookies, session replay tools. If any of those remain, the CMP stays for those uses. If analytics was the only reason it existed, cancel it.

This saves $20-100/month and eliminates the engineering maintenance that comes with CMP updates every time a regulation changes.

Step 6: Update your privacy policy

Remove references to cookies for analytics. You can significantly simplify this section. Instead of describing what cookie identifiers are collected, what third parties receive them, how long they persist, and how users can opt out, you replace it with a short statement that your analytics tool collects no personally identifiable information, sets no cookies, and processes no personal data. Link to your analytics vendor's privacy documentation for completeness.

Many privacy policy generators and lawyers charge by the word. A shorter, simpler privacy policy that is accurate is better than a long one that is out of date.

What About Other Cookies?

This guide covers analytics cookies specifically. Your site may have other cookies that are not in scope here.

Authentication cookies are strictly necessary if your site requires login. No consent required.

Preference cookies (language, dark mode, etc.) are generally considered strictly necessary if they are required to deliver the service the user chose. Typically no consent required.

Marketing pixels (Meta Pixel, LinkedIn Insight Tag, Google Ads conversion tracking) are not analytics. They are advertising tools that require separate consent under GDPR, regardless of your analytics tool choice. Removing your analytics cookie consent banner does not cover these. If you run paid advertising with pixel-based attribution, you still need a consent mechanism for those pixels.

A/B testing tools that use cookies (Optimizely, VWO in default configuration) require consent if they set cookies that could identify a user.

The principle is the same for all of these: does the tool set cookies or collect personal data? If yes, you need a lawful basis, which for non-essential processing means consent. Switching analytics is not a universal fix for all cookie-related consent requirements. It only eliminates the consent requirement for analytics.

The Business Case for Switching

If you run a SaaS with meaningful traffic, here is a concrete way to think about the cost of consent banners.

Suppose you get 5,000 unique visitors per month. With a 35% (within the typical 30-40% range, depending on banner design and geography) consent decline rate, you have visibility into roughly 3,250 of them. The other 1,750 are invisible to your analytics.

Now suppose you run a conversion optimization experiment to improve your onboarding flow. Your analytics shows conversion went from 3% to 3.8%. You do not know whether the improvement also applies to the 35% you cannot see, whether the population that declines consent behaves differently from the population that accepts, or whether your entire measurement baseline is off.

With 100% data capture, you run the same experiment with a 35% larger and unbiased dataset. The conclusions you draw from that data are more reliable. The product decisions you make based on those conclusions are better informed.

That is the business case, independent of cost savings. Better data leads to better decisions. Eliminating consent dropoff gives you better data.

What You Actually Gain

A concrete list of what changes when you remove cookie-based analytics and the consent infrastructure that supports it:

Faster page load. Removing Google Analytics removes a DNS lookup to www.google-analytics.com, the script download, and the script execution. The Abner script is under 2KB loaded asynchronously. Most sites see a measurable reduction in page weight.

More complete data. You go from 60-70% data capture to close to 100%.

Less engineering maintenance. CMPs require regular updates. Consent UI changes when regulations change. Cookie lists require auditing when you add new vendors. Cookieless analytics has none of this ongoing maintenance surface.

Cost savings. CMP subscriptions range from $20/month for basic tools to $100/month or more for enterprise-grade platforms. Cookieless analytics tools are generally less expensive than Google Analytics with a properly configured CMP stack.

A cleaner visitor experience. Visitors who arrive without a banner blocking their view complete their intended action more often. The consent banner is a friction point before the user has made any investment in your site. Removing it improves the first impression.

None of this requires giving up the analytics data you use to make product decisions. It requires giving up the specific technical approach of persistent cookie-based identity tracking, which for most SaaS analytics use cases was solving a problem you did not actually have.