The most urgent issue for Vampire Vape is that tags are firing after users select Reject All on the consent banner, meaning third-party tracking is active without a legal basis — a serious GDPR compliance risk that needs to be resolved immediately. This single failure is likely responsible for the majority of the 35 high-severity issues identified across the 6 URLs audited, and it has driven the overall audit score to zero. Compounding the problem, personally identifiable information in the form of phone numbers is being sent to GA4, which represents an additional data breach risk and a direct violation of Google's terms of service. The combination of non-consensual tag firing and PII leakage means Vampire Vape is currently exposed on multiple regulatory fronts simultaneously. We would recommend pausing affected tags as an emergency measure while the consent management platform configuration is reviewed and corrected, and scrubbing the GA4 data stream of any collected phone number data.
| URL | default | accept_all | reject_all | CMP |
|---|---|---|---|---|
| https://www.vampirevape.co.uk/ | 6 | 6 | 6 | Cookiebot |
| https://www.vampirevape.co.uk/e-liquid | 6 | 6 | 6 | Cookiebot |
| https://www.vampirevape.co.uk/vape-kits | 6 | 6 | 6 | Cookiebot |
| https://www.vampirevape.co.uk/e-liquid/vampire-vape-max-watermelon-10ml-nic-salt-e-liquid | 6 | 6 | 0 | Cookiebot |
| https://www.vampirevape.co.uk/checkout/cart/ | 6 | 6 | 6 | Cookiebot |
| https://www.vampirevape.co.uk/contact | 6 | 0 | 0 | Cookiebot |
| Severity | Category | Issue | Affected | Recommendation |
|---|---|---|---|---|
| high | pii | PII (phone) sent to GA4 Detected phone in params ['_p', 'cid', 'gtm', 'sid', 'uafvl'] of https://region1.google-analytics.com/g/collect?v=2&tid=G-B0FRYP2L33>m=45je64h1v9102911253z88112823 |
6 URLsShow listhttps://www.vampirevape.co.uk/ https://www.vampirevape.co.uk/e-liquid https://www.vampirevape.co.uk/vape-kits https://www.vampirevape.co.uk/e-liquid/vampire-vape-max-watermelon-10ml-nic-salt-e-liquid https://www.vampirevape.co.uk/checkout/cart/ https://www.vampirevape.co.uk/contact |
Hash, redact, or remove PII before sending. Use Enhanced Conversions / CAPI with hashed values where required. |
| high | pii | PII (phone) sent to Cookiebot Detected phone in params ['nocache'] of https://consent.Cookiebot.com/logconsent.ashx?action=accept&nocache=1776872220530&dnt=false&method=s |
5 URLsShow listhttps://www.vampirevape.co.uk/ https://www.vampirevape.co.uk/e-liquid https://www.vampirevape.co.uk/vape-kits https://www.vampirevape.co.uk/e-liquid/vampire-vape-max-watermelon-10ml-nic-salt-e-liquid https://www.vampirevape.co.uk/checkout/cart/ |
Hash, redact, or remove PII before sending. Use Enhanced Conversions / CAPI with hashed values where required. |
| high | consent | Tags fire after Reject All Vendors firing despite Reject All: GA4. This breaches GDPR/PECR and is incompatible with Consent Mode v2 'denied' signals. |
4 URLsShow listhttps://www.vampirevape.co.uk/ https://www.vampirevape.co.uk/e-liquid https://www.vampirevape.co.uk/vape-kits https://www.vampirevape.co.uk/checkout/cart/ |
Add consent-aware GTM triggers (Consent Mode v2 'ad_storage' / 'analytics_storage' = denied) and verify tags wait for an Update signal before firing. |