5 min

A website with no ads, no cookies, no consent banner: proof by example

2026-05-20

In October 2016, I published a post on my blog titled “Stop using AdBlock.” I explained how the blocker worked, I acknowledged its merits, then I concluded that starving free sites of advertising, their main or only source of revenue, “would amount to wiping them out.” And I asked my readers to filter their use, in other words to allow ads back on the sites they wanted to support.

Ten years later, my current site shows no advertising, sets no tracking cookie and has no consent banner. This post is about what changed between the two, and why I now think the second model is the right one.

What I was defending in 2016, and why it held up

The original post wasn't foolish, it was simply of its time. I described how AdBlock worked: resources whose URL contains keywords like “ad” are not loaded, and a community feature lets users permanently hide the zones that enough people flag. I even noted a real benefit: by not loading ad resources, often served through third-party iframes, you protect yourself from malvertising along the way.

My central argument was economic. The free web lived on advertising, so blocking advertising everywhere, by default, meant sawing off the branch you sit on. The post's closing request, a sincere one, was to whitelist the sites you appreciate.

What I couldn't see yet is that the problem wasn't the blocker. It was the model that made the blocker necessary.

The problem turned around

Between 2016 and 2026, online advertising became inseparable from tracking: real-time bidding, advertising profiles, third-party cookies, endless consent banners to dress it all up. Asking people to disable their blocker is asking them to lower their guard against an ecosystem that has largely earned their distrust.

So I flipped the question. Rather than convince the visitor to tolerate what annoys them, I build a site where there is nothing to tolerate. No ads, so no ad network. No third-party trackers, so no profile. Nothing to consent to, so no banner.

In practice, on this site

These aren't intentions, they are technical choices you can verify in the site's code.

Visit statistics come from a self-hosted, cookieless analytics extension, enabled in the application configuration. The numbers stay with me, on my server, aggregated. No third-party measurement script loads in your browser.

The Content Security Policy is strict: every directive starts from a 'self' default, and all the JavaScript is served from my own domain, with no inline script. Even if I wanted to slip in a third-party tracker on a weak day, the browser would block it. The security policy makes the promise hard to break quietly.

One cookie remains possible, and it is functional: a first-party, encrypted session cookie that secures form submissions (contact, quote, booking) against forged requests. It falls under the “strictly necessary” category of the ePrivacy directive, exempt from consent. Server logs may briefly record IP addresses for security, then are purged by rotation.

My privacy page sums it up in a sentence I stand by: a banner that governs nothing is just theatre.

GDPR without a banner is possible

Many people believe the cookie banner is a universal legal obligation. It is not. The obligation is to obtain consent before setting non-essential trackers or processing personal data with no other legal basis. If you set nothing non-essential and your statistics are aggregated and cookieless, there is simply nothing to consent to. No processing subject to consent, no banner.

This is the approach I apply here, and the one I recommend to most brochure sites and portfolios. The banner isn't inevitable, it is the symptom of a debt: every checkbox matches a tracker someone chose to load.

What the visitor gains

First, performance. No tag manager, no ad-network scripts, no consent management platform that sometimes weighs more than the page itself. Fewer requests, less JavaScript, a site that shows up fast even on a poor connection.

Then, trust, measurable in a way I rather like: with or without an ad blocker, this site displays exactly the same. My 2016 self asked people to turn off AdBlock. The 2026 site simply makes it pointless, there is nothing to block. Open the network tab in your developer tools and check for yourself, that's the kind of audit I encourage.

What you lose, and why I accept it

Let's be honest about the bill. Without tracking cookies, no retargeting: no way to “catch” a visitor with an ad after they leave. Without individual trackers, no fine-grained statistics either: I see visits aggregated by page, not individual journeys, no demographic profiles, no cross-device tracking.

For a portfolio site, that's the right trade. My income doesn't come from the audience, it comes from the projects I deliver for my clients. I don't need to know who you are, only to do my job well enough that you want to get in touch. And when a client genuinely needs numbers, I set up self-hosted, cookieless analytics, the same as this site's, which gives the essentials with no banner to justify.

The most telling part, in hindsight: my 2016 blog carried no advertising itself. I was defending a model I didn't live on, out of principle, for other sites.

So in 2016 I defended web funding as it was. In 2026 I'd rather prove that a site can be fast, compliant and respectful without asking anything of anyone. The best answer to ad blockers was never a plea to readers. It was to build sites that don't need them.