{ "schema": "https://saferpage.de/schemas/privacy-signal-delivery.v1", "generated_at": "2026-06-08T22:45:17+00:00", "domain": "bestandsuebersicht-acdp.faust-web.de", "available": true, "scan": { "id": "909a8c90-92fa-4851-9534-2e187fa9bbb9", "checked_at": "2026-06-08 13:15:48.659845+02" }, "summary": "Privacy-Signal-Delivery fuer bestandsuebersicht-acdp.faust-web.de: 5 Signalquellen, 6 Enforcement-Ziele, 5 Downstream-Ziele.", "metrics": { "signal_source_count": 5, "enforcement_count": 6, "destination_count": 5, "test_count": 4, "gpc_detected": true, "gpc_privacy_relevant_domain_count": 0, "gpc_third_party_cookie_count": 0, "pre_consent_tracking_cookie_count": 0, "post_reject_privacy_relevant_domain_count": 0 }, "signal_sources": [ { "id": "navigator_gpc", "label": "navigator.globalPrivacyControl", "detected": true, "priority": "hoch", "interpretation": "Automatisches Opt-out/Widerspruchssignal vor Banner-Rendern auswerten." }, { "id": "sec_gpc_header", "label": "Sec-GPC Header", "detected": true, "priority": "hoch", "interpretation": "Server- oder Edge-seitig in CMP/Ledger weitergeben, wenn Header vorhanden ist." }, { "id": "manual_reject", "label": "Ablehnen im Banner", "detected": false, "priority": "hoch", "interpretation": "Muss technisch gleichwertig zu GPC alle nicht notwendigen Zwecke stoppen." }, { "id": "preference_center", "label": "Manuelle Preference-Center-Entscheidung", "detected": true, "priority": "mittel", "interpretation": "Neueste aktive Entscheidung versionieren und GPC-Ereignis nachvollziehbar behalten." }, { "id": "dsar_objection", "label": "DSAR Widerspruch / Opt-out", "detected": true, "priority": "mittel", "interpretation": "Widerspruch in CMP, CRM, Tagging, Vendoren und Suppression Lists synchronisieren." } ], "enforcement_matrix": [ { "id": "cmp_categories", "target": "CMP-Kategorien", "rule": "GPC/UOOM setzt Marketing, Ads, Profiling, Sharing und externe Tracking-Zwecke auf denied.", "required_state": "denied", "owner": "Datenschutz/Marketing" }, { "id": "google_consent_mode", "target": "Google Consent Mode v2", "rule": "ad_storage, ad_user_data, ad_personalization und analytics_storage restriktiv setzen, soweit kein aktiver Consent vorliegt.", "required_state": "denied/default_denied", "owner": "Marketing Ops" }, { "id": "gpp_us_sections", "target": "GPP / US Opt-out Sections", "rule": "Do-not-sell/share und targeted-advertising Opt-out in GPP/US-Abschnitte uebertragen, wenn US-Scope aktiv ist.", "required_state": "opted_out", "owner": "Legal/Marketing" }, { "id": "tag_manager", "target": "Tag Manager und Pixel Loader", "rule": "Marketing-/Analytics-Tags duerfen bei GPC/Ablehnen nicht feuern; Loader muss vor Vendor-Code laufen.", "required_state": "blocked", "owner": "IT/Marketing" }, { "id": "vendor_optouts", "target": "Vendor-/AdTech-Systeme", "rule": "Opt-out an Ads, Analytics, Retargeting, CMP-Vendorliste und Preference-Sync weitergeben.", "required_state": "synced_or_suppressed", "owner": "Vendor Owner" }, { "id": "ledger_audit", "target": "Consent-/Preference-Ledger", "rule": "Signalquelle, Region, Version, betroffene Zwecke, Sync-Status und Re-Test-ID speichern.", "required_state": "audit_record_written", "owner": "Compliance/IT" } ], "downstream_destinations": [ { "id": "cmp", "label": "CMP / Preference Center", "event": "privacy_signal_received", "payload": [ "source", "gpc", "region", "policy_version", "categories_denied" ], "retry": "synchron vor Tag-Freigabe" }, { "id": "gtm", "label": "Google Tag Manager / gtag", "event": "consent_update", "payload": [ "ad_storage", "analytics_storage", "ad_user_data", "ad_personalization" ], "retry": "sofort, vor Vendor-Tags" }, { "id": "ledger", "label": "Consent Ledger", "event": "gpc_honored", "payload": [ "consent_id", "source", "region", "event_hash", "scan_id" ], "retry": "persistieren mit Idempotency-Key" }, { "id": "crm", "label": "CRM / Newsletter / Suppression List", "event": "marketing_optout", "payload": [ "email_hash", "channel", "topic", "opt_out_source" ], "retry": "Queue mit Fehlerstatus" }, { "id": "vendors", "label": "Ads, Analytics und Vendor APIs", "event": "vendor_privacy_signal", "payload": [ "vendor_id", "purpose", "signal", "timestamp" ], "retry": "asynchron mit Nachweis" } ], "event_payloads": { "browser_event": { "event": "saferpage-privacy-signal", "payload": { "gpc": true, "source": "navigator.globalPrivacyControl", "region": "DE/EU/US-CA/UNKNOWN", "policy_version": "cmp-policy-version" } }, "webhook": { "method": "POST", "content_type": "application/json", "signature_header": "X-SaferPage-Signature", "idempotency_header": "Idempotency-Key", "body_fields": [ "domain", "signal_source", "region", "categories_denied", "destinations", "scan_id" ] }, "gpp_mapping": { "us_national": { "sale_opt_out": true, "sharing_opt_out": true, "targeted_advertising_opt_out": true }, "manual_override": "Neuere manuelle Entscheidung versionieren; GPC-Ereignis nicht ueberschreiben." } }, "test_plan": [ { "id": "gpc_before_banner", "label": "GPC vor Banner-Rendern", "setup": "Browser mit GPC oder Sec-GPC: 1 starten.", "expected": "CMP, Consent Mode und Tag Manager starten mit Marketing/Sharing/Profiling denied.", "evidence": "Screenshot, Consent-State, Request-Diff, Ledger-Event." }, { "id": "reject_equivalence", "label": "Ablehnen entspricht GPC", "setup": "Ohne GPC Banner ablehnen und Requests vergleichen.", "expected": "Ablehnen und GPC blockieren dieselben Vendoren/Zwecke.", "evidence": "Cookie-/Request-Diff und Consent-Ledger-Vergleich." }, { "id": "manual_override_versioned", "label": "Manuelle Aenderung versioniert", "setup": "Nach GPC Preference Center oeffnen und aktive Wahl speichern.", "expected": "Neuere Entscheidung wirkt, GPC bleibt als historisches Signal im Ledger.", "evidence": "Zwei Events mit Zeitstempel, Quelle und Version." }, { "id": "vendor_sync_queue", "label": "Vendor-Sync und Fehlerqueue", "setup": "Opt-out an Ads/Analytics/CRM simulieren.", "expected": "Erfolg/Fehler je Ziel wird protokolliert; Fehler bleiben blockierend oder werden eskaliert.", "evidence": "Sync-Status, Retry-ID, Owner und Ticket-Link." } ], "snippets": [ { "id": "early_gpc_gate", "label": "Early GPC Gate", "placement": "Vor CMP, GTM und Vendor-Skripten laden", "code": "window.saferpagePrivacySignal={gpc:navigator.globalPrivacyControl===true,source:'browser',createdAt:new Date().toISOString()};\nif(window.saferpagePrivacySignal.gpc){window.dataLayer=window.dataLayer||[];window.dataLayer.push({event:'privacy_signal_gpc',ad_storage:'denied',analytics_storage:'denied',ad_user_data:'denied',ad_personalization:'denied'});}" }, { "id": "ledger_event", "label": "Ledger Event", "placement": "Serverseitig nach Signalentscheidung", "code": "{\n \"event\": \"gpc_honored\",\n \"domain\": \"bestandsuebersicht-acdp.faust-web.de\",\n \"source\": \"navigator.globalPrivacyControl\",\n \"categories_denied\": [\n \"marketing\",\n \"ads\",\n \"profiling\",\n \"sharing\"\n ],\n \"scan_id\": \"909a8c90-92fa-4851-9534-2e187fa9bbb9\"\n}" } ], "links": { "region_center": "https://saferpage.de/consent-region/bestandsuebersicht-acdp.faust-web.de", "signals_json": "https://saferpage.de/consent-region/bestandsuebersicht-acdp.faust-web.de/signals-json", "signals_csv": "https://saferpage.de/consent-region/bestandsuebersicht-acdp.faust-web.de/signals-csv", "consent_ledger": "https://saferpage.de/consent-ledger/bestandsuebersicht-acdp.faust-web.de", "consent_mode": "https://saferpage.de/consent-mode/bestandsuebersicht-acdp.faust-web.de", "preference_hub": "https://saferpage.de/praeferenzen/bestandsuebersicht-acdp.faust-web.de", "vendor_policy_watch": "https://saferpage.de/anbieter/bestandsuebersicht-acdp.faust-web.de/policy-watch-json" }, "sources": [ { "title": "OneTrust Global Privacy Control", "url": "https://www.onetrust.com/blog/global-privacy-control-how-to-honor-consumer-opt-out-requests/", "note": "Orientierung fuer GPC als Opt-out-Signal in Consent/CMP." }, { "title": "Usercentrics Website Consent Management", "url": "https://usercentrics.com/us/website-consent-management/", "note": "Orientierung fuer GPC/UOOM-Erkennung und Ausspielung in CMP-Regeln." }, { "title": "Osano Consent Management Platform", "url": "https://www.osano.com/solutions/consent-management-platform", "note": "Orientierung fuer Consent-, Preference- und Opt-out-Steuerung." } ], "disclaimer": "Technischer Blueprint fuer Privacy-Signal-Ausspielung. SaferPage setzt keine echten Nutzerpraeferenzen und verarbeitet hier keine personenbezogenen Opt-out-Daten." }