I build websites that drop zero cookies. No Google Analytics. No Meta Pixel. No Hotjar, Clarity, Intercom or Crisp. No advertising trackers. Not even Google Fonts — yes, loading a font from Google's servers already constitutes a transfer of personal data under GDPR.
External resources? Same philosophy. No Bootstrap or Tailwind loaded from a CDN. No jQuery, FontAwesome, Swiper or other libraries fetched on the fly. Everything is self-hosted. Everything is local. Everything is under control.
Let's be honest: relying on external resources is extremely convenient and comfortable. Importing a UI component from a global CDN or using a ready-made third-party analytics solution saves valuable development time. But choosing independence and managing the entire architecture autonomously requires rigorous discipline and firm convictions. It means optimising and maintaining your own files, writing custom code rather than reaching for heavy libraries, and systematically refusing technical shortcuts in order to guarantee the absolute privacy of your visitors.
3.7%
of global GHG emissions caused by the digital sector
[see source 1]
~60%
of users refuse cookies when the button is clearly visible
[see source 2]
0
cookie banners to manage with a cookieless architecture
[see source 3]
Why build a cookieless website?
- Zero cookie banner. That popup everyone furiously closes the moment they land on your site? Gone. Not because it's been hidden — but because there is legally nothing to consent to. Without non-essential cookies, no banner is required.[3]
- A smooth experience from the very first millisecond. No requests firing off to 12 third-party servers before the page renders. The site loads what it needs and nothing more.
- Better performance. Every external call is a dependency, a latency, a potential point of failure. Zero external calls = faster, more stable site, better Core Web Vitals scores.
- A genuine eco-design commitment. Less data in transit, fewer servers involved, less energy consumed. The digital sector accounts for 3.7% of global GHG emissions[1] — a lean website is also a responsible one.
Why third-party resources raise a GDPR issue
Take Google Fonts as an example. This tool doesn't strictly set a cookie. But when your browser loads a font from Google's servers, it sends your IP address externally — which constitutes personal data under GDPR.
The same logic applies to all similar tools: Bootstrap CDN, FontAwesome, embedded Google Maps, Meta Pixel, Hotjar, Clarity. As soon as a resource is loaded from a third-party server, an IP address is transmitted — and without the user's explicit consent, this exposes the website owner to a GDPR compliance failure.
The real weight of a webpage
What a page transfers over the network on a first visit (gzip/Brotli compressed, desktop).
— custom development (static)
Static HTML/CSS/JS
dev · 0 cookie · 0 third-party script
~30–80 KB
5–15 requestsvanilla JSWebP/AVIF imagesabsolute technical floor
Static HTML/CSS/JS
dev · with GA4 + GTM + GDPR CMP
~250–600 KB
GA4 ~45.7 KBCMP banner ~20–50 KBMeta Pixel ~30–50 KB optional20–45 requests
React / Next.js (SSG)
dev · JS framework
~500 KB–1.2 MB
React runtime ~40 KB gz min.JS chunks25–60 requests
— open-source CMS
WordPress
CMS · real median HTTP Archive
2,252 KB
JS median 565 KBimages 833 KB~65–80 requestsoptimisable via WP Rocket
Drupal
CMS · real median HTTP Archive
1,903 KB
JS median 479 KBimages 741 KB~55–70 requests
Joomla
CMS · real median HTTP Archive
2,133 KB
JS median 409 KB (lightest)images 1,035 KB~60–75 requests
— no-code / SaaS builders
Wix
no-code · real median HTTP Archive
2,560 KB
JS 1,461 KB ⚠️ heaviestimages 152 KB mobile (lazy)built-in cookies
Squarespace
no-code · real median HTTP Archive
3,323 KB
JS 1,309 KBimages 1,226 KBheaviest of the 5 measured CMS
— global reference
Global web median
HTTP Archive · October 2024 · desktop
2,652 KB
JS ~613 KBimages ~1,054 KBfonts ~131 KB92% of pages ≥1 third-party script~71 requests
— typical third-party script overhead (per page, per visit)
Google Analytics 4 via GTM
+45.7 KB
GTM (28 KB) + GA4 tag (17.7 KB). Loaded on every page. Source: Plausible / Abralytics.
GDPR consent banner / CMP
+20–50 KB
Script + CSS. Varies by solution (Axeptio, Cookiebot, CookieYes…).
Meta Pixel (fbevents.js)
+30–50 KB
Network call to Facebook. Requires explicit GDPR consent.
Hotjar / Microsoft Clarity
+50–200 KB
Heatmaps & session recordings. Among the heaviest scripts.
Web fonts (Google Fonts)
+50–250 KB
Varies with loaded weights. Web median: 131 KB fonts. Transmits IP to Google.
Live chat (Intercom, Crisp…)
+100–400 KB
Among the heaviest widgets. Load lazily if essential.
Sources: HTTP Archive — Web Almanac 2024 (Page Weight & CMS, Oct. 2024) · Plausible Analytics — script size comparison · Abralytics — GTM + GA4 weight measurement · DebugBear — Website Builder Performance Review · SpeedCurve — Page Bloat 2025
Data sovereignty and performance
Hosting a website responsibly also means controlling where the data physically resides. That's why each client's website is hosted in their own country, with a local, independent provider.
This strategic choice addresses two imperatives:
- Digital sovereignty: A local, independent infrastructure keeps your data and your users' data on national territory, protected by local and European laws, and subject to no foreign extraterritorial legislation.
- Aligned values and high performance: Local providers that manage their own data centres with a genuine eco-responsible approach deliver excellent computing power and resource allocation — your visitors benefit from ultra-fast response times thanks to geographic and technical proximity.
Cookieless: your analytics data doesn't disappear
The question always comes up: "So… you have no stats at all?" On the contrary.
I collect comprehensive server-side statistics — no cookie, no tracking JavaScript, no personal data collected. Visits, most-viewed pages, traffic sources, devices, performance, trends… everything is there. And this data is 100% reliable: it isn't truncated by consent refusals. With a classic Google Analytics setup, when a "Reject all" button is clearly displayed, around 60% of users refuse — representing a loss of 40 to 70% of analytics data.[2]
Purely server-side analytics deliver complete statistics without setting a single cookie, and are GDPR-compliant by default.
And every month, I produce a personalised report for my clients. A report designed for humans, not data analysts. Visually clear, business-oriented, with the indicators that truly matter.
❌ Traditional setup
- Intrusive cookie banner on arrival
- Google Analytics + Meta Pixel + Hotjar
- 40–70% of data lost through refusals[2]
- Third-party scripts = latency on every page
- Risk of GDPR non-compliance
- External resources = IP address leakage
✅ Cookieless architecture
- No banner = zero user friction
- Privacy-first or server-side analytics
- 100% of visits measured
- Zero third-party scripts = instant loading
- Native GDPR compliance and sovereignty
- Self-hosted resources = no data leakage
A website can be lean AND fully equipped
This is the core message: performance, sobriety and legal compliance are not mutually exclusive. Removing third-party trackers simultaneously lightens the page, improves Core Web Vitals, respects user privacy and achieves GDPR compliance — all in one move.
The digital sector represents 3.7% of global GHG emissions[1], and every webpage generates an average of 0.36 g of CO₂[4]. An eco-designed site, free of superfluous third-party resources, structurally reduces this footprint — not symbolically.
🎯 The philosophy in one sentence
A lean website doesn't spy, loads in under a second, and has nothing to fear from a security audit. That's exactly what I build — for every client, on every project.
Want to see an example of a monthly cookieless analytics report? Comment "Cookieless Stats Report" or book a call directly.
Français
English
Português
Español
