feat: replace cookieless PostHog with consent-gated capture (ENG-822)#832
Conversation
Remove `cookieless_mode: "always"` and add `opt_out_capturing_by_default: true` so PostHog uses default cookie persistence but captures nothing until the HubSpot consent banner grants analytics consent. This aligns docs with the main site's pattern (ENG-805), enabling cross-subdomain identity via the `.arcjet.com`-scoped cookie and making docs-originated signups attributable through PostHog's `$initial_*` Person Properties. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![arcjet-review[bot]](https://avatars.githubusercontent.com/u/24397786?s=60&v=4){kind=small}
There was a problem hiding this comment.
Arcjet Review — 🟡 Medium Risk
Decision: Approved
Rationale: This is a small, well-scoped analytics/privacy change with no escalation triggers and no security findings. PostHog now defaults to opt-out capture and only opts in when HubSpot reports analytics consent, which is a fail-closed posture for user tracking. I am approving despite Medium risk because the change is localized, does not introduce secrets or auth-sensitive logic, and the default behavior is privacy-preserving.
Summary of Changes
Replaces PostHog cookieless capture with consent-gated capture using HubSpot's privacy consent listener. PostHog initializes with capture disabled by default and opts in or out based on the analytics consent category.
Notes
Security checklist applied: no auth changes, injection surfaces, secrets, crypto changes, or dependency changes were introduced.
Review: 29a6c420 | Model: openai/gpt-5.5 | Powered by Arcjet Review
Remove the Plausible script injection from astro.config.mts and its CSP allowlist entries from vercel.json. Coordinated with the main repo's Plausible removal (ENG-804 Phase 3) so the shared arcjet.com Plausible property doesn't linger as a misleading docs-only rump. PostHog (consent-gated, with autocapture and $initial_* attribution) supersedes the event context Plausible provided here. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 participant
Remove
cookieless_mode: "always"and addopt_out_capturing_by_default: trueso PostHog uses default cookie persistence but captures nothing until the HubSpot consent banner grants analytics consent. This aligns docs with the main site's pattern (ENG-805), enabling cross-subdomain identity via the.arcjet.com-scoped cookie and making docs-originated signups attributable through PostHog's$initial_*Person Properties.