Last updated: April 2026
Cookies are small text files stored on your device when you visit a website. This site uses cookies to understand how visitors interact with our content and to improve your experience.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga, _ga_* | Google Analytics (GA4) | Analytics - tracks page views and sessions | 2 years |
| _gcl_au | Google Tag Manager | Ad conversion tracking | 90 days |
| yg_cc_consent | yanivgoldenberg.com | Stores your cookie consent preference | 1 year |
You can accept or decline non-essential cookies using the banner shown on your first visit. You can also clear cookies at any time via your browser settings.
This site uses Google Analytics 4 (GA4) and Google Tag Manager. These services may set their own cookies. See Google's Privacy Policy for details.
The honest summary of this cookie policy: the site sets a small number of cookies, most visitors will only ever receive the analytics ones, and none of them are sold to or shared with advertising brokers.
Three groups exist. Essential cookies keep the site functioning: security tokens and session state, set by WordPress and Cloudflare. Analytics cookies from Google Analytics 4 and PostHog measure which pages get read and where visitors arrive from. Tag management runs through Google Tag Manager, which itself stores no personal data but loads the analytics tags above.
Control is yours at three levels: the consent banner on first visit, your browser settings (every modern browser can block or delete cookies per site), and engine-level opt-outs like the Google Analytics opt-out add-on. Blocking analytics cookies does not break anything here; the site works identically without them.
What analytics data becomes once collected is covered in the privacy policy, service engagement terms in the terms of service, and accessibility commitments in the accessibility statement.

This cookie policy lists the actual cookies, not categories that hide them. If you inspect this site in your browser developer tools, this is what you will find and why.
Google Analytics 4. Cookies named _ga and _ga_*. Purpose: distinguishing returning visitors from new ones and attributing sessions to traffic sources. Duration: up to two years. Type: analytics, set only after consent. The data they key is page views and sessions, not identity; this site sends no names or emails to analytics.
PostHog. Cookies and local storage entries prefixed ph_. Purpose: product analytics and session understanding, self-selected as a privacy-conscious tool. Duration: up to one year. Type: analytics, consent-gated. PostHog data stays in the project for this site alone and feeds no advertising systems.
Google Tag Manager. Sets no persistent cookie of its own here; it is the loader that fires the analytics tags above according to your consent state. Listing it in this cookie policy matters because it is the mechanism that makes the consent banner actually control what loads.
Cloudflare. Cookies such as __cf_bm and, when a security challenge runs, cf_clearance. Purpose: bot detection and protecting the site from attacks. Duration: minutes to thirty days. Type: essential. These fire for every visitor because security cannot be opt-in.
WordPress. A test cookie named wordpress_test_cookie and, around form submission, short-lived session protection. Purpose: making forms work and blocking forgery. Duration: session. Type: essential.
What you will never find here. No Meta pixel, no TikTok pixel, no LinkedIn insight tag, no data broker beacons. When a marketing site asks you to accept forty vendors, that is a choice its owner made; this cookie policy documents the opposite choice.
Auditing this list. The register above is reviewed when site tooling changes. If you find a cookie not documented in this cookie policy, report it through the contact page and it gets documented or removed.
Before you choose. On first visit, only the essential layer runs: Cloudflare security and WordPress session protection. The analytics tags are loaded by Google Tag Manager but held back until the banner records a choice. No choice means no analytics cookies, indefinitely; ignoring the banner is itself a functioning opt-out.
After you accept. Tag Manager releases the Google Analytics 4 and PostHog tags, the cookies in the register above are set, and your sessions start counting in aggregate statistics. Your choice is stored locally in your browser so the banner does not nag you on every page.
After you decline. The analytics tags never fire, no analytics cookies exist for your browser, and the site behaves identically. This cookie policy makes that promise testable: open developer tools after declining and the register's analytics entries are simply absent.
Changing your mind. Clear cookies for this domain and the banner returns on the next visit with a fresh choice. There is no account holding your old preference and no server-side profile remembering you chose differently last time.
“A cookie policy only means something if you can verify it. Open dev tools, check what fires before and after you choose, and see if this page matches your browser.”
Yaniv Goldenberg
Why this design. Consent that defaults to tracking is not consent, it is friction. The implementation here was built so that the honest description in this cookie policy and the technical behavior of the site are the same thing, verifiable by anyone with a browser and two minutes.
Relationship to the privacy policy. This cookie policy describes the storage mechanics in your browser; the privacy policy describes what happens to data once collected. Read together, they cover the full path from a cookie being set to a report being aggregated. When tooling changes, both documents update in the same release, so neither can quietly drift from what the site actually does. The goal of this cookie policy is that nothing in your developer tools ever surprises you: every cookie has a name here, an owner, a purpose and an expiry, and anything unnamed is a bug worth reporting through the contact page.
Updates to this cookie policy. When a tool is added or retired, the register on this page changes in the same release, with the date noted at the top. Browser vendors also change cookie behavior on their side, from third party cookie phase-outs to storage partitioning, and where that alters what this site can or cannot store, the description here follows reality rather than the original design. A cookie policy is only useful while it matches the network tab, and keeping that match is treated as part of site maintenance, not as legal decoration.
Three groups: essential cookies (WordPress session and Cloudflare security), analytics cookies (Google Analytics 4 and PostHog) and tag management (Google Tag Manager). No advertising network cookies are set.
Yes, fully. Blocking analytics cookies changes nothing about how pages load or function. Essential cookies only matter if you submit a form, where they protect against spam and forgery.
Three options: decline in the consent banner, block cookies for this site in your browser settings, or install engine-level opt-outs like the Google Analytics opt-out browser add-on.
No. Links to external sites, including the processor privacy pages linked here, are governed by those sites' own cookie practices once you leave this domain.