Most sites greet you with a cookie-consent wall before you’ve seen a single thing. There’s now a Privacy & Cookies page that explains why this one doesn’t.
The short version: the catalog uses only the cookies it genuinely needs — a session cookie when you sign in, plus your theme and table-column choices kept in your own browser. Analytics are cookieless and don’t follow you around the web. None of that requires consent under GDPR/ePrivacy, so there’s no banner to swat away. The page also says plainly that the buy buttons are affiliate links, and that contributions — edits, comments, votes — are public and attributed to your username. There’s a quiet disclosure line in the footer now too.
Under the hood
While writing this I fixed a self-inflicted bug: our own Content-Security-Policy was blocking Cloudflare’s (cookieless) analytics script, so the browser console threw an error on every page load and the analytics quietly collected nothing. The CSP lives as a Cloudflare edge rule rather than in the repo — which is precisely how it drifted out of sync without anyone noticing. Patched; the console is calmer now.