diff --git a/.circleci/config.yml b/.circleci/config.yml
index 81e8f98..1a7c841 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -3,13 +3,12 @@ version: 2
 production_env: &production_env
   environment:
     - SERVER_HOST=https://server-alpha.offen.dev
-    - OPT_OUT_PIXEL_LOCATION=https://server-alpha.offen.dev/opt-out
-    - OPT_IN_PIXEL_LOCATION=https://server-alpha.offen.dev/opt-in
     - KMS_HOST=https://kms-alpha.offen.dev
     - SCRIPT_HOST=https://script-alpha.offen.dev
     - AUDITORIUM_HOST=https://auditorium-alpha.offen.dev
     - VAULT_HOST=https://vault-alpha.offen.dev
     - ACCOUNTS_HOST=https://accounts-alpha.offen.dev
+    - HOMEPAGE_HOST=https://www.offen.dev
     - NODE_ENV=production
 
 deploy_preconditions: &deploy_preconditions
diff --git a/accounts/accounts/api.py b/accounts/accounts/api.py
index 8fba6ae..aad2ab4 100644
--- a/accounts/accounts/api.py
+++ b/accounts/accounts/api.py
@@ -83,6 +83,9 @@ def post_login():
 @json_error
 def get_login():
     auth_cookie = request.cookies.get(COOKIE_KEY)
+    if not auth_cookie:
+        return jsonify({"error": "no auth cookie in request", "status": 401}), 401
+
     public_keys = app.config["JWT_PUBLIC_KEYS"]
 
     token = None
diff --git a/docker-compose.yml b/docker-compose.yml
index b541138..339581d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -47,6 +47,7 @@ services:
       PORT: 8080
       JWT_PUBLIC_KEY: http://accounts:5000/api/key
       DEVELOPMENT: '1'
+      COOKIE_EXCHANGE_SECRET: Wsttdo4Z3mXV5sTc
     ports:
       - 8080:8080
     command: refresh run
@@ -72,6 +73,7 @@ services:
       - SCRIPT_HOST=http://localhost:9977
       - AUDITORIUM_HOST=http://localhost:9955
       - ACCOUNTS_HOST=http://localhost:5000
+      - HOMEPAGE_HOST=http://localhost:8000
 
   script:
     build:
@@ -100,8 +102,6 @@ services:
       - 9955:9955
     environment:
       - VAULT_HOST=http://localhost:9977
-      - OPT_OUT_PIXEL_LOCATION=http://localhost:8080/opt-out
-      - OPT_IN_PIXEL_LOCATION=http://localhost:8080/opt-in
 
   accounts:
     build:
diff --git a/homepage/content/pages/opt-out.md b/homepage/content/pages/opt-out.md
index 2452c2d..9f40621 100644
--- a/homepage/content/pages/opt-out.md
+++ b/homepage/content/pages/opt-out.md
@@ -8,4 +8,21 @@ This will prevent __offen__ from aggregating the actions you have taken on parti
 
 Operators now cannot draw any conclusions from your actions via __offen__. At the same time, however, they *cannot create a better experience* for you and other users.
 
-<img style="-webkit-user-select: none; display:none;" src="https://server-alpha.offen.dev/opt-out">
+<script>
+  var vault = document.createElement('iframe')
+  vault.style.display = 'none'
+  vault.setAttribute('width', '0')
+  vault.setAttribute('height', '0')
+  vault.setAttribute('frameBorder', '0')
+  vault.setAttribute('scrolling', 'no')
+  vault.addEventListener('load', function (e) {
+    vault.contentWindow.postMessage({
+      type: 'OPTOUT',
+      payload: {
+        status: true
+      }
+    }, '*')
+  })
+  vault.src = 'https://vault-alpha.offen.dev'
+  document.body.append(vault)
+</script>