Does running a scan affect my website's performance or visitors?

No. Scans load your public URL in an isolated browser session. There is no tag to install, no SDK, and no impact on real visitor traffic.

Which privacy regulations does Consent Validator cover?

Findings map to GDPR, ePrivacy, Google Consent Mode v2, and TCF 2.2 requirements. Reports are structured for compliance teams and auditors.

What happens if my site uses a custom consent banner?

Custom implementations are supported. We validate observable behavior — if it appears on your page, we test it across all three consent states.

How is this different from what my CMP vendor's dashboard shows?

CMP dashboards show configuration. We verify runtime behavior — what fires, when, and whether rejection is actually enforced on your live site.

Can I schedule automated scans?

Yes. Weekly Monitor and higher plans include scheduled scans with drift detection and alerts when compliance changes.

What do I need to get started?

Create an account, enter a public URL, and run a validation. No tag installation, DNS changes, or engineering work required.

Is there a free tier?

No. Validations are billed per scan or included in a monitoring plan. Single scans start at $29; see Pricing for plan details.

GDPR · ePrivacy · Google Consent Mode v2 · TCF 2.2

Know exactly what your consent stack does — before a regulator does.

Most teams configure a CMP and assume it works. We validate what actually fires before consent, after rejection, and after acceptance — so gaps surface before audits do.

Get Started View Sample Report

No tag · No SDK · No DNS change · Report ready in ~60 seconds

https://example.com

Score74 / 100

Meta Pixel fires before consent
CriticalBefore Consent
Consent Mode default incomplete
WarningBefore Consent
Banner visible on first paint
PassBefore Consent
Rejection blocks analytics
PassAfter Rejection

View Full Report

Most consent implementations are never verified

Configuration looks correct. Runtime behavior often tells a different story.

Trackers fire before consent

Tags and pixels load before anyone clicks accept. Every visit creates exposure — and without monitoring, the first person to notice is often an auditor, not your team.

Compliant launches drift

A new GTM tag or third-party script can bypass your CMP overnight. What passed review last quarter may be out of compliance today, with no alert.

No audit trail when asked

When a regulator asks how rejection is enforced, a banner screenshot is not proof. You need a record of what actually ran in every consent state.

Three consent states. One validation run.

Each state is tested independently so you know enforcement holds at every step.

Before Consent

Nothing fires early

Requests, cookies, and storage writes are checked before any user interaction.

Cookies2 unauthorized

TrackersAll blocked

After Rejection

Rejection is enforced

Trackers, cookies, and storage writes are verified to actually stop after reject.

Ad pixelStill firing

Local storageCleared

After Acceptance

Only declared vendors unlock

Granted consent activates exactly the vendors you have declared — nothing extra.

Consent ModeGranted

Tracking IDsValidated

Every layer of your consent stack

Checked against real browser behavior, not configuration alone.

Consent Banner Checks

Verify banner appearance, timing, and interaction handling

Cookie Analysis

Classify every cookie by purpose and catch mislabeled entries

Script Detection

Identify third-party scripts that load outside declared consent

Network Request Analysis

Audit outbound requests at every consent state

Consent Mode Validation

Verify Google Consent Mode v2 signal firing and value accuracy

Storage Inspection

Check localStorage and sessionStorage writes against declared policy

GA4

Confirm analytics activation aligns with granted consent

GTM

Validate tag firing rules across all consent states

Meta Pixel

Verify pixel triggers only after affirmative consent

GPC

Check Global Privacy Control signal recognition and response

Privacy Link Checks

Confirm accessible and accurate privacy and cookie policy links

Works with your existing consent setup

Consent Validator observes behavior — it doesn't replace your CMP.

OneTrust

Cookiebot / Usercentrics

CookieYes

Didomi

Axeptio

Consentmanager

TrustArc

Custom / bespoke

Don't see your CMP? We validate observable behavior — if it's on your page, we'll find it.

Audit-ready reports. Not just a dashboard.

Structured findings your compliance team can act on — and share with auditors.

example.com

Scanned Jun 11, 2026 · 14:32 UTC

74 / 100

Consent ModeCookiesTrackersBanner

Severity	Finding	State	Recommendation
Critical	Meta Pixel fires before consent	Before Consent	Gate the pixel behind your CMP accept action.
Warning	ad_user_data missing from default update	After Acceptance	Include all four Consent Mode v2 parameters in the update call.
Warning	Non-essential cookie set pre-consent	Before Consent	Move _ga cookie creation behind affirmative consent.
Info	Rejection blocks GA4 collect requests	After Rejection	No action required.

Export PDFShare linkDownload JSON

Built for compliance teams who need evidence, not assumptions.

Browser-based analysis

Validation runs in a real browser environment — the same way a regulator or user would see your site.

Privacy-first approach

We don't store your users' data. Validation observes your site's behavior, nothing more.

Actionable reports

Every finding includes a severity rating, what triggered it, and a concrete next step.

Export support

Reports are exportable as PDF and JSON, ready to share with legal, DPOs, or external auditors.

Continuous monitoring

Set up scheduled scans. Get alerted when consent behavior changes after a CMP update or new tag deployment.

Frequently asked questions

A cookie scanner inventories cookies on a page. Consent validation tests what actually happens in each consent state — before choice, after reject, and after accept — including trackers, storage, and Consent Mode signals.

See what's actually happening on your site.

Create an account, enter a URL, and get an audit-ready report in about a minute — no installation required.

Get Started Talk to us

Severity

Finding

State

Recommendation

Critical

Meta Pixel fires before consent

Before Consent

Gate the pixel behind your CMP accept action.

Warning

ad_user_data missing from default update

After Acceptance

Include all four Consent Mode v2 parameters in the update call.

Warning

Non-essential cookie set pre-consent

Before Consent

Move _ga cookie creation behind affirmative consent.

Info

Rejection blocks GA4 collect requests

After Rejection

No action required.

Know exactly what your consent stack does — before a regulator does.

Most consent implementations are never verified

Trackers fire before consent

Compliant launches drift

No audit trail when asked

Three consent states. One validation run.

Nothing fires early

Rejection is enforced

Only declared vendors unlock

Every layer of your consent stack

Consent Banner Checks

Cookie Analysis

Script Detection

Network Request Analysis

Consent Mode Validation

Storage Inspection

GA4

GTM

Meta Pixel

GPC

Privacy Link Checks

Works with your existing consent setup

Audit-ready reports. Not just a dashboard.

Built for compliance teams who need evidence, not assumptions.

Browser-based analysis

Privacy-first approach

Actionable reports

Export support

Continuous monitoring

Frequently asked questions

What is consent validation, and how is it different from a cookie scanner?

Does running a scan affect my website's performance or visitors?

Which privacy regulations does Consent Validator cover?

What happens if my site uses a custom consent banner?

How is this different from what my CMP vendor's dashboard shows?

Can I schedule automated scans?

What do I need to get started?

Is there a free tier?

See what's actually happening on your site.

Know exactly what your consent stack does — before a regulator does.

Most consent implementations are never verified

Trackers fire before consent

Compliant launches drift

No audit trail when asked

Three consent states. One validation run.

Nothing fires early

Rejection is enforced

Only declared vendors unlock

Every layer of your consent stack

Consent Banner Checks

Cookie Analysis

Script Detection

Network Request Analysis

Consent Mode Validation

Storage Inspection

GA4

GTM

Meta Pixel

GPC

Privacy Link Checks

Works with your existing consent setup

Audit-ready reports. Not just a dashboard.

Built for compliance teams who need evidence, not assumptions.

Browser-based analysis

Privacy-first approach

Actionable reports

Export support

Continuous monitoring

Frequently asked questions

What is consent validation, and how is it different from a cookie scanner?

Does running a scan affect my website's performance or visitors?

Which privacy regulations does Consent Validator cover?

What happens if my site uses a custom consent banner?

How is this different from what my CMP vendor's dashboard shows?

Can I schedule automated scans?

What do I need to get started?

Is there a free tier?

See what's actually happening on your site.