Features
Consent banner validation across every layer
Runtime checks for banners, cookies, trackers, Consent Mode v2, and storage — evidence your compliance team can act on.
Consent Banner Checks
We verify that your banner appears when expected, blocks interaction appropriately, and records accept and reject actions correctly. Timing matters — a banner that loads two seconds late still leaves a compliance gap. Reports show exactly when the banner rendered relative to first tracker activity.
✓ Verify banner appearance, timing, and interaction handling
Tested in: Before Consent · After Rejection · After Acceptance
Cookie Analysis
Every cookie set during validation is classified by purpose, provider, and lifetime. Mislabeled strictly-necessary cookies are a common audit finding — we catch them by comparing declared categories against actual behavior in each consent state.
✓ Classify every cookie by purpose and catch mislabeled entries
Tested in: Before Consent · After Rejection · After Acceptance
Script Detection
Third-party scripts that load outside your declared consent categories are flagged with severity ratings. This includes pixels, widgets, and tag-manager injections that bypass your CMP configuration.
✓ Identify third-party scripts that load outside declared consent
Tested in: Before Consent · After Rejection · After Acceptance
Network Request Analysis
Outbound requests are audited at every consent state — before choice, after reject, and after accept. You see which domains received data and whether that aligns with your privacy policy commitments.
✓ Audit outbound requests at every consent state
Tested in: Before Consent · After Rejection · After Acceptance
Consent Mode Validation
Google Consent Mode v2 signals are checked for correct default and update values, including ad_user_data and ad_personalization. Missing or incorrect parameters can silently break ad compliance even when your banner looks correct.
✓ Verify Google Consent Mode v2 signal firing and value accuracy
Tested in: Before Consent · After Rejection · After Acceptance
Storage Inspection
localStorage and sessionStorage writes are compared against your declared policy. Some trackers persist identifiers in storage even when cookies are blocked — we surface those writes in context.
✓ Check localStorage and sessionStorage writes against declared policy
Tested in: Before Consent · After Rejection · After Acceptance
GA4
Analytics activation is verified against granted consent. Collect requests, client IDs, and event firing are checked so you know GA4 only runs when users have affirmatively accepted.
✓ Confirm analytics activation aligns with granted consent
Tested in: Before Consent · After Rejection · After Acceptance
GTM
Tag Manager containers are validated across all consent states. Trigger rules, tag sequencing, and consent-aware firing are tested so a misconfigured trigger cannot slip through.
✓ Validate tag firing rules across all consent states
Tested in: Before Consent · After Rejection · After Acceptance
Meta Pixel
The Meta Pixel is verified to fire only after affirmative consent. Pre-consent pixel loads are among the most common violations we detect — and among the easiest to miss in CMP dashboards.
✓ Verify pixel triggers only after affirmative consent
Tested in: Before Consent · After Rejection · After Acceptance
GPC
Global Privacy Control signals are checked for recognition and correct response. As GPC adoption grows, demonstrating enforcement is increasingly important for US state privacy laws.
✓ Check Global Privacy Control signal recognition and response
Tested in: Before Consent · After Rejection · After Acceptance
Privacy Link Checks
Privacy policy and cookie policy links are verified for accessibility, correct targets, and consistency with your banner declarations. Broken or missing links are compliance gaps in their own right.
✓ Confirm accessible and accurate privacy and cookie policy links
Tested in: Before Consent · After Rejection · After Acceptance
See the output before you commit
Every capability produces findings in a structured, exportable report.
example.com
Scanned Jun 11, 2026 · 14:32 UTC
| Severity | Finding | State | Recommendation |
|---|---|---|---|
| Critical | Meta Pixel fires before consent | Before Consent | Gate the pixel behind your CMP accept action. |
| Warning | ad_user_data missing from default update | After Acceptance | Include all four Consent Mode v2 parameters in the update call. |
| Warning | Non-essential cookie set pre-consent | Before Consent | Move _ga cookie creation behind affirmative consent. |
| Info | Rejection blocks GA4 collect requests | After Rejection | No action required. |