What does this report mean?

Every scan visits the site three times in a fresh incognito browser:

• Before consent — page loads, banner is ignored. Nothing tracking should fire.
• After Accept — page loads, then we click Accept. Configured trackers should turn on.
• After Reject — page loads, then we click Reject. Trackers should stay off.

The three outcomes together form the audit.

• Tracking was blocked — Good. Nothing fired when it shouldn't have.
• Tracking turned on after consent — Good. The site waited for the user to say yes.
• Tracking ran before consent — Bad. A tracker ran before any choice was made.
• Tracking kept running after Reject — Bad. The site ignored the user's no.
• We couldn't see enough to judge — Inconclusive. Bot protection or a slow page blocked us.
• We couldn't use the banner — Inconclusive. Add manual selectors in Settings.

Cookie banner / CMP — the consent prompt (OneTrust, Cookiebot, etc.).

Tracker / vendor — third-party tools like Google Analytics, Meta Pixel, Hotjar.

Consent Mode v2 — Google's system for sending privacy-safe “denied” pings when the user hasn't consented.

Cookieless ping — a Google request with consent denied. Allowed under GDPR — counts as compliant.

gcs / gcd / npa / dma — raw Google Consent Mode parameters on network requests.