Your page fires before anyone consents. Watch it happen.
Paste your URL — a real headless browser loads your page like a first-time visitor and shows every tag, pixel, and cookie that fires before anyone consents. Risk signals, not legal advice.
-
A real rendered session A headless browser loads your page cold and watches the network — what fires, observed, not guessed from source.
-
The consent posture CMP present · Consent Mode default declared · trackers holding for consent — three dots, each with evidence.
-
The inventory Every recognized tag, pixel, and pre-consent cookie — named, categorized, with the request that proves it.
-
The risk register · email-gated Per-tag findings with the specific fix — gate it, declare the default, route it through the CMP.
What it checks
- Every tracker a cold, uninteracted load actually fires — observed in a real rendered session, not guessed from source
- The pixels that matter — Meta, TikTok, LinkedIn, Google Ads — and whether they wait for consent
- Session-replay tools (Hotjar, Clarity, FullStory) — the highest-scrutiny category, flagged hardest
- Consent posture — CMP present, Consent Mode v2 default declared, and whether the gating actually holds
- Cookies set pre-consent — names and owners, never values
What it won’t do
- This is not legal advice — it is an inventory of observable risk signals from one rendered page. Your counsel reads the law; this reads your site.
- No dollar figures, no penalty predictions. We show what fires and what gates it — the exposure math is a conversation, not a widget.
- One page, one cold load. Interaction paths, subdomains, and server-side tagging are the deeper audit — named honestly as the upgrade path.
- No login, no card. The inventory is free; the per-tag risk register with fixes unlocks with a work email.
Before you run it
-
How is this different from a cookie-scanner extension?
It runs a real headless browser on a cold load and watches the network — what actually fires, before any consent interaction. Not a regex over your source; an observation of behavior.
-
Is this legal advice?
No — and the report says so on every surface. It is an inventory of risk signals: which trackers fire, what gates them, what a scrutinizing party would see. What to do about it legally is your counsel’s call.
-
Why does session replay get flagged hardest?
Because recording a visitor’s session draws the most scrutiny of any category — especially for sites serving California visitors. If one tag on your page should wait for explicit consent, it’s that one.
-
My page uses a consent banner — am I fine?
The banner is the easy half. The audit point is whether every tag actually WAITS for it — a CMP present with pixels firing pre-consent is the most common posture we see, and the report shows it plainly.