Free tool · ~30–45 seconds · no login

Your page fires before anyone consents. Watch it happen.

Paste your URL — a real headless browser loads your page like a first-time visitor and shows every tag, pixel, and cookie that fires before anyone consents. Risk signals, not legal advice.

We render this exact page in a real browser — homepage or landing page both work.

A real browser render takes 30–45 seconds — slower than our other tools, because it watches what actually fires. Risk signals, not legal advice.

  • A real rendered session

    A headless browser loads your page cold and watches the network — what fires, observed, not guessed from source.

  • The consent posture

    CMP present · Consent Mode default declared · trackers holding for consent — three dots, each with evidence.

  • The inventory

    Every recognized tag, pixel, and pre-consent cookie — named, categorized, with the request that proves it.

  • The risk register · email-gated

    Per-tag findings with the specific fix — gate it, declare the default, route it through the CMP.

What it checks

  • Every tracker a cold, uninteracted load actually fires — observed in a real rendered session, not guessed from source
  • The pixels that matter — Meta, TikTok, LinkedIn, Google Ads — and whether they wait for consent
  • Session-replay tools (Hotjar, Clarity, FullStory) — the highest-scrutiny category, flagged hardest
  • Consent posture — CMP present, Consent Mode v2 default declared, and whether the gating actually holds
  • Cookies set pre-consent — names and owners, never values

What it won’t do

  • This is not legal advice — it is an inventory of observable risk signals from one rendered page. Your counsel reads the law; this reads your site.
  • No dollar figures, no penalty predictions. We show what fires and what gates it — the exposure math is a conversation, not a widget.
  • One page, one cold load. Interaction paths, subdomains, and server-side tagging are the deeper audit — named honestly as the upgrade path.
  • No login, no card. The inventory is free; the per-tag risk register with fixes unlocks with a work email.
Straight answers

Before you run it

  • How is this different from a cookie-scanner extension?

    It runs a real headless browser on a cold load and watches the network — what actually fires, before any consent interaction. Not a regex over your source; an observation of behavior.

  • Is this legal advice?

    No — and the report says so on every surface. It is an inventory of risk signals: which trackers fire, what gates them, what a scrutinizing party would see. What to do about it legally is your counsel’s call.

  • Why does session replay get flagged hardest?

    Because recording a visitor’s session draws the most scrutiny of any category — especially for sites serving California visitors. If one tag on your page should wait for explicit consent, it’s that one.

  • My page uses a consent banner — am I fine?

    The banner is the easy half. The audit point is whether every tag actually WAITS for it — a CMP present with pixels firing pre-consent is the most common posture we see, and the report shows it plainly.