FREE WEBSITE PRIVACY & CONSENT SCANNER

Your website is leaking user data before consent

Most consent banners aren't blocking anything. Find out if yours is one of them. Free scan, no signup required.

Scan regulation:All RegulationsGDPRUK GDPRCCPA / CPRALGPDPOPIAPDPA
No signup requiredFull report in 60 seconds50,000+ known trackers6-regulation audit10,000+ scans run

Full Compliance report in under 60 seconds

Know exactly what to fix, and where.

Compliance Score12/100

β€œMeta Pixel and TikTok Pixel sending user data to ad networks before any consent interaction.”

Regulatory Compliance

πŸ‡ͺπŸ‡ΊGDPR
28/100
πŸ‡¬πŸ‡§UK GDPR
35/100
πŸ‡ΊπŸ‡ΈCCPA
82/100
πŸ‡§πŸ‡·LGPD
31/100
πŸ‡ΏπŸ‡¦POPIA
44/100
πŸ‡ΉπŸ‡­PDPA
28/100

Generate Remediation Document

Step-by-step remediation guide

Download PDF

Detected Leaks

Live Scan Analysis
Critical20
Google Analytics
Google Analytics2 findingsID tracked

region1.google-analytics.com, _ga_Q1FXP4&JAS

Google Analytics
criticalNetworkGoogle Analytics

GA4 (Google) loaded before consent: Sends pageview and event data to Google Analytics

ID: G-Q1CWP42JTSHost: region1.google-analytics.comFired: 1957ms after load
Google Analytics
criticalCookieGoogle Analytics

Google Analytics cookie "_ga_Q1FXP4&JAS" set before consent

Cookie: _ga_Q1FXP4&JASDomain: .traderise.com
Meta Pixel
Meta Pixel2 findingsID tracked

www.facebook.com, _fbp

Meta Pixel
criticalNetworkMeta Pixel

Meta Pixel loaded before consent: Meta Pixel tracking endpoint

ID: 1622288438147367Host: www.facebook.comFired: 2754ms after load
Meta Pixel
criticalStorageMeta Pixel

Meta Pixel wrote "_fbp" to localStorage before consent

Key: _fbpType: localStorageFired: 1634ms after load
TikTok Pixel
TikTok Pixel2 findings

analytics.tiktok.com, _ttp

TikTok Pixel
criticalNetworkTikTok Pixel

TikTok Pixel (TikTok) loaded before consent: Sends event data to TikTok for ad measurement

Host: analytics.tiktok.comFired: 2053ms after load
TikTok Pixel
criticalCookieTikTok Pixel

TikTok Pixel cookie "_ttp" set before consent

Cookie: _ttpDomain: .tiktok.com
Warnings9
Google Tag Manager
warningNetworkGoogle Tag Manager

Google Tag Manager loaded before consent: Loads the GTM container which may trigger other tags

ID: GTM-WMQXZT9LKHost: www.googletagmanager.comFired: 649ms after load

The compliance landscape

Cookie compliance isn't optional anymore.

€4.5B+

in GDPR fines issued since 2018

3 in 4

websites fire tracking tags before user consent

$25K+/yr

is what enterprise audit tools charge

How It Works

See what your consent setup is really doing

1

Enter your website

No setup. No integration. Just a URL and we take it from there.

2

We simulate a real visitor

Behind the scenes, we analyze how your site behaves in real-world conditions, before and after consent.

3

Get a full compliance report

Every tag, cookie, storage write, and third-party request classified by severity - across up to 100 pages. GCM v2 audit, IAB TCF v2.2 status, 6-regulation compliance scoring, security headers, and a Remediation Document with per-finding team ownership. Compliance score out of 100.

What's in every scan

More than a cookie check.

Every scan covers your full privacy posture - not just what's in the cookie jar.

Pre-consent leak detection

A stealth Chromium browser visits your site with zero cookies and no history. Every network request, cookie, and storage write that fires before consent is recorded and classified against 50,000+ known tracker signals - including Meta Pixel, TikTok, GA4, Google Ads, Adjust, Segment, and more.

Google Consent Mode v2 audit

Tag Leak intercepts GCM calls before any page script runs. All 7 consent parameters are checked - ad_storage, ad_user_data, ad_personalization, and more. Your implementation is scored 0–100 with specific issues called out. Required for compliant Google Ads measurement in the EU after January 2024.

Security header check

Six headers checked on every scan. Missing headers are flagged with in a remediation document so developers know exactly what to add.

Multi-page scanning

Your homepage might be clean. Your /checkout, /blog, and /contact might not be. Tag Leak automatically discovers pages from your sitemap and scans up to 25 pages (Starter) or 100 pages (Pro) - deduplicating findings across pages and showing a per-page score breakdown.

IAB TCF v2.2 - the standard your CMP must pass

All IAB-registered consent platforms (Cookiebot, Didomi, Axeptio, OneTrust, and 200+ others) are required to implement TCF v2.2. Tag Leak calls __tcfapidirectly - the same way a regulator's tool would - checks your version (v2.2 vs outdated), validates event status, and audits all 11 IAB consent purposes. Scored 0–100 with specific issues called out.

Every finding has an owner

After your scan, generate a Remediation Document: a prioritized fix guide that assigns each violation to the right team - [Developer], [GTM Manager], [Legal]. Executive summary for leadership. Compliance checklist for sign-off. Download as PDF in one click. This is what $400/hr privacy consultants produce. Tag Leak does it in 30 seconds.

New

Cookie Policy Generator

Generate a GDPR-compliant cookie policy from your actual scan - not a generic template. TagLeak pre-populates every cookie name, vendor, duration, and category detected on your site.

  • Covers GDPR, UK GDPR, CCPA, LGPD, POPIA, and PDPA in one document
  • Pre-populated with real cookies detected from your live scan
  • Download as a branded PDF - your logo, no TagLeak watermark (Pro)
  • Alerts you when new cookies appear and your policy needs updating
Cookie Policy
Download PDF

Cookies We Use

Cookie
Vendor
Duration
Type
_fbp
Meta Pixel
90 days
Marketing
_ga
Google Analytics
2 years
Analytics
_ttp
TikTok Pixel
13 months
Marketing
_gcl_au
Google Ads
90 days
Marketing

Your Rights

πŸ‡ͺπŸ‡Ί GDPR - Right to withdraw consent, access, erasure

πŸ‡ΊπŸ‡Έ CCPA - Right to opt out of sale/sharing

πŸ‡§πŸ‡· LGPD - Right to correction and portability

Continuous monitoring

Your compliance score can change without you touching a line of code.

A GTM update, a new third-party script, a seasonal campaign pixel, a CMP version upgrade - any of these can re-introduce violations you already fixed. Tag Leak re-scans your site on a daily or weekly schedule and emails you the moment your compliance score drops or a new pre-consent leak appears.

Starter3 sites monitored, weekly re-scans
Pro20 sites monitored, daily re-scans

Compliance timeline - example.com

Week 191/100All clear
Week 288/100All clear
Week 347/100GTM update introduced Meta Pixel pre-consentAlert sent
Week 489/100Resolved - pixel correctly gated

Why Tag Leak

Most compliance tools help you look compliant. We show if you actually are.

Banners don’t stop data leaks. Checklists don’t catch real behavior. Tag Leak is built to expose what’s really happening on your site β€” across vendors, regions, and consent states.

CapabilityTag LeakCookieYesCookiebotOneTrust
Pre vs post-consent two-pass scanβœ“---
GCM v2 implementation audit (0–100 score)βœ“---
TCF v2.2 implementation audit (third-party)βœ“---
6-regulation compliance scoringβœ“--βœ“
Geo-scanning (EU, UK, US, BR, APAC)βœ“---
Security headers auditβœ“---
AI remediation documentβœ“---
Cookie policy generated from scan dataβœ“---
Scan any URL free - no account, no installβœ“---
Consent banner product-βœ“βœ“βœ“

"Implementation audit" = verifying whether an existing GCM v2 or TCF v2.2 setup is correctly configured, scored 0–100. CookieYes and Cookiebot implement these standards in their own banners - they do not audit third-party implementations. Comparison as of April 2026.

Who it's for

From solo founders to full compliance teams.

Tag Leak works wherever compliance matters.

Founders & Developers

Move fast without breaking privacy laws. One scan before each deploy tells you if you're compliant - no legal consultation required.

  • +60-second audit, runs before every deploy
  • +GCM v2 and TCF v2.2 scored with exact parameters
  • +Starts free, no credit card
Built for developers β†’

Marketing & Legal Teams

You added the pixels. Now prove to legal they're not firing before consent - with a document that assigns every fix to the right owner.

  • +6-regulation compliance grid: GDPR, UK GDPR, CCPA, LGPD, POPIA, PDPA
  • +AI Remediation Document with [Developer] / [GTM Manager] ownership tags
  • +GCM v2 status and TCF v2.2 score at a glance
  • +No dev required to interpret results
Built for marketers β†’

Agencies & Consultants

Scan any client site in 60 seconds. Deliver a branded PDF compliance report. Look like the expert you are.

  • +White-label PDF reports - your logo, no Tag Leak watermark
  • +Scan up to 100 pages per client site audit
  • +Monitor 20 client sites with daily re-scans and alerts
  • +Cookie policy generator with client branding
Built for agencies β†’

Pricing

Start free. Upgrade when you're ready.

No credit card required. Cancel anytime.

Free

$0/month

See what's leaking. No commitment.

  • Compliance score out of 100
  • 50,000+ known trackers
  • Partial report (top findings only)
  • No security headers report
  • No GCM v2 analysis
  • No saved reports or monitoring
Most Popular

Starter

$19/month

Everything you need to stay compliant.

  • Unlimited scans
  • Full report β€” all findings, no limits
  • Security headers report
  • Google Consent Mode v2 analysis
  • 25-page scanning per audit
  • 3 monitored sites + weekly alerts
  • Saved reports & scan history

Pro

$49/month

For teams managing multiple sites.

  • Everything in Starter
  • 100-page scanning per audit
  • 20 monitored sites + daily alerts
  • Geo-scanning from EU, UK, US, Brazil & APAC
  • White-label PDF reports β€” your logo, no watermark
  • AI Remediation Document (3/day)
  • Cookie policy generator
  • Unlimited saved reports
  • Priority email support

Prices in USD.

FAQ

Questions

Find out what your site is leaking

One scan. 60 seconds. No signup.