FREE WEBSITE PRIVACY & CONSENT SCANNER

Your site sends user data to third-party servers

Before anyone clicks “Accept.”

Most consent banners load the tags anyway. IP addresses, identifiers, and cookies reach third-party servers before the user has a chance to say no. Free scan tells you exactly what's firing on your site, and where. No signup required.

Scan regulation:All RegulationsGDPRUK GDPRCCPA / CPRALGPDPOPIAPDPA
No signup requiredFull report in 60 seconds50,000+ known trackers6-regulation audit10,000+ scans run

Full Compliance report in under 60 seconds

Know exactly what to fix, and where.

Compliance Score12/100

“Meta Pixel and TikTok Pixel sending user data to ad networks before any consent interaction.”

Regulatory Compliance

🇪🇺GDPR
28/100
🇬🇧UK GDPR
35/100
🇺🇸CCPA
82/100
🇧🇷LGPD
31/100
🇿🇦POPIA
44/100
🇹🇭PDPA
28/100

Generate Remediation Document

Step-by-step remediation guide

Download PDF

Detected Leaks

Live Scan Analysis
Critical20
Google Analytics
Google Analytics2 findingsID tracked

region1.google-analytics.com, _ga_Q1FXP4&JAS

Google Analytics
criticalNetworkGoogle Analytics

GA4 (Google) loaded before consent: Sends pageview and event data to Google Analytics

ID: G-Q1CWP42JTSHost: region1.google-analytics.comFired: 1957ms after load
Google Analytics
criticalCookieGoogle Analytics

Google Analytics cookie "_ga_Q1FXP4&JAS" set before consent

Cookie: _ga_Q1FXP4&JASDomain: .traderise.com
Meta Pixel
Meta Pixel2 findingsID tracked

www.facebook.com, _fbp

Meta Pixel
criticalNetworkMeta Pixel

Meta Pixel loaded before consent: Meta Pixel tracking endpoint

ID: 1622288438147367Host: www.facebook.comFired: 2754ms after load
Meta Pixel
criticalStorageMeta Pixel

Meta Pixel wrote "_fbp" to localStorage before consent

Key: _fbpType: localStorageFired: 1634ms after load
TikTok Pixel
TikTok Pixel2 findings

analytics.tiktok.com, _ttp

TikTok Pixel
criticalNetworkTikTok Pixel

TikTok Pixel (TikTok) loaded before consent: Sends event data to TikTok for ad measurement

Host: analytics.tiktok.comFired: 2053ms after load
TikTok Pixel
criticalCookieTikTok Pixel

TikTok Pixel cookie "_ttp" set before consent

Cookie: _ttpDomain: .tiktok.com
Warnings9
Google Tag Manager
warningNetworkGoogle Tag Manager

Google Tag Manager loaded before consent: Loads the GTM container which may trigger other tags

ID: GTM-WMQXZT9LKHost: www.googletagmanager.comFired: 649ms after load

The compliance landscape

Cookie compliance isn't optional anymore.

€4.5B+

in GDPR fines issued since 2018

3 in 4

websites fire tracking tags before user consent

Based on the first 10,000+ scans run by Tag Leak, April 2026

Your CMP tells you what your banner promises.

Tag Leak tells you what your site actually does.

How It Works

See what your consent setup is really doing

1

Enter your website

No setup. No integration. Just a URL and we take it from there.

2

We simulate a real visitor

Behind the scenes, we analyze how your site behaves in real-world conditions, before and after consent.

3

Get a full compliance report

Every tag, cookie, storage write, and third-party request classified by severity - across up to 100 pages. GCM v2 audit, IAB TCF v2.3 status, 6-regulation compliance scoring, security headers, and a Remediation Document with per-finding team ownership. Compliance score out of 100.

What actually leaks?

What reaches the third party before consent

When a third-party tag fires on your site before a user consents, here's what the receiving server gets.

IP address

Personal data under GDPR. Transmitted as part of any network request to Meta, Google, TikTok, or any third-party host.

Request headers

User agent, referrer, language, and any existing cookies on that third-party’s domain — sent automatically by the browser.

Identifiers

Click IDs, pixel IDs, and event payloads passed in the request URL or body. Enough to re-identify a returning user.

Storage writes

Cookies, localStorage, and sessionStorage set on the user’s device — often before any banner interaction.

This is the actual GDPR and ePrivacy issue — not “fingerprinting,” which is a separate and more active form of collection. Tag Leak flags all four categories, scored by severity, with the exact host, timing, and payload for each finding.

What's in every scan

More than a cookie check.

Every scan covers your full privacy posture - not just what's in the cookie jar.

Pre-consent leak detection

A stealth Chromium browser visits your site with zero cookies and no history. Every network request, cookie, and storage write that fires before consent is recorded and classified against 50,000+ known tracker signals - including Meta Pixel, TikTok, GA4, Google Ads, Adjust, Segment, and more.

Google Consent Mode v2 audit

Tag Leak intercepts GCM calls before any page script runs. All 7 consent parameters are checked - ad_storage, ad_user_data, ad_personalization, and more. Your implementation is scored 0–100 with specific issues called out. Required for compliant Google Ads measurement in the EU after January 2024.

Security header check

Six headers checked on every scan. Missing headers are flagged with in a remediation document so developers know exactly what to add.

Multi-page scanning

Your homepage might be clean. Your /checkout, /blog, and /contact might not be. Tag Leak automatically discovers pages from your sitemap and scans up to 25 pages (Starter) or 100 pages (Pro) - deduplicating findings across pages and showing a per-page score breakdown.

IAB TCF v2.3 - the standard your CMP must pass

All IAB-registered consent platforms (Cookiebot, Didomi, Axeptio, OneTrust, and 200+ others) must implement TCF v2.3 — enforcement began March 2026. Tag Leak calls __tcfapidirectly - the same way a regulator's tool would - checks your version, validates the mandatory disclosedVendors segment, and audits all 11 IAB consent purposes. Scored 0–100 with specific issues called out.

Every finding has an owner

After your scan, generate a Remediation Document: a prioritized fix guide that assigns each violation to the right team - [Developer], [GTM Manager], [Legal]. Executive summary for leadership. Compliance checklist for sign-off. Download as PDF in one click. This is what $400/hr privacy consultants produce. Tag Leak does it in 30 seconds.

New

Cookie Policy Generator

Generate a GDPR-compliant cookie policy from your actual scan - not a generic template. TagLeak pre-populates every cookie name, vendor, duration, and category detected on your site.

  • Covers GDPR, UK GDPR, CCPA, LGPD, POPIA, and PDPA in one document
  • Pre-populated with real cookies detected from your live scan
  • Download as a branded PDF - your logo, no TagLeak watermark (Pro)
  • Alerts you when new cookies appear and your policy needs updating
Cookie Policy
Download PDF

Cookies We Use

Cookie
Vendor
Duration
Type
_fbp
Meta Pixel
90 days
Marketing
_ga
Google Analytics
2 years
Analytics
_ttp
TikTok Pixel
13 months
Marketing
_gcl_au
Google Ads
90 days
Marketing

Your Rights

🇪🇺 GDPR - Right to withdraw consent, access, erasure

🇺🇸 CCPA - Right to opt out of sale/sharing

🇧🇷 LGPD - Right to correction and portability

Continuous monitoring

Your compliance score can change without you touching a line of code.

A GTM update, a new third-party script, a seasonal campaign pixel, a CMP version upgrade - any of these can re-introduce violations you already fixed. Tag Leak re-scans your site on a daily or weekly schedule and emails you the moment your compliance score drops or a new pre-consent leak appears.

Starter3 sites monitored, weekly re-scans
Pro20 sites monitored, daily re-scans

Compliance timeline - example.com

Week 191/100

All clear

Week 288/100

All clear

Week 347/100Alert sent

GTM update introduced Meta Pixel pre-consent

Week 489/100

Resolved - pixel correctly gated

Why Tag Leak

Most compliance tools help you look compliant. We show if you actually are.

Banners don’t stop data leaks. Checklists don’t catch real behavior. Tag Leak is built to expose what’s really happening on your site — across vendors, regions, and consent states.

CapabilityTag LeakCookieYesCookiebotOneTrust
Pre vs post-consent two-pass scan---
GCM v2 implementation audit (0–100 score)---
TCF v2.3 implementation audit (third-party)---
6-regulation compliance scoring--
Geo-scanning (EU, UK, US, BR, APAC)---
Security headers audit---
AI remediation document---
Cookie policy generated from scan data---
Scan any URL free - no account, no install---
Consent banner product (CMP)-
Verifies what the CMP actually blocks---

Tag Leak is complementary to CMPs like Cookiebot, Didomi, and OneTrust. Use your CMP to collect consent. Use Tag Leak to verify it's being respected.

“Implementation audit” = verifying whether an existing GCM v2 or TCF v2.3 setup is correctly configured, scored 0–100. CookieYes and Cookiebot implement these standards in their own banners - they do not audit third-party implementations. Comparison as of April 2026.

Who it's for

From solo founders to full compliance teams.

Tag Leak works wherever compliance matters.

Founders & Developers

Move fast without breaking privacy laws. One scan before each deploy tells you if you're compliant - no legal consultation required.

  • +60-second audit, runs before every deploy
  • +GCM v2 and TCF v2.3 scored with exact parameters
  • +Starts free, no credit card
Built for developers →

Marketing & Legal Teams

You added the pixels. Now prove to legal they're not firing before consent - with a document that assigns every fix to the right owner.

  • +6-regulation compliance grid: GDPR, UK GDPR, CCPA, LGPD, POPIA, PDPA
  • +AI Remediation Document with [Developer] / [GTM Manager] ownership tags
  • +GCM v2 status and TCF v2.3 score at a glance
  • +No dev required to interpret results
Built for marketers →

Agencies & Consultants

Scan any client site in 60 seconds. Deliver a branded PDF compliance report. Look like the expert you are.

  • +White-label PDF reports - your logo, no Tag Leak watermark
  • +Scan up to 100 pages per client site audit
  • +Monitor 20 client sites with daily re-scans and alerts
  • +Cookie policy generator with client branding
Built for agencies →

Pricing

Start free. Upgrade when you're ready.

No credit card required. Cancel anytime.

Free

$0/month

See what's leaking. No commitment.

  • Compliance score out of 100
  • 50,000+ known trackers
  • Partial report (top findings only)
  • No security headers report
  • No GCM v2 analysis
  • No saved reports or monitoring
Most Popular

Starter

$19/month

Everything you need to stay compliant.

  • Unlimited scans
  • Full report — all findings, no limits
  • Security headers report
  • Google Consent Mode v2 analysis
  • 25-page scanning per audit
  • 3 monitored sites + weekly alerts
  • Saved reports & scan history

Pro

$49/month

For teams managing multiple sites.

  • Everything in Starter
  • 100-page scanning per audit
  • 20 monitored sites + daily alerts
  • Geo-scanning from EU, UK, US, Brazil & APAC
  • White-label PDF reports — your logo, no watermark
  • AI Remediation Document (3/day)
  • Cookie policy generator
  • Unlimited saved reports
  • Priority email support

Prices in USD.

FAQ

Questions

Find out what your site is leaking

One scan. 60 seconds. No signup.