GDPR compliance scanner
Tag Leak audits the technical requirements that GDPR and ePrivacy actually mandate: no cookies or tracking before consent, a working consent mechanism, correct Google Consent Mode v2 implementation, and IAB TCF v2.2 compliance if you use an IAB-registered CMP.
Free scan ยท No signup ยท Every scan covers all 6 major privacy regulations
Technical checks
These are scanner-detectable technical requirements. Regulatory compliance also requires legal review of your policies, contracts, and data processing activities.
GDPR Article 6 and ePrivacy Directive require that non-essential cookies and trackers fire only after a user has freely given, specific, and informed consent. Tag Leak captures everything that fires before any consent interaction โ GA4, Meta Pixel, Google Ads, and 50,000+ other known tracker signals.
A banner that renders but fails to block scripts is not a valid consent mechanism. Tag Leak tests whether your CMP (Cookiebot, OneTrust, Usercentrics, Didomi, and 20+ others) actually prevents tracking before consent โ using CSS selectors, programmatic CMP API calls, iframe probing, and shadow DOM detection.
GCM v2 is required for compliant GA4 and Google Ads operation in EU markets. Tag Leak intercepts consent calls before any page script runs and checks all seven parameters. A default state of 'granted' is a violation โ parameters must default to 'denied' until consent is given.
If you use an IAB-registered CMP (Cookiebot, Didomi, OneTrust, Axeptio, and 200+ others), your implementation must meet TCF v2.2 requirements. Tag Leak calls __tcfapi directly and checks version, event status, TC string validity, and all 11 IAB consent purposes.
Per CNIL and ICO guidance, tracking cookies with a lifetime exceeding 13 months are treated as disproportionate. Tag Leak flags cookies in the pre-consent phase that exceed 396 days as a critical violation, separate from the cookie firing issue.
GDPR Article 32 requires appropriate technical measures to protect personal data. Tag Leak checks six security response headers โ HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy โ as part of every scan.
GDPR violations often appear on pages other than the homepage โ checkout flows, sign-up forms, product pages. Tag Leak discovers pages from your sitemap and scans up to 100 in parallel, giving you a full-site compliance picture.
Your GDPR compliance result is presented as a score 0โ100 with a per-check pass/fail breakdown. Checks include: consent banner detected, pre-consent trackers absent, GCM v2 correctly configured, TCF v2.2 valid, cookie lifetimes within threshold.
Note: GDPR compliance is not solely technical. Data Processing Agreements, Records of Processing Activities, Privacy Notices, Data Subject Request processes, and legal basis documentation are outside what any scanner can verify. Tag Leak tells you what's technically broken so you can fix it โ legal review remains essential.
You do not need to select GDPR โ every Tag Leak scan automatically audits all six major privacy regulations in one pass. Run a single scan and get compliance scores for GDPR, UK GDPR, CCPA, LGPD, POPIA, and PDPA simultaneously.
Free scan. No signup. Results in 60 seconds.
Every Tag Leak scan also audits GDPR ยท UK GDPR ยท CCPA ยท LGPD ยท POPIA ยท PDPA automatically.