How it works
Paste a URL. 60 seconds. A scored compliance report showing exactly what fires before consent — whether your banner likes it or not.
The problem
There's a gap between what a scanner reports and what's actually happening on your site. Tag Leak is built to close it.
Other scanners see a sanitised version of your site.
Tag Leak sees what a real visitor sees — including scripts that hide from automated tools.
Listing cookies isn't the same as testing consent gating.
Tag Leak captures what fires before you click accept, and what fires after. The gap between those two is your legal exposure.
A compliant-looking banner doesn't mean a compliant implementation.
Tag Leak checks whether Google Consent Mode v2 is wired correctly, whether your CMP meets IAB TCF v2.2, and scores you across 6 regulations.
The scan
From submission to full compliance report in 60 seconds.
Your site behaves differently when it detects an automated tool — serving a simplified page, skipping scripts, or blocking access entirely. Tag Leak navigates like a real user so the scan sees what your visitors see: the full page, every script, every pixel, every geo-redirect.
Geo-redirects are detected. If your site sends US visitors to one version and EU visitors to another, the scanner sees it.
Before any interaction with your consent banner, every outbound request, cookie write, and pixel fire is captured. This is the pre-consent window — the one that matters for GDPR. Every tracker in this window is a potential violation, regardless of what your banner says.
50,000+ known trackers checked. Results are classified by vendor, severity, and the specific regulation each finding implicates.
Tag Leak accepts your consent banner and captures a second wave of activity. Tags that appear here — and only here — are correctly gated behind consent. Tags that appeared in the pre-consent window are violations regardless of whether they also appear here. The difference between the two passes is your compliance gap.
Your consent platform is also verified: whether it actually recorded consent in storage after the interaction, not just displayed a banner.
Every finding is scored 0–100, mapped to the regulation it violates (GDPR, UK GDPR, CCPA, LGPD, POPIA, PDPA), and assigned to the team that owns the fix. Google Consent Mode v2 and IAB TCF v2.2 are audited separately with their own score. The AI Remediation Document names every fix with [Developer], [GTM Manager], or [Legal] ownership.
Security response headers are checked alongside tracking findings — because compliance isn't only about cookies.
Coverage
One scan. Every dimension of your compliance posture, scored and explained.
Every tag, pixel, and cookie that fires before consent is captured, classified, and mapped to a vendor. 50,000+ known trackers.
All plansAll 7 consent parameters scored 0–100. Detects whether the default consent call fires before any other data is sent to Google.
Starter & ProChecks whether your CMP meets the IAB standard that ad vendors and regulators use to verify consent. Version, TC string, and all 11 purpose consents.
Starter & ProGDPR, UK GDPR, CCPA, LGPD, POPIA, PDPA — each regulation scored individually based on the checks that apply to it.
Starter & Pro6 security headers checked on every scan. Missing headers are flagged with the exact value recommended — separate from cookie findings.
Starter & ProEvery finding gets a fix, assigned to the right owner: [Developer], [GTM Manager], or [Legal]. A document your team can actually act on.
Starter & Pro60s
Time to full report
50k+
Known trackers checked
6
Regulations scored
0–100
Compliance score, not just pass/fail
Built for
Developers
Run a scan before every deploy. Catch pre-consent leaks before legal does. The GCM v2 parameter breakdown tells you exactly which consent flag is misconfigured.
See what Tag Leak does for developers →Marketing & Legal
Show legal a dated compliance report, not a screenshot. The 6-regulation grid and AI Remediation Document tell each stakeholder exactly what to fix and who owns it.
See what Tag Leak does for marketing & legal →Agencies
Scan any client site in 60 seconds. Deliver a white-label PDF compliance report. Bill for the audit, not the tool.
See what Tag Leak does for agencies →Free scan. No signup. Results in 60 seconds.