Tag LeakScan your site free →
Shared compliance report — powered by Tag Leak
Scan your own site →

https://www.dailymail.co.uk/

Scanned Apr 14, 2026 · 40.2s

Your website score is

0/100
Critical

Grade

F0

Banner

No

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 41 user data leaks before consent on dailymail.co.uk, including The Globe and Mail (Advertising Tracker), Akamai (Analytics Tracker), GA4 and 5 more.

Security Headers

0/6 present

Strict-Transport-Security

Add HSTS header to enforce HTTPS connections and prevent downgrade attacks

Content-Security-Policy

Add a Content-Security-Policy header to prevent XSS and code injection attacks

X-Frame-Options

Add X-Frame-Options header to prevent clickjacking attacks

X-Content-Type-Options

Set X-Content-Type-Options to 'nosniff' to prevent MIME type sniffing

Referrer-Policy

Set a Referrer-Policy header to control how much referrer information is shared

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

Not Detected

Google Consent Mode v2 was not found on this page. GCM v2 allows Google's tags to adjust their behavior based on user consent, and is required for compliant advertising measurement in the EU. Without it, your Google Ads and GA4 conversions may be impacted after consent is declined.

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

6 vendors

Consent Mode

Basic

GTM Load

Not detected

Consent Mode V2: Basic

Basic Consent Mode — anonymised pings still fire after rejection. Permitted by Google but legally contested under PECR.

Vendors firing after rejection (6)

VendorCategoryTimingURL
Google — GA4Basic CM ping23501msregion1.analytics.google.com
VWO — VWOBasic CM ping24492msdev.visualwebsiteoptimizer.com
Google — Google Tag ManagerBasic CM ping24501mswww.googletagmanager.com
Google — GA4Basic CM ping25351mswww.googletagmanager.com
Google — Google AdsBasic CM ping25359mspagead2.googlesyndication.com
Google — GA4Basic CM ping25777msregion1.google-analytics.com
Consent wall detected — rejecting cookies navigates users away from the page (EDPB: consent walls are invalid)

Consent Record Audit

Issues detected

Consent record stored after interaction

GDPR Art. 7(1)

No consent record written — cannot prove consent was given

No CMP consent cookie or localStorage entry was found after the consent interaction. GDPR requires controllers to demonstrate consent was given.

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

No way for users to withdraw consent found on page

No cookie settings link, footer link, or floating consent button was detected. GDPR requires users to withdraw consent as easily as they gave it.

Why this matters

Under GDPR Article 7, controllers must be able to demonstrate that consent was given (Art. 7(1)) and ensure users can withdraw consent at any time, as easily as giving it (Art. 7(3)). Sites with no consent record or no withdrawal mechanism cannot legally rely on consent as a lawful basis.

Tracker categories detected

Advertising5 vendors
Analytics5 vendors
Security6
Functional3 vendors
Tag Management1 vendor
Critical18

Data was transmitted to a third-party or storage was written on the user’s device before consent. This is a GDPR/ePrivacy violation, not just a script load.

Google Analytics
Google Analytics4 findingsID tracked

region1.analytics.google.com, www.googletagmanager.com, _ga, _ga_C9F47K6NW6

GA4
criticalNetworkAnalyticsGA4

GA4 (Google) loaded before consent: Sends pageview and event data to Google Analytics

ID: G-C9F47K6NW6Host: region1.analytics.google.comFired: 6669ms after load
GA4
criticalNetworkAnalyticsGA4

GA4 (Google) loaded before consent: Google Analytics gtag.js library

Host: www.googletagmanager.comFired: 2493ms after load
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga" set before consent

Cookie: _gaDomain: .dailymail.co.uk
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_C9F47K6NW6" set before consent

Cookie: _ga_C9F47K6NW6Domain: .dailymail.co.uk
Google (Tracker Tracker)
Google (Tracker Tracker)2 findingsID tracked

stats.g.doubleclick.net, s0.2mdn.net

Google (Tracker Tracker)
criticalNetworkGoogle (Tracker Tracker)

Google (tracker) loaded before consent

ID: G-C9F47K6NW6Host: stats.g.doubleclick.netFired: 6669ms after load
Google (Tracker Tracker)
criticalNetworkGoogle (Tracker Tracker)

Google (tracker) loaded before consent

Host: s0.2mdn.netFired: 5212ms after load
The Globe and Mail (Advertising Tracker)
criticalNetworkAdvertisingThe Globe and Mail (Advertising Tracker)

The Globe and Mail (advertising) loaded before consent

Host: cdn.sophi.ioFired: 1695ms after load
Akamai (Analytics Tracker)
Akamai (Analytics Tracker)3 findings

s.go-mpulse.net, c.go-mpulse.net, 0217990f.akstat.io

Akamai (Analytics Tracker)
criticalNetworkAnalyticsAkamai (Analytics Tracker)

Akamai (analytics) loaded before consent

Host: s.go-mpulse.netFired: 1695ms after load
Akamai (Analytics Tracker)
criticalNetworkAnalyticsAkamai (Analytics Tracker)

Akamai (analytics) loaded before consent

Host: c.go-mpulse.netFired: 2003ms after load
Akamai (Analytics Tracker)
criticalNetworkAnalyticsAkamai (Analytics Tracker)

Akamai (analytics) loaded before consent

Host: 0217990f.akstat.ioFired: 7725ms after load
DotMetrics (Advertising Tracker)
DotMetrics (Advertising Tracker)2 findings

uk-script.dotmetrics.net, rm-script.dotmetrics.net

DotMetrics (Advertising Tracker)
criticalNetworkAdvertisingDotMetrics (Advertising Tracker)

DotMetrics (advertising) loaded before consent

Host: uk-script.dotmetrics.netFired: 2511ms after load
DotMetrics (Advertising Tracker)
criticalNetworkAdvertisingDotMetrics (Advertising Tracker)

DotMetrics (advertising) loaded before consent

Host: rm-script.dotmetrics.netFired: 6090ms after load
TMTDigital (Advertising Tracker)
criticalNetworkAdvertisingTMTDigital (Advertising Tracker)

TMTDigital (advertising) loaded before consent

Host: scripts.webcontentassessor.comFired: 3151ms after load
Google Ads
criticalNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded before consent: Google ad syndication and remarketing

Host: pagead2.googlesyndication.comFired: 5212ms after load
criticalNetwork

No consent banner detected — all cookies and tags fire without user consent

criticalConsent

Consent wall detected — rejecting cookies redirects user to a different page (EDPB guidance: consent walls are not valid)

criticalConsent Record

No consent record stored after interaction — GDPR Article 7(1) requires controllers to demonstrate consent was given

criticalConsent Record

No consent withdrawal mechanism found — GDPR Article 7(3) requires users can withdraw consent as easily as giving it

Warnings30

A tag container or script loaded before consent but tags appear correctly gated (e.g. GTM with Consent Mode v2). Not a violation on its own — review to confirm downstream tags stay blocked.

Google — GA4
warningPost-RejectionAnalyticsGoogle — GA4

Google — GA4 ping fires after rejection (Basic Consent Mode — anonymised, legal grey zone)

Fired: 23501ms after load
VWO — VWO
warningPost-RejectionAnalyticsVWO — VWO

VWO — VWO ping fires after rejection (Basic Consent Mode — anonymised, legal grey zone)

Fired: 24492ms after load
Google — Google Tag Manager
warningPost-RejectionTag ManagementGoogle — Google Tag Manager

Google — Google Tag Manager ping fires after rejection (Basic Consent Mode — anonymised, legal grey zone)

Fired: 24501ms after load
Google — Google Ads
warningPost-RejectionAdvertisingGoogle — Google Ads

Google — Google Ads ping fires after rejection (Basic Consent Mode — anonymised, legal grey zone)

Fired: 25359ms after load
vendor logo
warningNetwork

Unknown third-party request to cmp.dmgmediaprivacy.co.uk before consent

Host: cmp.dmgmediaprivacy.co.ukFired: 1695ms after load
vendor logo
warningNetwork

Unknown third-party request to crossdomain.mailplus.co.uk before consent

Host: crossdomain.mailplus.co.ukFired: 2499ms after load
vendor logo
warningNetwork

Unknown third-party request to hulkprod.anm.co.uk before consent

Host: hulkprod.anm.co.ukFired: 2516ms after load
vendor logo
warningNetwork

Unknown third-party request to scripts.dailymail.com before consent

Host: scripts.dailymail.comFired: 3497ms after load
vendor logo
warningNetwork

Unknown third-party request to video.dailymail.com before consent

Host: video.dailymail.comFired: 5479ms after load
warningStorage

localStorage key "_ml_id" written before consent

Key: _ml_idType: localStorageFired: 1887ms after load
warningStorage

localStorage key "_matheriSegs" written before consent

Key: _matheriSegsType: localStorageFired: 1889ms after load
warningStorage

localStorage key "demeter" written before consent

Key: demeterType: localStorageFired: 1940ms after load
warningStorage

localStorage key "_boomr_clss" written before consent

Key: _boomr_clssType: localStorageFired: 1974ms after load
warningStorage

sessionStorage key "mol-fe-tracking-scv-session-id" written before consent

Key: mol-fe-tracking-scv-session-idType: sessionStorageFired: 2482ms after load
warningStorage

localStorage key "mol-fe-cookie-reinforcer" written before consent

Key: mol-fe-cookie-reinforcerType: localStorageFired: 2486ms after load
warningStorage

sessionStorage key "rumv" written before consent

Key: rumvType: sessionStorageFired: 2491ms after load
warningStorage

localStorage key "mol-fe-multivariant-numbers" written before consent

Key: mol-fe-multivariant-numbersType: localStorageFired: 2497ms after load
warningStorage

localStorage key "mol-fe-tracking-lastNonInternalReferrer" written before consent

Key: mol-fe-tracking-lastNonInternalReferrerType: localStorageFired: 2500ms after load
warningStorage

localStorage key "mol-fe-tracking-referrer-session" written before consent

Key: mol-fe-tracking-referrer-sessionType: localStorageFired: 2503ms after load
warningStorage

localStorage key "mol-fe-tracking-referrer-external-session" written before consent

Key: mol-fe-tracking-referrer-external-sessionType: localStorageFired: 2503ms after load
warningStorage

localStorage key "mol-fe-segmentation.data" written before consent

Key: mol-fe-segmentation.dataType: localStorageFired: 2505ms after load
warningStorage

localStorage key "rta3|ted.dailymail.co.uk" written before consent

Key: rta3|ted.dailymail.co.ukType: localStorageFired: 2518ms after load
warningStorage

localStorage key "dmg.user.id" written before consent

Key: dmg.user.idType: localStorageFired: 2519ms after load
warningStorage

localStorage key "rta3|t.dailymail.co.uk" written before consent

Key: rta3|t.dailymail.co.ukType: localStorageFired: 2529ms after load
warningStorage

localStorage key "dmg.cmp.uuid" written before consent

Key: dmg.cmp.uuidType: localStorageFired: 3425ms after load
warningStorage

sessionStorage key "mol-fe-favicon-new-content-indicator/articleIds" written before consent

Key: mol-fe-favicon-new-content-indicator/articleIdsType: sessionStorageFired: 5085ms after load
warningStorage

localStorage key "MOL-FE-WEB-PUSH_NOTIFICATION_CLICKS" written before consent

Key: MOL-FE-WEB-PUSH_NOTIFICATION_CLICKSType: localStorageFired: 5218ms after load
warningStorage

localStorage key "mol-fe-previous-render-platform" written before consent

Key: mol-fe-previous-render-platformType: localStorageFired: 5487ms after load
warningStorage

sessionStorage key "dummy" written before consent

Key: dummyType: sessionStorageFired: 9520ms after load
warningStorage

sessionStorage key "ak_bm_tab_id" written before consent

Key: ak_bm_tab_idType: sessionStorageFired: 9520ms after load
Info9

Neutral observations — activity we detected that isn’t a violation but is useful context (e.g. essential cookies, CMP initialisation).

Google (Cdn)
Google (Cdn)4 findingsID tracked

www.google.it, fonts.googleapis.com, imasdk.googleapis.com, fonts.gstatic.com

Google (Cdn)
infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

ID: G-C9F47K6NW6Host: www.google.itFired: 6674ms after load
Google (Cdn)
infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: fonts.googleapis.comFired: 2496ms after load
Google (Cdn)
infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: imasdk.googleapis.comFired: 3179ms after load
Google (Cdn)
infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: fonts.gstatic.comFired: 3866ms after load
Akamai
infoCookieFunctionalAkamai

Akamai cookie "AKA_A2" set before consent — Used for Akamai's Advanced Acceleration feature, intended to improve web performance

Cookie: AKA_A2Domain: .dailymail.co.ukRetention: 1 hour or longer
infoCookieFunctionalTripadvisor

Tripadvisor cookie "RT" set before consent — This cookie is used to identify the visitor through an application. This allows the visitor to login to a website through their LinkedIn application for example.

Cookie: RTDomain: .dailymail.co.ukRetention: 399 days
infoStorageFunctionallocalStorage availability probe

localStorage availability probe (null) wrote "__storage_test__" to localStorage before consent

Key: __storage_test__Type: localStorageFired: 2469ms after load
infoCookieFunctional

Akamai bot management session — necessary for site protection

Cookie: ak_bmscDomain: .dailymail.co.uk
infoCookieFunctional

Akamai bot management — necessary for site protection

Cookie: bm_svDomain: .dailymail.co.uk

Check your own website's compliance

Free scan — no account required

Scan my site free →