Is your dataLayer & consent setup costing you data?
Instantly audit your GTM dataLayer events and Google Consent Mode v2 posture. Get actionable findings in seconds.
No login required · Free instant report · 30-second scan
What this tool checks
dataLayer Scan — detect GTM events, ecommerce tracking, and custom data pushes
Consent Mode v2 — audit all 7 consent signals and compliance posture
Actionable Report — get scored findings with specific remediation steps
How this scan works — and what it can't see
When you enter a URL, our server fetches your page once — the raw HTML your site returns before any JavaScript runs. We parse that source for the tracking foundation that should be declared there. Every line of your report is something we actually found, or verifiably didn't find, in your page source. No AI guesswork: it reads the sheet music, not the live performance.
What we check
Google Tag Manager containers and Google tag IDs (GTM, GA4, Ads) — including hardcoded tags that bypass GTM
Consent Mode v2 defaults declared in your page source: the exact granted/denied state of all 7 signals, plus update calls, wait_for_update, URL passthrough, and ads data redaction
Your consent platform — signatures for 15 major CMPs (OneTrust, Cookiebot, TrustArc, Usercentrics, Didomi, and more)
Whether your CMP and Consent Mode appear integrated at the source level
dataLayer events written into the initial page HTML
What a static scan can't see
Anything that happens at runtime — we don't execute JavaScript. Many CMPs inject their consent default at runtime, so "Not Set" in your report means not detectable in the page source, not necessarily absent.
Tags your GTM container fires after load — we see the container, not its contents
dataLayer events pushed as users interact: clicks, ecommerce, form submissions
Cookie banner behavior after a visitor accepts or rejects
Server-side tagging — invisible to any page-source inspection
Geo-specific setups — we scan from our server's location, so consent logic shown only to visitors in certain regions may not appear
Only the page you enter — not your whole site, and not pages behind a login
Sites behind aggressive bot protection may serve our scanner different content than real visitors see
Honest by design
One request, that's all — scanning sends a single automated request to your site from our server, with a standard browser user-agent.
What we store — if you unlock your report, we store your email, the URL you scanned, and your three scores — nothing else. The full report stays on this page.
Scores are our rubric — scoring is deterministic and documented; the same page always produces the same report. "Excellent" and "Critical" are our triage labels, not a certification or industry standard.
Not legal advice — a healthy Consent Mode setup is not a GDPR or CCPA compliance verdict. For legal questions, talk to your DPO or counsel.
A static scan tells you whether your foundation is declared correctly. Whether it actually behaves correctly — what fires, when, and under which consent states — takes a runtime audit with GTM Preview and Tag Assistant in a real browser. That's the work we do with clients.