Pre-Consent Cookie Tracking Checker
Find out if your site drops cookies or fires trackers before a visitor touches your consent banner. Tested across three fresh-browser sessions and up to 15 geographic regions - the same method regulators use.
Why pre-consent tracking is a compliance risk
Installing a cookie banner is not enough if tracking fires before it is shown. Four reasons this matters:
GDPR Article 5(1)(a)
Personal data cannot be processed before a valid legal basis exists. For most tracking cookies, that means prior consent - obtained before the cookie is set, not after.
ePrivacy Directive Article 5(3)
Storing or accessing non-essential information on a device requires prior informed consent. The banner appearing after the cookie is already set is not compliant.
Google Consent Mode v2 (required since March 2024)
Google requires correct Consent Mode v2 signals for all EU/EEA sites running Google Ads. Analytics and advertising tags firing before consent is a direct violation.
Regulator enforcement
CNIL (France), ICO (UK), Garante (Italy), and other DPAs use automated scanners to detect pre-consent violations. Fines reach up to €20M or 4% of global annual turnover.
What we check in the pre-consent phase
Every item below is recorded before any banner is shown - the evidence that matters most to regulators.
Cookies set before the banner displays
Every cookie in the browser jar from the moment the page starts loading - before any banner is visible and before any click happens. These are the cookies a regulator sees first.
Network requests to tracking domains
Every outbound request to known advertising, analytics, and tracking domains during the pre-consent phase, including pixel fires, beacon calls, and fingerprinting endpoints.
Third-party scripts loaded without consent
Any script from a third-party domain that executes before consent is detected and categorized by type (analytics, advertising, or functional) with a risk score.
Google Analytics and Meta Pixel early firing
GA4, Universal Analytics, and Meta Pixel are specifically checked for data transmission during the pre-consent phase - the most common finding on GTM-heavy sites.
How we test - three sessions, not one
Most free scanners run a single browser pass. We run three separate fresh sessions so results cannot contaminate each other.
3 separate fresh-browser sessions
No interaction (S1), Accept All (S2), and Reject All (S3) each start from a completely clean profile. One session cannot contaminate another.
Up to 15 geographic regions
Tested from actual EU, UK, US-California, US-Texas, Canada, Brazil, and other jurisdiction IPs - not a simulated location header or VPN.
Phase-bucketed capture
Every cookie and network request is tagged by phase: pre-banner load, banner present, post-interaction. You see exactly when each tracker fires in the session timeline.
Not an inference
We observe real browser cookie jars and network logs - the same evidence a regulator would see if they visited your site manually.
Related: Google Consent Mode v2 Checker · Dark Pattern Detector
Check your site for pre-consent tracking
Cookie Compliance Checker is launching soon. Join the waitlist for early access and be among the first to scan your site.