ZenovayTools

Consent Leak Detector

Detect trackers that load before your consent banner, leaking data without user permission. Check Consent Mode v2 configuration.

How to Use Consent Leak Detector

  1. 1Enter your website URL.
  2. 2The tool checks if trackers load before your consent management platform.
  3. 3Review confirmed and likely consent leaks per tracker.
  4. 4Check your Google Consent Mode v2 default settings.
Zenovay

Track your website performance

Real-time analytics, session replay, heatmaps, and AI insights. 2-minute setup, privacy-first.

Try Zenovay Analytics — Free

Related Tools

GA4 Health CheckerAudit your Google Analytics 4 setup for duplicate tracking, consent mode issues, deprecated UA scripts, and data layer problems.
Analytics AdvisorCompare 14+ analytics platforms on pricing, privacy compliance, features, and GDPR readiness. Find the right tool for your needs.
Privacy Policy AuditorDetect third-party scripts on your site and check if each one is properly disclosed in your privacy policy. Get a compliance score.
Privacy Law CheckerAnalyze your website to determine which privacy laws (GDPR, CCPA, LGPD, PIPEDA, APPI) apply based on audience signals.

Frequently Asked Questions

What is a consent leak?
A consent leak occurs when trackers or analytics scripts load and send data before the user has given consent via a cookie banner (CMP). This is a GDPR violation because personal data is processed without a legal basis.
What is Google Consent Mode v2?
Consent Mode v2 is a Google feature that controls how Google tags behave based on user consent. It requires setting default values for analytics_storage, ad_storage, ad_user_data, and ad_personalization before any tags fire. All four parameters must be denied by default for GDPR compliance.
What does "confirmed leak" mean?
A confirmed leak means a tracker was found loading without any consent management platform (CMP) present, or the tracker appears in the HTML before the CMP with no Consent Mode protection. Data is very likely being sent before consent.
How does this tool detect leaks?
We fetch your page HTML and compare the position of CMP (consent banner) scripts against tracker scripts. If trackers appear earlier in the source than the CMP, they likely execute first. We also check if Google Consent Mode v2 defaults are set to mitigate this.
Is my site safe if I get an A grade?
An A grade means no confirmed or likely pre-consent data leaks were detected in your HTML source. However, this is a static analysis. Dynamic script loading, tag manager configurations, and server-side processing may introduce leaks not visible in the HTML.
What should I do if leaks are detected?
First, implement Google Consent Mode v2 with denied defaults before any tags. Second, ensure your CMP script loads before all tracker scripts. Third, configure your tag manager to respect consent signals before firing tags.