Free GDPR & Privacy Compliance Checker | Google & Microsoft Consent Mode Audit - AssertionHub
GDPR & Privacy Compliance Auditยท
Free - no account required

Consent Mode
Free Audit

Audit GA4, Google Ads, Microsoft Ads (UET), Microsoft Clarity, Meta Pixel, TikTok, and more against GDPR consent rules, across idle, accept, and deny states.

GA4Google AdsGTMMeta PixelTikTokPinterestMicrosoft Ads (UET)Clarity

Run a free check

๐Ÿ‡ฉ๐Ÿ‡ช Server Location: DE

We auto-detect your tracking vendors and validate consent behavior.

https://

We'll send your report here. We only use this email to deliver your results - no marketing, no follow-ups.

How it works

1

Enter your site

Add your URL and the exact text of your accept and deny buttons.

2

Assertionhub runs the check

A real browser visits your site, clicks accept, then deny, and records every network request.

3

Results in your inbox

You get both Strict and Normal compliance views, per-vendor, per-consent-state.

What's in your report

โ†’

Every tag, in every consent state

Idle, accept, and deny - all three captured with a real browser, real clicks, real network traffic.

โ†’

Per-event breakdown

Not just a pass/fail summary. Every individual network request is listed with its event name, timing, and consent signal.

โ†’

Consent signals per request (GCS & ASC)

See the exact GCS value each Google tag sent and the ASC value each Microsoft UET request carried, not aggregated, per event.

โ†’

Consent state at request time

GTM's internal consent state snapshotted when each event fired. Shows whether the tag used a default or post-interaction value. Covers Google Consent Mode v2 and Microsoft UET Consent Mode.

โ†’

Misconfiguration after accept

Detects tags firing after the user accepts but still carrying a denied signal - a silent CMP misconfiguration error often overlooked.

โ†’

Microsoft Clarity fire/no-fire result

The audit checks whether it fires before consent is granted or after denial. You will also have visibility over the internal consent mode data from Clarity.

โ†’

Strict and Normal side by side

Both compliance interpretations in a single report. No need to run two checks.

Compliance modes

Strict vs Normal

Your report shows both interpretations. Which one applies depends on how strictly you interpret GDPR.

Note: some EU member state regulators have questioned whether GTM itself qualifies as strictly functional, which may push the threshold even further in certain jurisdictions.

Strict

No tracking tag may fire before consent or after denial - period. Even Google tags that send a denied GCS signal count as a violation.

โœ“GTM container fires in all states
โœ“Tags fire after accept
โœ—Tags fire before consent
โœ—GA4 fires with gcs=G100 after deny
Normal

The recommended interpretation. Tags that explicitly signal consent was denied are acceptable. The denial is communicated, not ignored. Applies to both Google (GCS) and Microsoft UET (ASC).

โœ“GTM container fires in all states
โœ“Tags fire after accept
โœ—Tags fire before consent
โœ“GA4 fires with gcs=G100 after deny
โœ“Bing UET fires with asc=D after deny

Google Consent Signal (GCS) values

Sent by GA4, Google Ads, and other Google tags

G100Analytics: deniedAds: deniedBoth denied - sent after user refuses all cookies
G110Analytics: grantedAds: deniedAnalytics ok, Ads denied
G101Analytics: deniedAds: grantedAds ok, Analytics denied
G111Analytics: grantedAds: grantedAll granted - sent after full acceptance

Microsoft Auto-set Consent (ASC) values

Sent by Microsoft Ads (UET / Bing), part of UET Consent Mode

DDeniedConsent denied, acceptable in Normal mode
GGrantedConsent granted, expected after accept

Auto-detected vendors

GA4
Google Ads
GTM
Meta Pixel
TikTok
Pinterest
Microsoft Ads (UET)
Clarity

Frequently Asked Questions

It runs a live three-state test: idle (before consent), after accept, and after deny. It catches tags firing too early, missing consent signals, and vendors ignoring rejection. Covers Google Consent Mode v2 (GCS), Microsoft UET Consent Mode (ASC), and fire/no-fire compliance for Meta, TikTok, Pinterest, and Microsoft Clarity.

Strict: no tag except GTM should fire before consent or after deny, even with a denied consent signal. Normal: Google tags sending gcs=G100 (Advanced Consent Mode) and Bing UET tags sending asc=D after denial are acceptable, as they explicitly signal consent was denied. Both results are shown in every report.

GCS (Google Consent Signal) is sent by Google tags: G100 = analytics and ads both denied, G110 = analytics granted / ads denied, G101 = ads granted / analytics denied, G111 = all granted. ASC (Auto-set Consent) is the equivalent for Microsoft Ads (UET): D = denied, G = granted. In Strict mode, even denied-signal pings are a violation. In Normal mode, both G100 and ASC:D are acceptable.

GA4, Google Ads, GTM, Meta Pixel, TikTok, Pinterest, Microsoft Ads (UET / Bing), and Microsoft Clarity. No configuration needed.

This is a CMP-to-GTM wiring issue. The accept callback is not triggering a consent update before the tag fires. Check that your CMP is calling gtag consent update with the correct granted values, and that your GTM template supports Consent Mode v2. The audit flags this as a misconfiguration separate from a consent violation.

Results arrive in 5-10 minutes to your inbox. No account required.