Consent Mode & Tracking ComplianceFree Audit
Validates Google & Microsoft Consent Mode and compliance of Analytics and Marketing vendors
GA4, Google Ads, Microsoft Ads, Meta Pixel etc..
How it works
Enter your site
Add your URL and the exact text of your accept and deny buttons.
Assertionhub runs the check
The tool visits your site, clicks accept, then deny, and validates the consent signals against the detected network requests.
Results on screen
You get both Strict and Normal compliance views, per-vendor, per-consent-state.
What this checks
Your Tracking, in sync with your consent logic
The audit maps every tracking request to the consent state that was active when it fired. You see what loaded before any interaction, what fired after accept, and what fired after deny, and whether each of those matches what your cookie banner is supposed to enforce.
This is a technical check, not legal advice. It does not tell you which privacy law applies to your site or whether your consent notice is legally valid. It tells you whether your tags behave the way your cookie consent expects them to.
Every tag, in every consent state
Idle, accept, and deny - all three states captured and compared against each other.
Per-event breakdown
Every individual network request listed with its event name, timing, and consent signal.
Consent signals per request (GCS & ASC)
The exact GCS value each Google tag sent and the ASC value each Microsoft UET request carried, per event.
Consent state at request time
GTM's internal consent state at the moment each event fired. Shows whether the tag used a default or post-interaction value.
Misconfiguration after accept
Tags that fire after accept but still carry a denied signal - a CMP wiring issue that is easy to miss.
Strict and Normal modes
Switch between both compliance interpretations in one report. No need to run two checks.
GA4 ยท Google Ads
Google Consent Mode v2
GA4 and Google Ads support Advanced Consent Mode. When correctly configured, they attach a GCS signal to each request indicating whether consent was granted or denied. The audit reads that value on every individual request and flags anything that doesn't match the user's actual consent state.
Microsoft Ads ยท Clarity
Microsoft UET Consent Mode
Microsoft Ads (UET) has its own consent signal called ASC. A value of asc=D means denied, asc=G means granted. Microsoft Clarity also reports a consent state. The audit validates both: the correct ASC value on every UET request, and Clarity's consent configuration against what was actually clicked.
Meta Pixel ยท TikTok ยท Pinterest
Cookie consent compliance for other tags
Meta Pixel, TikTok, and Pinterest have no consent signal mechanism. The only compliant behavior is to not fire before the user has interacted, and to not fire after deny. Any request detected in either of those states is flagged as a violation, regardless of what the tag contains.
Full report
Per-vendor, per-state breakdown
Every vendor detected on your site gets its own row. For each one you see the result across all three consent states: before interaction, after accept, and after deny. Drill into any row to see the individual network requests, the exact event names, and the consent signals attached.
Compliance modes
Strict vs Normal
Your report shows both interpretations. Which one applies depends on how strictly you interpret GDPR.
Note: some EU member state regulators have questioned whether GTM itself qualifies as strictly functional, which may push the threshold even further in certain jurisdictions.
No tracking tag may fire before consent or after denial - period. Even Google tags that send a denied GCS signal count as a violation.
The recommended interpretation. Tags that explicitly signal consent was denied are acceptable. Applies to both Google (GCS) and Microsoft UET (ASC).
Google Consent Signal (GCS) values
Sent by GA4, Google Ads, and other Google tags
G100Analytics: deniedAds: deniedBoth denied - sent after user refuses all cookiesG110Analytics: grantedAds: deniedAnalytics ok, Ads deniedG101Analytics: deniedAds: grantedAds ok, Analytics deniedG111Analytics: grantedAds: grantedAll granted - sent after full acceptanceMicrosoft Auto-set Consent (ASC) values
Sent by Microsoft Ads (UET / Bing), part of UET Consent Mode
DDeniedConsent denied, acceptable in Normal modeGGrantedConsent granted, expected after acceptAuto-detected vendors
GA4Google AdsGTMMeta PixelTikTokPinterestMicrosoft Ads (UET)ClarityFrequently Asked Questions
It runs a live three-state test: idle (before consent), after accept, and after deny. It catches tags firing too early, missing consent signals, and vendors ignoring rejection. Covers Google Consent Mode v2 (GCS), Microsoft UET Consent Mode (ASC), and fire/no-fire compliance for Meta, TikTok, Pinterest, and Microsoft Clarity.
Strict: no tag except GTM should fire before consent or after deny, even with a denied consent signal. Normal: Google tags sending gcs=G100 (Advanced Consent Mode) and Bing UET tags sending asc=D after denial are acceptable, as they explicitly signal consent was denied. Both results are shown in every report.
GCS (Google Consent Signal) is sent by Google tags: G100 = analytics and ads both denied, G110 = analytics granted / ads denied, G101 = ads granted / analytics denied, G111 = all granted. ASC (Auto-set Consent) is the equivalent for Microsoft Ads (UET): D = denied, G = granted. In Strict mode, even denied-signal pings are a violation. In Normal mode, both G100 and ASC:D are acceptable.
GA4, Google Ads, GTM, Meta Pixel, TikTok, Pinterest, Microsoft Ads (UET / Bing), and Microsoft Clarity. No configuration needed.
This is a CMP-to-GTM wiring issue. The accept callback is not triggering a consent update before the tag fires. Check that your CMP is calling gtag consent update with the correct granted values, and that your GTM template supports Consent Mode v2. The audit flags this as a misconfiguration separate from a consent violation.
Results appear live on screen in 5-10 minutes. No account required.
Good things take time.
Hopefully not too much, otherwise
refresh.