AuditDrishti · the free first scan

An editorial audit of your tracking stack. Delivered in under two minutes.

Two-pass Playwright scan under default and consent-denied conditions. 155+ ad and analytics vendors detected, consent violations flagged, PII leakage caught, multi-browser performance gaps measured, CSP and cross-domain attribution issues surfaced. Editorial PDF in your inbox in under two minutes. First scan free, work email only (Gmail, Yahoo, Outlook, iCloud aren’t eligible).

Run my free auditor read how it works first ↓
# paste a URL · two-pass scan · PDF in < 2 min · no signup, no card, no sales call
# scans_against

Every regulation that actually shows up in a regulator letter.

  • Consent Mode v2
  • GDPR (EU)
  • DPDP 2023 (India)
  • CCPA + GPC
  • ePrivacy
  • PCI DSS 4.0
  • Australian Privacy Act
  • UK GDPR & PECR
# the_57_checks

Eight categories. Consent and PII lead.

Because a single tag firing before consent is the one finding that ends up in a regulator letter. After that, GTM plumbing, GA4 config, attribution, ecommerce, server-side, app. Every tag, every signal, tested in a real browser, not against a copy of your source code.

primary

Consent & Privacy

10 checks
  • Consent Mode v2 params
  • CMP integration test
  • Default consent state
  • GPC signal handling
  • Cookie banner behaviour
  • Consent persistence
  • Region-specific rules
  • Pre-consent tag firing
  • Privacy policy linkage
  • Data processing basis
primary

Data Quality & PII

5 checks
  • PII leak scanning
  • Duplicate event detection
  • Event parameter schema
  • Bot traffic filtering
  • Sampling threshold check

GTM Health

8 checks
  • Container load time
  • Tag firing order
  • Duplicate containers
  • Version recency
  • Custom template audit
  • Trigger misconfiguration
  • Variable scoping
  • Preview mode leaks

GA4 Configuration

10 checks
  • Measurement ID validation
  • Enhanced measurement settings
  • Cross-domain setup
  • Internal traffic filters
  • Data retention settings
  • Custom dimensions mapping
  • Conversion events setup
  • Debug mode detection
  • Data stream health
  • User properties config

Attribution

7 checks
  • UTM parameter capture
  • Referral exclusions
  • GCLID / FBCLID passthrough
  • Attribution model config
  • Cross-device tracking
  • Organic search detection
  • Campaign timeout settings

Ecommerce

8 checks
  • Purchase event schema
  • Product impression firing
  • Add-to-cart tracking
  • Checkout funnel steps
  • Revenue data accuracy
  • Refund event handling
  • Promotion tracking
  • Currency code format

Server-Side

5 checks
  • sGTM endpoint detection
  • First-party domain setup
  • Transport protocol check
  • Payload enrichment
  • Client deduplication

App Tracking

4 checks
  • Firebase SDK config
  • Deep link attribution
  • App + web ID linking
  • Push notification events
# url_to_fix_plan

Paste your URL. Get a fix plan in under five minutes.

No calendar invites, no scoping calls, no NDA. Paste, wait, download.

01

Paste your URL

One field. No signup, no card, no sales call. The crawler hits your live pages the moment you submit. Work email only, because the report goes to your inbox and it has to be one a regulator would believe.

02

57 checks against live runtime

Real Chromium browsers load your pages, accept and reject consent, trigger ecommerce flows, and capture the actual network behaviour. Two passes, default consent and consent-denied, so we see what changes when a visitor opts out. Not a static scan of your source code.

03

Editorial PDF, severity rated

Every finding ranked P1, P2, or P3 with the evidence, the regulation cited, a cost estimate on the data or exposure, and the exact fix your dev team can ship. 10 pages of editorial writing, not a CSV dump. Designed to forward to legal without an explainer email.

# vs_what_youre_doing_today

A legal review grades your policy. AuditDrishti grades your tags.

A DIY checklist grades your intent. Neither reads what your tags actually do in a visitor’s browser. That’s the only grade that matters when a regulator opens a file.

Legal / agency reviewAuditDrishti
Price$2,000 to $5,000Free for the first 5
Turnaround2 to 4 weeksUnder 5 minutes
What gets testedPolicy text, cookie tableLive runtime, real browsers
Checks20 to 30, manual57, automated
EvidenceScreenshots in a slide deckNetwork logs and HAR captures
Re-run after fixesPay the full fee againRe-run on demand
# what_a_real_report_looks_like

Redacted from a recent scan. Two P1s on a mid-size store.

Seven issues found. Both P1s regulator-grade. This is the kind of thing nobody on the team knew was broken.

example-store.com

# scanned 12 apr 2026 · 57 checks complete

7
issues found
82
compliance score
50
checks passed
2 P1 critical 2 P2 warning 3 P3 info
P1. Meta Pixel fires before consent on landing pagesFour pageviews observed with _fbp set before the CMP returns. GDPR Art. 6 lawful basis, CCPA sale disclosure. Fix: gate the tag behind the CMP callback, see page 4.
P1. Consent Mode v2 missing ad_user_data & ad_personalizationGoogle tags default to granted without the v2 signals. EEA ad personalization and DMA both triggered. Fix: update default consent state in GTM, see page 5.
P2. GPC signal ignored for California visitorsNavigator.globalPrivacyControl=true detected, tags fire anyway. CCPA and CPRA treat GPC as a valid opt-out.
P2. Email leaking into GA4 page_locationOrder-confirmation URLs include ?email=user@.... GA4 ToS violation, DPDP 2023 personal data. Fix: add a page_location rewrite rule, see page 7.

Running these audits for your clients?

White-label the PDF, drop your logo on the cover, keep 30% recurring on anything they put on a paid plan. The TagDrishti Agency Partner Program was built for analytics consultancies that already charge for audits and want the engine to scale with them.

See the partner program
# questions_before_running_this

The ones that come up on every scoping call.

Is this a legal opinion?
No. This is a technical audit of what your tags actually do at runtime, under which consent states, on which pages. Whether your business model survives a regulator, counsel has to answer that. But in every engagement we’ve run, the finding that got cited was a tag fire, not a policy clause. That’s the layer we test.
Which regulations does this map to?
Consent Mode v2 (Google’s March 2024 mandate), GDPR, DPDP 2023, CCPA and CPRA with Global Privacy Control, the ePrivacy Directive, and PCI DSS 4.0 client-side integrity (6.4.3). Every finding in the PDF cites the specific article or control it’s tied to.
Do you capture visitor PII?
No. The crawler visits as an anonymous browser and logs tag network requests, consent signals, and cookie state. No real visitors are involved, no PII is retained. Evidence in the PDF is redacted before rendering.
Why work email only?
The audit is free to run, but the report has to land somewhere a regulator would believe. Free providers (Gmail, Yahoo, Outlook, iCloud) are blocked at the form, not to gate-keep, but because audit reports forwarded from a Gmail address don’t survive a compliance review. Use the address on your business card.
Can we re-run after shipping fixes?
Yes, and most teams do. Audit, triage, fix over a sprint, re-run to prove the score moved before the next leadership review or counsel check-in. First 5 audits per account are free.
How is this different from continuous monitoring on TagDrishti?
The audit is a point-in-time sweep, useful for a compliance checkpoint, a diligence file, or a board update. Continuous monitoring runs the same 57 checks on live visitor sessions and alerts the moment a deploy breaks one of them. Same engine. Audit when you need a snapshot, monitor when you need a heartbeat.
first scan free · work email only

Run the audit. See what’s broken.

Two-pass browser scan under default and consent-denied conditions. 155+ ad/analytics vendors, consent violations, PII leakage, multi-browser performance gaps, CSP and cross-domain attribution all checked. Editorial PDF in your inbox in under two minutes.

Run my free auditFor agencies running these at scale
no signup, no cardPDF in < 2 min155+ vendors detectedfirst scan free