Check the rendered page, not just the design mockup, so launch blockers are visible before traffic arrives.
Consent verification
Cookie banner audit: your banner is cosmetic if trackers fire before consent.
You added a cookie banner. It looks right. But open DevTools in incognito and you'll see GA4, Meta Pixel, and five other trackers firing before the visitor clicks anything. That's a fake banner. This audit verifies your consent setup is real — not theater.
Built for launch decisions No backend overclaims Evidence before traffic
Trust QA snapshot85
01
Banner appears but trackers already loaded
02
Reject button doesn't block trackers
03
Policy link is broken or missing
OutputAudit packetScore, evidence, severity, manual checks, next fixes
Before launch Practical checklist
Manual checks founders should run before traffic.
This page is the deeper founder checklist. The scanner covers visible public-page signals; backend, auth, payments, and database risks still need human review.
Capture enough evidence that a founder, client, or developer knows exactly what needs to change.
Turn the finding into a specific remediation step instead of a vague compliance note.
Check the rendered page, not just the design mockup, so launch blockers are visible before traffic arrives.
Capture enough evidence that a founder, client, or developer knows exactly what needs to change.
Turn the finding into a specific remediation step instead of a vague compliance note.
Common issues
What polished launches still miss.
For founders who added a consent banner to an AI-built page and want to verify it works, these are the gaps that make a launch feel risky once real visitors, clients, or paid traffic arrive.
Banner appears but trackers already loaded
Scripts in <head> fire before the consent JS initializes. The banner is cosmetic — consent was never obtained.
Reject button doesn't block trackers
Many consent setups only handle Accept. The Reject path leaves analytics firing — which is not valid consent.
Policy link is broken or missing
A consent banner without a working privacy link doesn't meet basic transparency requirements.
Deep dive
What founders who added a consent banner to an AI-built page and want to verify it works need to know before they ship.
A banner that appears but doesn't control tracking is worse than no banner. It creates false compliance while all trackers fire. #1 trust issue in AI-built pages — AI generates the UI but not the consent logic.
1. Open incognito. 2. DevTools → Network → Preserve log. 3. Load page without interacting. 4. Look for google-analytics.com, facebook.com/tr, hotjar.com. If any appear before clicking Accept — banner is cosmetic. 5. Click Reject and reload. Same requests? Reject path broken.
CookieYes, Cookiebot, Termly handle consent when configured. AI builders often add banner script without blocking logic. Or GTM loads before CMP initializes. Fix: load CMP first, gate all tracking behind consent events.
EU, UK, California require valid consent before non-essential tracking. Cosmetic banners are not valid consent. Fines are real — but for early-stage founders, the bigger risk is visitor trust. Users who notice data collected without consent don't return.
FAQ
Fast answers before you scan.
Open incognito, open DevTools Network tab, reload the page. If you see analytics or ad requests before clicking anything — it's not working.
Google's framework that lets GTM/GA4 load in a restricted mode without cookies until consent is given. It's the standard approach for Google tags.
TrustDebt detects the issue and gives you a specific AI Fix Prompt for your framework. You (or your AI coding tool) apply the fix.
Trust before traffic
Check the trust layer before visitors find the gaps.
Create a free account for 3 scans. Use the $29 Launch Audit when you need a written launch decision packet.
Create free account to scan 3 scans on 1 domain. No credit card.