Tool
Measurement Health Check
One URL. One scan. Measurement and privacy in one report. 20+ checks across GA4, Consent Mode V2, pre-consent cookies, performance, and security, free, no account.
20+ checks in < 20 s
GA4, Consent Mode V2, pre-consent cookies, security headers, straight from HTML, cookies, network requests.
Free · no account
No newsletter wall, no tracking pixel on your site. One URL in, one verdict out.
EU-hosted · cookieless
Scan runs server-side in Falkenstein, result stays in the browser. Your URL is not stored.
Tracking core
GA4, GTM, dataLayer, server-side …
Consent & privacy
Consent Mode V2, TCF v2.2, pre-consent cookies …
Performance & UX
Tracking payload, 3rd-party scripts, Privacy Sandbox …
Security & bots
HTTPS, security headers, robots.txt, AI-bot policy …
-
What does the tool check?
20+ technical checks across four categories, all derived from the HTML, cookies, and network requests of a publicly reachable URL. No login, no tracking code on your site.
- Tracking core: analytics tag, dataLayer, tag manager, server-side tracking, server-side event APIs (Meta CAPI, TikTok, LinkedIn, Enhanced Conversions)
- Consent & privacy: Consent Mode V2, IAB TCF v2.2, cookie banner detection, pre-consent cookies & scripts, 3rd-party cookies
- Performance & UX: tracking payload, third-party scripts, Privacy Sandbox (Core Web Vitals + Lighthouse audit are part of the Audit Sprint, not the free scan)
- Security & bots: HTTPS, security headers (HSTS, CSP, XFO), meta tags, JSON-LD, robots.txt, AI bot policy, llms.txt
-
Which analytics tools are checked?
GA4, GTM, Plausible (detected but not deep-checked), Matomo / Piwik PRO (detected). Server-side tracking (sGTM, stape.io, custom endpoints) is only visible indirectly, see the "What this tool can't see" note in the result.
-
What does a red check mean?
Red means the check failed, e.g. no analytics tag found, Consent Mode V2 missing, pre-consent cookies set. A red check isn't a compliance violation yet, but a concrete item for setup review.
-
Why is the tool free?
Because an honest quick check tells you whether it's worth looking deeper. If three or more checks come back red, a proper audit is the next conversation. If everything's clean, you don't need us, and we say so.
-
What does this tool not see?
From the HTML, cookies, and network requests of a public page we can't detect:
- Server-side tracking (sGTM, Stape, custom endpoints)
- Conversion APIs (Meta CAPI, Google Enhanced Conversions, TikTok Events API)
- Anything behind the browser. BigQuery export, dbt models, CDPs, data warehouses
- Cookieless tools without detectable DOM selectors (Fathom, Pirsch, certain Plausible setups)
-
Are the scanned URLs stored?
Not by default. If you request the report by email, your address goes into our EU-hosted lead list (Listmonk, data-minimised). Otherwise everything runs server-side without persistence.
-
What are pre-consent cookies and why are they a problem?
Pre-consent cookies are set before the user agrees to the cookie banner. Under GDPR and ePrivacy they're only permitted if strictly necessary, analytics, marketing, or personalisation cookies don't qualify. They're the most common cause of CMP complaints to supervisory authorities.
-
Can the tool replace a proper audit?
No. 20+ checks vs. 60+ in a real audit. The tool is an early-warning system, not a compliance certificate. If multiple checks come back red or amber, a proper audit is the next conversation.
-
What does an Audit Sprint cost?
€2,400 net fixed price, 10 working days, prioritised action plan including server-side, data pipelines, and data quality. More under Request an Audit Sprint.