Scan your site free
Consent & Tracking Compliance · US Websites

Your website is probably tracking visitors before they consent. We can prove it — and fix it.

We passively scan your site the way a plaintiff's firm would: no login, no clicks, just a request log showing which tracking pixels and session-replay tools fire before any consent decision. Then we fix it at a fixed price and keep it fixed.

Free scan & reportNo call requiredEngineers, not lawyers

4,000+website "wiretapping" lawsuits filed since 2024
~$15,000typical settlement per demand letter
$1.35MCPPA fine against Tractor Supply (2025)
$5,000statutory damages per violation under CIPA
Figures from public court filings and California Privacy Protection Agency enforcement actions (Tractor Supply, Sept 2025; Honda, $632,500, March 2025).
Free scan

See what's firing on your site — right now.

Enter your domain. We run the same passive scan a plaintiff's firm would, and show you the result with a fixed-price quote — on this page, in about a minute.

We scan public pages only, passively, with an identified user agent. Your email is used to send you the full report and follow-ups about your result — unsubscribe anytime.

Loading your site like a first-time US visitor…

How it works

From evidence to fixed — in one sprint.

1

Passive scan

We load your site exactly like a first-time US visitor who hasn't touched a consent banner — and log every tracking request that fires anyway, with timestamps and URLs.

2

Evidence report

You get the request log in plain English: which vendors fired, before what, and how the same evidence looks in a demand letter. Plus your email-security (DMARC) status.

3

Fix sprint

Fixed-price engagement: consent-gate every tag, install or rewire your consent platform, set up DMARC. Most sprints complete within days, verified by re-scan.

4

Monitoring

Tags creep back in with every marketing campaign. We re-scan on a schedule and alert you before a plaintiff's firm notices — with a monthly compliance record.

What the scan surfaces

Only client-side, observable facts.

Ad & analytics pixels firing pre-consent

Meta, TikTok, Google Ads, Pinterest, Snap, Bing, LinkedIn and ~30 more vendor signatures — each logged with timestamp and evidence URL.

Session-replay tools

Hotjar, Microsoft Clarity, FullStory, LogRocket and similar recorders — the highest-risk category in current litigation.

Consent banner reality check

Whether a consent platform is present — and whether your tags actually respect it, or silently leak around it.

Email security (DMARC/SPF)

Roughly 85% of domains have no DMARC record, leaving their brand open to spoofing. We check yours and set it up correctly.

Pricing

Fixed-price sprints. No hourly billing.

Essential — Consent Fix

$2,500
+ $199/mo monitoring
  • Consent-gating for all tags
  • Verification re-scan
  • For simple sites: consent platform in place, few tags
Start with a report

Full Coverage

from $5,000
+ $499/mo monitoring
  • Everything in Shield
  • Session-replay remediation, high tag counts
  • Accessibility (WCAG) quick wins
Start with a report

Final sprint price depends on tag count, platform and consent setup — your scan report includes the exact quote. Compare either number against a single ~$15,000 settlement.

Who we are

Engineers, not lawyers.

We don't practice law, and we don't tell you whether you'll be sued. We document what any visitor's browser can observe on your website — which requests fire, to whom, and when — and we change what those facts are.

Everything we report is client-side and verifiable: you can reproduce every finding in your own browser's network tab. If you need legal advice on top of the engineering, we're happy to work alongside your counsel.

Scan us back. This page makes zero third-party requests — no pixels, no analytics, no fonts CDN, nothing. Open your network tab and check. That's the standard we hold your site to.
FAQ

Common questions.

How did you scan my site without my permission?

The scan is passive: it loads your public website once, the same way any visitor's browser does, and records which requests your own pages make. No login, no forms, no probing — just observation of publicly served assets, with an identified user agent.

We have a cookie banner. Aren't we covered?

A banner alone is the most common false comfort. In most scans where a consent platform is present, tags still fire before the visitor makes any choice — that gap between banner and behavior is exactly what current lawsuits target. The request log shows whether yours holds.

What happens after the fix sprint?

You get a verification re-scan showing the before/after request logs. Ongoing monitoring then re-scans your site on a schedule, because every new campaign tag or theme update can silently reintroduce pre-consent tracking.

Is this only about California?

California's CIPA drives the largest volume of claims, but similar suits are active in Pennsylvania, Florida, Illinois and Arizona, and roughly 20 states now have privacy statutes. The report also covers email security (DMARC), which is jurisdiction-independent.

Get the same evidence a plaintiff's firm would find — before they do.

Reply to our email or request your report here. You'll get the full request log and a fixed quote. No call, no commitment.

Request your scan report