VisualQ

Privacy & GDPR

CMP consent checks, cookie inventory, and policy links with VisualQ's Privacy pillar.

Free plan

Privacy is VisualQ's eighth quality pillar. It measures consent-before-tracking behavior — not tag variable quality (see Tracking) or cookie security flags (see Security scans).

Each audited page runs a triple-run protocol:

  1. Initial — no CMP interaction; capture cookies, network, storage, banner, policy link.
  2. Reject all — assert no analytics/marketing cookies or tracker hits.
  3. Accept all — assert expected trackers can fire when consent is granted.

What it checks

CheckWeightPass criteria
CMP banner present15%Overlay or __tcfapi detected
Reject as easy as accept10%Reject-all control found
No non-essential cookies before action20%No _ga, _fbp, etc. on first load
Zero trackers after reject25%No analytics/ad network hits post-reject
Trackers after accept10%Known trackers fire when site uses them
Cookie inventory classified10%≥80% cookies matched in Open Cookie Database
Privacy policy link10%Visible link in footer or banner

Optional signals (bonus, not penalized if absent): TCF 2.2 TC string, Google Consent Mode v2 defaults.

Automated privacy audits assist compliance reviews — they are not legal advice, certification, or a substitute for DPO review. Policy text adequacy and cross-device consent sync are outside automated scope.

Where to work

SurfacePath
Privacy dashboardProject → Privacy tab
Run detail viewerPrivacy → latest run, or /privacy-viewer?runId=
Run programmaticallyPOST /api/tests/privacy or CI type: privacy
MCPrun_full_audit with pillars: ['privacy']get_pillar_report pillar privacy

Rolling health

Site KPIs use the rolling health model: mean of per-page privacy scores audited in the last 30 days, with coverage shown (e.g. 67% coverage · 8/12 pages). The latest run alone is never the project score.

In this section

On this page