ModeConsentRun a Free SentinelScan
CMP Audit

CMP implementation audit

A CMP implementation audit for teams that need to prove their banner, categories, blocking rules, GTM logic, and browser storage behavior work together.

Implementation context

Start from observable behavior, then repair the consent contract.

A CMP audit should not stop at whether the banner exists or whether a dashboard says a setting is enabled.

ModeConsent tests whether the CMP actually controls scripts, cookies, local storage, Google consent signals, GTM triggers, and vendor requests in the browser.

The audit is designed for teams that need to know whether their consent platform is enforcing choices across pages, templates, regions, subdomains, and high-value conversion paths.

What breaks

The failure pattern usually starts before the dashboard can see it.

01

CMP configuration drifts from the site

New tags, templates, plugins, and embedded vendors can bypass a once-correct CMP setup.

02

Reject and withdrawal paths are under-tested

Many implementations validate accept flows but miss reject-all, granular choice, revisit, and consent withdrawal.

03

Storage and requests tell a different story

The banner can say one thing while cookies, local storage, and network calls show collection happened earlier.

04

CMP scope is narrower than the site

Subdomains, embedded tools, ecommerce apps, forms, chat widgets, and hard-coded scripts may sit outside the CMP's practical control.

How ModeConsent fixes it

Repair the consent system where visitors and tags actually interact.

  1. 01

    Run browser-state tests

    ModeConsent captures storage, requests, scripts, and visible banner state before choice and after each consent path.

  2. 02

    Map CMP categories to execution

    The audit ties each category to GTM triggers, Consent Mode signals, vendor scripts, and blocking rules.

  3. 03

    Prioritize repairs by exposure

    Findings separate legal exposure, measurement quality issues, and governance work so the buyer can act quickly.

  4. 04

    Build the implementation map

    The final deliverable connects categories, vendors, tags, storage, requests, regions, and owners so the CMP can be repaired as a system.

Why this is urgent

Platform and regulator requirements now point at implementation evidence.

Google Ads Consent Mode updates

Google states that EEA advertisers must collect consent and share consent signals with Google to keep using applicable tags for measurement, ad personalization, and remarketing.

SourceGoogle EU User Consent Policy help

Google says advertisers with EEA traffic need to pass end-user consent choices to Google, and that adopting a CMP does not automatically guarantee compliance because implementation matters.

SourceICO cookie compliance enforcement

The ICO continues to test cookie compliance, including whether advertising cookies are stored before choice, whether reject is as easy as accept, and whether cookies are placed without consent.

Source
Related work

Adjacent pages in the consent stack.

Services

CMP Implementation

Configuration and repair for consent management platforms where banner categories, tag firing, storage behavior, and analytics rules must agree.

View pagePlatforms

/platforms/cmps/

View pageResources

Cookie Banner Failures

The common technical failures that make cookie compliance look correct in a CMP dashboard while scripts still collect data in the browser.

View pageCompliance

Browser-Level Audits

Evidence-led audits that show what fires, what stores data, what changes by region, and whether consent choices are honored in production.

View page
Request audit

Need evidence for the live consent stack?
Start with browser behavior.

Request Compliance Audit