A AttributionGuard — Runtime Consent Enforcement Verification
AttributionGuard
Public-page runtime verification for consent enforcement
Browser-level monitoring

Consent banners ≠ consent enforcement.

Browser-level verification for consent enforcement failures that surface-level CMP checks miss.

AttributionGuard observes real browser behavior under different consent states and documents what actually executes. No cookies. No trackers. No sales funnel.

Sample report output

A real example of the evidence pack: multi-state runs (Default / Reject / Accept), with network + storage artefacts and a severity summary engineers can validate independently.

High
Violations
Medium
Issues
Low
Observations

Best viewed as a standalone artefact (shareable URL / printable / PDF-friendly). The site stays clean; the report stays “evidence-like”.

View real anonymised report → How to interpret this report

This is a genuine browser-run audit output. Identifiers have been removed; structure and artefacts are unchanged.

Why this matters (technical)

  • Consent enforcement depends on execution order, not banner presence.
  • Race conditions allow analytics or marketing scripts to fire before consent is initialized.
  • Multi-container GTM, template changes, or vendor updates frequently introduce enforcement drift.
  • Internal QA can pass while production behavior changes silently.
A CMP can be configured correctly while runtime behavior still violates the intended consent state.

What is actually tested

  • Default pre-interaction behavior
  • Reject explicit reject state
  • Accept explicit accept state
  • Network requests (endpoints, parameters, timing)
  • Storage writes (cookies, localStorage, sessionStorage)
  • Consent signals and execution sequencing

This is external runtime verification. It is not a CMP, not legal advice, and not remediation services.

Evidence (aggregate, non-accusatory)

19.8%
High-severity violations
39.4%
Medium-severity issues
1,466
Public pages scanned

Sample consists of public pages only. Scans are automated, repeatable, and evidence-backed. Findings reflect common engineering oversights — not intent or wrongdoing.

What AttributionGuard is (and is not)

AttributionGuard provides external observability into consent enforcement by comparing runtime behavior across consent states. It produces deterministic artefacts that engineers can independently validate.

It does not judge legality, assign blame, exploit findings, or pressure organizations.

To understand how this works, see Methodology. For scale-level results without naming sites, see Findings.