Consent Scanner
Consent Scanner is a diagnostic tool that verifies your Google Consent Mode implementation is working correctly across your website. It scans pages using a headless browser to check that DataGrail Consent is properly capturing user consent before Google tags fire:
- GTM Installation — Is Google Tag Manager present on the page?
- Managed Container — Is the GTM container managed by DataGrail Consent?
- Consent Settings — Are default consent settings configured correctly?
- Timing — Do consent settings load before Google tags fire?
- All Consent Types — Are all 7 required Google consent types defined?
- Default State — Are consent types defaulted to "denied" before the user provides consent?
Consent Scanner is currently in beta. Access it from the Consent Scanner tab in Consent.
Scan History
The main Consent Scanner page displays a scan history table showing all past scan jobs. Each row includes:
| Column | Description |
|---|---|
| Date | When the scan was run |
| Status | Completed, In Progress, or Failed |
| Trigger | Whether the scan was started manually or on a schedule |
| Results | Count of pages that passed and failed |
Select any scan job row to view its full results, including per-URL pass/fail status, HTTP response codes, issue categories, and scan timing.
Automated scans run weekly on a recurring schedule.
Managing URLs
URLs are managed through the Manage URLs drawer, accessible by selecting the Manage URLs button on the Consent Scanner page.
Add URLs
The Manage URLs drawer provides two ways to add URLs:
- Navigate to Consent → Consent Scanner.
- Select Manage URLs.
- Select Add URLs to enter URLs manually (one per line, up to 100 per request), or select Import Sitemap to bulk import from a
sitemap.xmlURL.
All URLs must use https:// and belong to verified domains in DataGrail. Your allowed domains are configured under your Consent settings. If you need additional domains, reach out to support@datagrail.io.
Add 5–10 key pages that represent different templates on your site (homepage, product pages, checkout, blog posts, etc.) rather than scanning every page.
Search and Filter
The Manage URLs drawer supports searching by URL and filtering by:
- Domain — Filter by website domain
- Source — Manual or Site Map
- Status — Passed, Failed, or Not Scanned
- Scan Inclusion — Included or Excluded
Include and Exclude URLs
Each URL can be toggled between Included and Excluded status. Only included URLs are scanned. To update URLs in bulk, use bulk select mode to select multiple URLs and then choose Include, Exclude, or Delete.
Running a Scan
To start a scan:
- Navigate to Consent → Consent Scanner.
- Select Scan URLs.
- Review the number of pages included in the scan.
- Optionally check Update Public Report to regenerate the public compliance report with the new results.
- Select Start Scan.
Scan progress updates in real time on the page. The Scan URLs button changes to Scanning... while a scan is in progress.
After starting a manual scan, you must wait 1 hour before starting another. The button tooltip shows when the next scan is available.
Understanding Results
Select a scan job from the history table to view detailed per-URL results.
Scan Job Details
The scan job detail page shows:
- Passed / Failed metric cards with aggregate counts
- Job details sidebar with start time, duration, status, trigger, and total URLs scanned
- Results table with per-URL breakdown
The results table includes the following columns:
| Column | Description |
|---|---|
| URL | The scanned page URL and detected GTM container ID |
| Status | Passed, Failed, or Pending |
| HTTP | HTTP response code returned by the page |
| Issue | The issue category (for failed pages) |
| Consent Type | Which Google consent types were detected |
| Scan Time | How long the individual page scan took |
Status Indicators
Each scanned URL displays one of the following statuses:
| Status | Meaning |
|---|---|
| Passed | Page has correctly configured Consent Mode |
| Failed | Consent Mode issue detected (see issue type below) |
| Pending | Scan is in progress for this URL |
Issue Types
When a page fails, the issue category explains what went wrong:
| Issue | What It Means | How to Fix |
|---|---|---|
| GTM Not Detected | Google Tag Manager isn't on this page | Add the GTM snippet to the page |
| GTM Not Managed | GTM container isn't managed by DataGrail | Verify GTM integration in Consent settings |
| Consent Mode Not Found | Default consent state isn't set | Check your Consent Policy configuration |
| Default Granted Without Consent | Consent types are set to "granted" before the user consents | Update your default consent state to "denied" in Category Mapping |
| Missing Consent Types | Not all 7 Google consent types are defined | Review your Category Mapping in Consent settings |
| Page Load Error | The page returned an error or couldn't be loaded | Verify the URL is accessible and returns a valid response |
| Request Timeout | The page took too long to respond | Check that the page loads within 15 seconds |
| Invalid URL | The URL format is invalid or unresolvable | Verify the URL is correct and publicly accessible |
Public Compliance Report
You may need to provide proof that your Consent Mode implementation is verified to Google Advertising Partners. Consent Scanner generates a shareable public compliance report for this purpose.
Generating Your Report
The public compliance report section appears on the Consent Scanner page with three actions:
- View Report — Opens the public report in a new tab
- Copy Link — Copies the report URL to your clipboard
- JSON Report Link — Copies the machine-readable JSON report URL
The public report shows your company name, list of scanned URLs with pass/fail status, and the scan timestamp. No sensitive implementation details are included.
Updating the Report
Public reports are automatically regenerated during weekly scheduled scans. For manual scans, check the Update Public Report checkbox in the scan confirmation dialog before selecting Start Scan.
When a public report is regenerated, an email notification is sent to users with the Administrator, Consent Management Admin, or Consent Management Edit role. The email includes pass/fail counts, newly failed and resolved URLs, and a link to the report.
Scanner Details
The following technical details can help troubleshoot connectivity issues with the scanner.
User-Agent — The DataGrail scanner identifies itself with this User-Agent header:
DataGrail-Consent-Scanner/1.0 (+https://datagrail.io/consent-scanner)
If your site has bot protection that blocks scans, add this User-Agent to your allowlist.
IP Addresses — Scans originate from AWS in the us-east-1 region. Contact support@datagrail.io for specific IP ranges if needed for firewall rules.
Limits
The following limits apply to Consent Scanner:
| Limit | Value |
|---|---|
| URL records per account | 100 |
| URLs per add request | 100 |
| Manual scan cooldown | 1 hour |
The 100 URL record limit applies to the total number of URLs you can add to your account (manually or via sitemap import). All included URLs are scanned in each scan job.
Troubleshooting
If you encounter issues with Consent Scanner, expand the relevant section below for guidance.
"Unable to scan" or page load error
The page couldn't be loaded. Common causes:
- Page requires authentication (Consent Scanner only scans public pages)
- Page returns a 404 or 500 error
- Page has bot protection blocking the scanner
- Network timeout (page takes more than 15 seconds to load)
"GTM Not Managed" on pages with DataGrail
Verify the following:
- The correct GTM container ID is connected in Consent → Settings → Integrations
- You're testing on pages within your configured domains
- The GTM snippet is loading properly (check browser DevTools)
"Default Granted Without Consent" issue
This means consent types are set to "granted" before the user has interacted with the consent banner. Google requires all consent types to default to "denied" until the user provides explicit consent.
Check your Category Mapping configuration and ensure default consent states are set to "denied."
Public report not updating
Public reports regenerate during weekly automated scans (always) and manual scans (only if Update Public Report is checked in the scan confirmation dialog).
Run a manual scan with the Update Public Report option checked to force an update.
Scan button is disabled
The Scan URLs button may be disabled for one of these reasons:
- A scan is already in progress
- You are within the 1-hour cooldown period after a previous manual scan
- No pages are included for scanning
Hover over the disabled button to see the specific reason.
Related Documentation
For more information, see the following resources:
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.