Polaris Audit

Technology

CMPs check the banner. Polaris audits the network.

A green “Compliant” light in your CMP dashboard only confirms that the script loaded. It doesn’t account for race conditions, GTM misconfigurations, or trackers firing in the 200ms window before the banner renders.

The Forensic Audit Process

1. Clean-Session Simulation

We launch a headless Chromium instance with a completely empty cache and zero cookies.

Plain English: We act like a visitor who has never seen your site before, using a "fresh" browser every time.

2. Low-level Request Interception

We intercept every outbound request (XHR, Fetch, Beacon) made in the first 1,500ms.

Plain English: We catch the data leaving your site before it even reaches its destination (like Google or Meta).

3. Classification Engine

Intercepted domains are matched against 2,500+ regulated vendors, looking for IP harvesting and user-agent fingerprinting.

Plain English: We identify who is collecting data, even if they aren't using standard "cookies" to do it.

4. The 200ms Timing Audit

If a tracker fires before the CMP initialises or before a click is recorded, it is classified as a Pre-Consent Leak.

Plain English: We prove whether the data left the browser before the visitor had a chance to say "No."

Why this beats self-reported compliance

Most CMPs (Cookiebot, OneTrust, Axeptio) grade their own homework. They monitor their own JavaScript state, but they can’t see what GTM or other third-party scripts are doing independently in the background.

Polaris acts as a neutral referee. We monitor the browser’s actual traffic, providing the same network-level proof that Data Protection Authorities use during enforcement audits.

See your site’s actual network trace.

Run a free scan