Pixel Auditor: Tag, PII & Consent Mode Inspector

Inspect every tracking pixel firing on a page: tag IDs, event payloads, consent-mode signals, cookies, and PII leaks.

Pixel Auditor is a real-time tracking pixel auditor and inspector for marketers, analysts, and developers. Open the side panel on any website and instantly see every tracking tag on the page, watch events fire live, and audit your implementation. No separate tools. No DevTools. No technical setup required. ────────────────────────────────────── SEE WHAT'S FIRING, LIVE ────────────────────────────────────── Live event stream shows every tracking request as it happens: platform, event name, the method used to fire it, full payload, and fire latency. Regex search, platform filters, pause/resume recording, and watched-event notifications (per-site or global) help you focus on what matters. Take a snapshot at any point and see which fires are new since then. ────────────────────────────────────── SUPPORTED PLATFORMS ────────────────────────────────────── Detects tracking tags from the major tag management, analytics, and advertising ecosystems commonly deployed on the modern web. Identification combines script-src scans, inline initialization code, dataLayer configuration, and live network traffic, so tags are caught whether they load synchronously, async, or through a consent-gated injector. ────────────────────────────────────── CONSENT MODE AUDITING AND SIMULATION ────────────────────────────────────── Inject Grant All or Deny All Consent Mode v2 states with one click and watch exactly which tags respect consent. Auto-clicks the real CMP banner across 19 of the most widely deployed consent management platforms, covering enterprise tooling, popular CMS plugins, and newer independent vendors, with a text-based fallback for custom banners. Every fire is classified against Consent Mode v2 semantics so compliant modeling pings are distinguished from real consent violations. A Reset Consent button clears site cookies, localStorage, and sessionStorage so the banner re-prompts for a clean test. ────────────────────────────────────── PII LEAK DETECTION ────────────────────────────────────── Scans every outgoing tracking hit for emails, phone numbers, and more than fifteen named identifying fields such as full name, date of birth, government IDs, and address components. Flags hashed identifiers (SHA-256, SHA-1) when they appear in identity-shaped parameters. Contextual heuristics avoid noise from unrelated platform metadata. ────────────────────────────────────── SERVER-SIDE TRACKING DETECTION ────────────────────────────────────── Catches first-party proxied tracking that standard pixel checkers miss. Supports server-side tag manager implementations routed through custom domains or managed hosts, server-side conversion APIs used by the major social and ad platforms, and enterprise-grade edge-layer tag forwarders. Multi-source detection: inline script scan, runtime dataLayer inspection, container-state probing, and network-level classification of every captured fire. ────────────────────────────────────── AUDIT REPORTS, HEALTH SCORING, AND SAVED RUNS ────────────────────────────────────── Every session includes an A through F health score with prioritized issues such as duplicate installs, pre-consent fires, missing measurement IDs, dormant tags, and funnel mismatches. Save any audit state as a named run and diff it against future sessions to validate deploys. Export a shareable single-file HTML report. ────────────────────────────────────── INTERFACE ────────────────────────────────────── Dark and light themes with a header toggle. Self-hosted fonts so nothing loads at runtime. Every icon is an inline SVG that themes cleanly. The detail drawer is drag-resizable. ────────────────────────────────────── ABOUT THE DEVELOPER ────────────────────────────────────── Pixel Auditor is built and maintained by Ratan Jha. Every detection rule, classifier, and heuristic in this extension is grounded in years of hands-on experience auditing real-world tracking implementations, consent management deployments, and server-side tag setups. The tool reflects how tracking is actually done, and how it typically breaks, in production environments, not textbook examples. ────────────────────────────────────── WHO IT'S FOR ────────────────────────────────────── Digital marketers verifying tag implementations Analysts checking event data quality Developers debugging tracking integrations Conversion and paid media teams auditing pixel setups Agencies auditing client websites before go-live ────────────────────────────────────── PRIVACY ────────────────────────────────────── All audit data stays on your machine in chrome.storage.local. Pixel Auditor makes zero outbound requests of its own and never transmits any data to the developer or any third party. The broad host permission exists solely so detection can run on any site you choose to audit. Full privacy policy: https://pixelauditor.ratanjhadigital.com/privacy.html Not affiliated with any analytics, advertising, or consent management vendor. All trademarks are property of their respective owners. ────────────────────────────────────── What's in v2.2.2 ────────────────────────────────────── New platforms support added Batched POST parsing — surfaces view_item, scroll, etc. that were previously collapsed into one page_view Universal ID gate — no more phantom GTM/Ads cards without an account ID Tighter routing — Clarity no longer misclassified as GA4; AdSense no longer mislabeled as Google Ads Live violation alerts — desktop notifications for high-severity consent breaches Persistent state — tab data survives Chrome's MV3 service-worker termination Copy-to-clipboard on tag IDs, payload rows, request URLs dataLayer filters — event-name dropdown + persisted "Hide internals" toggle Coalesced renders — chatty pages no longer cause UI jank Plus: many bug fixes (fbq trackSingle, fire-count drift, dup-grouping ID-awareness, GA4 forensics over-capture) ────────────────────────────────────── What it tells you ────────────────────────────────────── Tag IDs (G-XXXX, AW-XXXX, MC-XXXX, ca-pub-XXXX, pixel IDs, partner IDs, UET ti, etc.) Every event fire — name, payload, timing, dedup-aware grouping dataLayer pushes with a Sent / Silent / Pending state machine Consent Mode v2 timeline + a built-in simulator that injects gtag('consent','update') and shows what fires in the next 5 seconds One-click CMP banner accept / reject for 30+ vendors High-recall PII leak detection: emails, phone numbers, hashed identifiers Cookie audit for 20+ tracking cookies A–F health score with actionable reasons HTML and JSON exports + saved runs for before/after deploy comparison Real-time desktop notifications when a high-severity consent breach fires Everything runs locally in your browser. No data leaves your machine.