Pre-consent tracking audit + court-grade proof

Prove your site asked for consent before it tracked anyone.

ForensicConsent is a browser extension that audits any website for trackers, pixels, chat and session-replay that transmit data before the visitor consents — then seals dated, tamper-evident proof of compliance that anyone can verify independently. Plaintiff firms and EU regulators build cases out of one fact: scripts that fire before a visitor clicks "Accept." Find those leaks on your real pages first — and walk away with evidence, not a vibe.

Install free — no account, no card See how it works

Proof you can verify beats a PDF you have to be trusted on.

  • Runs locally in your browser
  • RFC‑3161 trusted timestamp
  • ed25519 signature + hash-chain
  • Independently verifiable

Why this is happening now

What is a website-wiretapping demand letter?

It's a legal claim that your site shared a visitor's activity with third-party trackers, pixels, chat or session-replay before the visitor consented — treated as illegal interception under laws like California's CIPA. Here's the uncomfortable part: the marketing tags you installed to grow are the exact evidence. If data leaves the page before consent, you're a target — and most sites haven't been caught yet, not cleared.

4,300+

website-wiretapping lawsuits filed nationwide since 2022 — about 3,300 of them in California under CIPA.

Source: Fisher Phillips Digital Wiretapping Litigation Map.

$5,000

Statutory damages claimed per violation under California's CIPA — multiplied across every visitor.

Source: Cal. Penal Code § 637.2.

€150M

Fine France's CNIL levied on Shein on 1 Sept 2025 for cookies set without consent — exactly what we detect.

Source: CNIL decision, 1 Sept 2025.

46.1%

of all websites run Google Analytics, and ~8.9% run Meta's Pixel — the exact scripts these claims are built on.

Source: W3Techs usage statistics, June 2026.

Don't take our word for it

The defense bar is telling clients exactly this.

These aren't our marketing claims — they're recent client alerts from major law firms, warning businesses about the same pre-consent tracking ForensicConsent detects. Read them yourself.

JD SupraFeb 16, 2026 CIPA Demand Letters Are Here to Stay; Reducing Risk from Chat, Session Replay & Analytics Read the alert → Brownstein Hyatt Farber SchreckFeb 11, 2025 Revenue Drain: CIPA Demand Letters Read the alert → Fox Rothschild LLPApr 22, 2026 Websites Based Anywhere May Trigger California or Federal Wiretap Lawsuits Read the alert →

Independent legal commentary, each linked to the firm's own site. ForensicConsent is an auditing tool, not a law firm, and does not provide legal advice.

How it works

How do I prove my site asked for consent before it tracked anyone?

Three steps: install, scan, prove. Audit the page, fix anything that fires before consent, then seal a forensic record anyone can verify. The first two steps are free, forever.

Install

Add the extension to Chrome or Edge. No account, no credit card, no sales call. Detection runs locally in your browser — nothing about the pages you audit is uploaded.

Scan

Open any page on any site and watch every tracker, pixel, chat widget and session-replay script that transmits before consent light up. You get an A–F risk score and a clear, page-level report you can actually act on.

Prove

Seal a forensic, RFC‑3161-timestamped record of the page's compliance state. It's signed, hash-chained, and anyone — including the other side — can confirm it at verify.forensicconsent.com.

The forensic-proof moat

Is ForensicConsent just another tracker scanner?

No — and that's the whole point. Plenty of free tools can tell you a pixel fired. Not one of them hands you a dated, tamper-evident, independently verifiable record that still holds up the day a claim lands in your inbox. Detection is commoditized. Defensible proof is the moat.

RFC‑3161 trusted timestamp

Every sealed record carries a timestamp from a trusted authority — so the date you scanned isn't your word against theirs. It rebuts "on date X your site did Y."

ed25519 signature + hash-chain

Each record is cryptographically signed and chained to the one before it. Change a single byte and verification fails — tampering is detectable, not deniable.

The chat "gotcha" test

Reproduces the plaintiff playbook: types a unique sentinel phrase into a chat box and shows it being transmitted before consent — the exact evidence used against support widgets.

Continuous monitoring timeline

Scheduled re-audits build an unbroken, hash-chained compliance timeline — proof your site stayed clean, not just that it was clean once.

Independently verifiable

A record's validity doesn't depend on us. Anyone — opposing counsel, an insurer, an auditor — can check it against our published keys at verify.forensicconsent.com.

Wide tracker coverage

Detects Meta & TikTok Pixel, GA4, Hotjar, FullStory, Microsoft Clarity, and Intercom / Drift / Crisp chat — the scripts that show up in demand letters.

How we compare

How does ForensicConsent compare to free detectors, consent managers and enterprise tools?

Free detectors find leaks. Consent managers configure banners. Enterprise tools monitor — at enterprise prices and after a demo. ForensicConsent is the only self-serve option that turns a scan into court-grade proof. Here's the side-by-side.

Feature comparison. "Partial" means available only in some plans or with limits.
Tool Pre-consent detection Chat "gotcha" test Court-grade forensic proof Continuous monitoring timeline Self-serve pricing
Free detectorsPixel Auditor / ConsentScope / CookieWard stops at a report
Consent managersOneTrust / Cookiebot Partialconfigures banners Partial Partial
Lokkerenterprise Partial Partial enterprise-only, no public price
ForensicConsent RFC‑3161 + ed25519 + hash-chain from $0

Which one is you?

Start where the risk is.

You got a demand letter

The one that ruins a Tuesday. See exactly what fired pre-consent on the pages they cite, then — once you've remediated — seal a dated, verifiable record. It's the artifact that answers "your site did Y on date X" with receipts.

Audit my pages free

You own compliance

Put your whole site on scheduled re-audits and build an unbroken compliance timeline — proof for legal, your insurer and the board that the site stayed clean, not just that it looked clean the one day someone checked.

Install free

You run audits for clients

Hand clients independently verifiable proof, not a self-attested PDF they have to take your word on. Seat-based plans cover your team, and every record checks out at verify.forensicconsent.com — even when the skeptic is on the other side.

See team pricing

Pricing

What does ForensicConsent cost?

Per-page detection is free forever and genuinely useful on its own — install first, decide later. Every paid plan ships the same features and differs only by seats and billing. You pay for whole-site coverage, scheduled monitoring and court-grade proof; the rest is free.

Free

$0 forever

No account, no card.

  • Per-page pre-consent detection
  • A–F risk score
  • Local scan history
  • Self-attested report export
Install free
Most popular

Pro

$29 /mo

1 seat. Billed monthly.

  • Whole-site crawl & scoring
  • Scheduled re-audits
  • Court-grade forensic proof
  • Chat "gotcha" sentinel test
Install free

Pro — 1-month pass

$37 once

1 seat, 30 days, no auto-renew.

  • All Pro features
  • One-time payment
  • Nothing to cancel
  • Ideal for a single audit push
Install free

5 seats

$124 /mo

5 seats. Billed monthly.

  • All Pro features
  • 5 team members
  • Shared license
  • For small teams & agencies
Install free

15 seats

$225 /mo

15 seats. Billed monthly.

  • All Pro features
  • 15 team members
  • Shared license
  • Best per-seat value
Install free

No checkout here — install free, upgrade inside the extension. See the full pricing detail →

Questions

Straight answers, no asterisks.

Is ForensicConsent just a cookie banner?

No. A cookie banner asks for consent. ForensicConsent checks whether your site actually honored it — and proves the result. It detects the trackers that transmit before consent and seals tamper-evident, independently verifiable evidence of the page's state. It's an auditor and a proof tool, not a consent manager, and not legal advice.

Free tools already detect trackers. Why pay for ForensicConsent?

Because detection is commoditized — and we give it away too. What no free tool gives you is a dated, tamper-evident record anyone can independently verify. When a demand letter or regulator says "prove your site was clean on this date," a self-attested PDF is your word. An RFC‑3161-timestamped, ed25519-signed, hash-chained record is evidence.

How is the proof verified?

Three things working together: a trusted timestamp (RFC‑3161) fixes when, an ed25519 signature fixes who sealed it, and a hash-chain makes any later edit detectable. Validity doesn't rely on trusting us — anyone, including opposing counsel, can confirm a record at verify.forensicconsent.com against our published keys.

Does my browsing or page data get uploaded?

No. Detection runs entirely in your browser, and on the free tier — with no license activated — the extension sends nothing off your device at all. We don't sell or share browsing data and we run no third-party analytics. On a paid plan, the only things that leave your device are a SHA-256 hash of the audit record, the audited page URL and a timestamp (when you choose to seal a forensic record), plus your license token, a random device ID and your browser's user-agent string (to activate and validate the license). Page content and audit details stay local. Full detail is in our privacy policy.

Do I need an account or a credit card to start?

No. Install free, scan any page, keep local history, and export a self-attested report — all with no account and no card. You only enter billing when you choose to upgrade — you start that from inside the extension, on our payment processor's secure checkout page.

Will this break my site or block anything?

No. ForensicConsent only observes and audits — it never blocks requests or modifies how your site serves visitors. The chat "gotcha" test runs against a page you choose, on demand.

Is it really safe under Manifest V3?

Yes. MV3 restricted request blocking, which is why old blocker-style privacy extensions broke. ForensicConsent is observe-and-audit only, so MV3 doesn't limit it — it uses the standard observation APIs to watch network activity locally.

Verify, don't trust

Can the other side check the proof? Yes — that's the design.

A ForensicConsent record is built to be checked by a skeptic — opposing counsel, an insurer, an auditor. Paste it into the public verifier and it confirms the timestamp, signature and chain, or it flags tampering. No login, no dependency on us, no benefit of the doubt required.

Proof you can verify beats a PDF you have to be trusted on.

Open the public verifier →

Find the leaks before a plaintiff firm does.

Install free, scan your real pages, and see exactly where you stand today — in minutes, not a sales cycle. Upgrade only when you want whole-site coverage and proof that holds up.

Install free See pricing