Audit Checklist Pre-Launch
Last updated: April 26, 2026
Use this checklist before every production go-live.
1. Banner and UX
Section titled “1. Banner and UX”- EEA/UK flow: Accept and Reject are both visible and equally accessible.
- US flow: required opt-out/privacy controls are visible.
- Non-banner/global informational flow: banner suppression (or informational-only Continue) matches policy.
- Where consent UI is shown, it can be reopened from a persistent link/button.
- First and second layer text matches approved legal copy.
- Keyboard navigation works for all controls.
2. Consent Mode v2
Section titled “2. Consent Mode v2”defaultcommand fires before tag execution.updatecommand fires after user action in banner regions.- No-banner regions resolve to granted defaults where banner is intentionally not shown.
- All four keys are present:
ad_storage,analytics_storage,ad_user_data,ad_personalization.
3. TCF v2.3
Section titled “3. TCF v2.3”__tcfapiis available.- TC string updates when user changes preferences.
- Vendor and purpose settings match dashboard policy.
4. Technical Quality
Section titled “4. Technical Quality”- CMP script loads once only.
- CSP and allowlist permit CMP domains.
- No console errors during consent flow.
- Caching layer does not serve stale CMP config.
5. Evidence Package
Section titled “5. Evidence Package”- Screenshot of banner first layer and second layer (EEA/UK test session).
- Screenshot/log from non-banner session showing granted defaults.
- Tag Assistant trace.
- Browser console output for consent checks.
- TCF checks and TC string sample.
- Debug export from Cybexo Debug Tool.
6. Sign-Off
Section titled “6. Sign-Off”- Engineering sign-off
- Privacy/legal sign-off
- Release owner sign-off
- Support runbook updated