Skip to content

Audit Checklist Pre-Launch

Last updated: April 26, 2026

Use this checklist before every production go-live.

  • EEA/UK flow: Accept and Reject are both visible and equally accessible.
  • US flow: required opt-out/privacy controls are visible.
  • Non-banner/global informational flow: banner suppression (or informational-only Continue) matches policy.
  • Where consent UI is shown, it can be reopened from a persistent link/button.
  • First and second layer text matches approved legal copy.
  • Keyboard navigation works for all controls.
  • default command fires before tag execution.
  • update command fires after user action in banner regions.
  • No-banner regions resolve to granted defaults where banner is intentionally not shown.
  • All four keys are present: ad_storage, analytics_storage, ad_user_data, ad_personalization.
  • __tcfapi is available.
  • TC string updates when user changes preferences.
  • Vendor and purpose settings match dashboard policy.
  • CMP script loads once only.
  • CSP and allowlist permit CMP domains.
  • No console errors during consent flow.
  • Caching layer does not serve stale CMP config.
  • Screenshot of banner first layer and second layer (EEA/UK test session).
  • Screenshot/log from non-banner session showing granted defaults.
  • Tag Assistant trace.
  • Browser console output for consent checks.
  • TCF checks and TC string sample.
  • Debug export from Cybexo Debug Tool.
  • Engineering sign-off
  • Privacy/legal sign-off
  • Release owner sign-off
  • Support runbook updated