Overview
Pulse is built for the reality that privacy enforcement is visual. Regulators and consumers see a site through a real browser, and that's where violations occur. A synthetic HTTP crawler can't tell you what fires after a user rejects cookies, because it never interacts with your CMP in the first place. Pulse drives a live Chrome instance through your site and captures every network call, every storage write, and a screenshot per consent state.
Each project you create represents a site and a CMP configuration. Scans run on demand or on a schedule, and findings are scored so you know whether you're looking at a critical pre-consent leak or a minor hygiene issue. Pulse is the fastest way to move from "we think we're compliant" to a dated, evidence-backed answer.
Navigate to Projects
Open Pulse > Projects from the left sidebar. The Projects page lists every site you're monitoring along with its most recent scan status, CMP, and score. This is your command center for consent scanning.
Click Add Project to create a new scan project. A project groups scans for a single site so you can compare results over time and schedule recurring runs. Each property in TagPipes can host multiple Pulse projects if you want to segment coverage by domain or subdomain.
Configure the project
Enter the full website URL you want to scan. Include the protocol (https://) and the exact hostname visitors hit. Pulse crawls from that entry point and follows internal links to discover tags that only fire on downstream pages. If your site serves different content to different regions, scan the URL the target audience would actually land on.
Select the CMP in use from the dropdown. Pulse supports OneTrust, Cookiebot, CookieYes, TrustArc, Osano, and Usercentrics out of the box. The CMP choice matters because Pulse needs to know how to click Deny in your banner, and each vendor exposes a different API. Pick the wrong CMP and the Deny pass will register as Baseline, hiding real violations.
Save the project. You're now ready to scan on demand or put it on a schedule.
Run a scan
Click Scan on the project card to launch a run. Pulse spins up a real Chrome browser in a Fargate container and executes three passes against your site. The Baseline pass visits the site without touching the CMP, capturing what fires before any consent decision. The Deny All pass rejects all cookies through your CMP and records what continues to fire despite the rejection. The GPC pass sends a Global Privacy Control signal and checks whether your stack honors it.
Each pass takes roughly one to two minutes depending on page weight and the number of internal pages Pulse samples. Screenshots are captured at every pass so you have visual proof of the consent banner state when the tags fired. Expect an end-to-end scan to complete in five to eight minutes.
Review findings
When the scan completes, click into it to see the findings list. Pulse groups violations by severity and tells you exactly which tag fired, in which pass, from which page, and to which endpoint. Pre-consent tracking (tags firing in Baseline before the user even saw the banner) is typically flagged Critical, as are tags that continue firing after Deny All. GPC non-compliance is flagged for jurisdictions where GPC is legally binding.
Each finding has a recommended remediation. For most tags, the fix is adding the tag to your CMP's consent category or wrapping it in a consent trigger inside GTM. Pulse links directly back to AutoTag for managed tags so you can regenerate the container with the correct consent wiring.
Schedule recurring scans
Set a schedule (daily or weekly) so Pulse rescans automatically. This matters because containers drift. Someone adds a pixel in GTM, a new embed lands on a landing page, a vendor quietly changes their tag code. Recurring scans catch these regressions before they turn into a data-subject complaint. You'll receive email alerts when new violations appear or scores drop.
For high-traffic sites, run a weekly scan. For sites with frequent marketing launches, bump it to daily. The Schedule panel lives on the project edit page and uses the same shared scheduling component as the rest of the platform.
The three-pass model catches different violation classes that single-pass tools miss entirely: pre-consent tracking in Baseline, post-denial leaks in Deny All, and GPC non-compliance. Pulse captures screenshots at each pass as visual evidence you can hand to legal, and it warns when bot protection services like DataDome or Cloudflare may be interfering with the scan. If a scan sits idle for more than five minutes, stuck-scan detection will flag it automatically so you can re-queue it.
Troubleshooting
Deny All pass shows no change from Baseline
This almost always means Pulse picked the wrong CMP, or the CMP on the page was updated to a different vendor without the project being updated. Open the project edit page and confirm the CMP dropdown matches what's actually loaded on the site. If the site is using a custom banner, Pulse can't click Deny in it reliably and you'll need to configure consent events through your GTM container instead.
Scan stuck in QUEUED or RUNNING
Pulse's stuck-scan detector kicks in after five minutes. If a scan sits in QUEUED or RUNNING past that window, re-queue it from the scan detail page. The most common cause is bot protection on the target site returning a 403 to the scanner's IP range. If you see "Bot protection detected" in the warnings, allowlist the Pulse egress IPs or coordinate with your security team before rescanning.
Findings disagree with what you see manually
Pulse scans from a clean browser profile with no prior consent. If you test manually, your browser probably has prior consent stored. Clear cookies and storage for the domain, open an incognito window, and reproduce the Pulse scenario. You'll almost always see the same behavior Pulse flagged.