California's CIPA § 631 is behind a wave of "wiretapping" lawsuits against ordinary business websites. The trigger is simple: trackers that record or transmit a visitor's activity before that visitor consents. Here is how to check whether yours do.
CIPA § 631 (with damages set by § 637.2) is a California wiretapping statute. Plaintiffs argue that when a session recorder, analytics tag, or ad pixel captures what a visitor does before they consent, that is an intercepted communication — worth up to $5,000 per violation. It is not about whether you have a cookie banner; it is about whether trackers actually stay off until a visitor clicks it.
facebook.com/tr (Meta Pixel), clarity.ms (Microsoft Clarity), hotjar.com, analytics.tiktok.com, or HubSpot analytics. Anything that loads before you consent is a potential CIPA exposure.This manual check catches the obvious cases. It misses trackers that load a few seconds late, fire only on interaction, or were added to one template and not another — which is why most owners run an automated scan.
Skip the manual check — scan your whole site in 30 seconds, free.
Real browser scan, no signup to run it. You see a summary of the findings; the full report with every tracker unlocks with your email.
Across the small-business sites we've scanned, the most common pre-consent offenders are everyday marketing and analytics tags: Meta Pixel, Microsoft Clarity, LinkedIn Insight, Hotjar, HubSpot, and TikTok Pixel. They're usually added by a marketing team long after the consent banner was set up — which is exactly why banners so often fail to block them. (We break down the full list in our website-tracking report.)
Once you know which trackers fire before consent, the fix is to gate them behind your consent tool (or remove the ones you don't need) and then re-check — because a banner that says it blocks trackers and one that actually does are not the same thing. RegSentry gives you the flagged list, a remediation step for each, and ongoing monitoring so a newly-added tag doesn't silently reopen the exposure.
See exactly what fires before consent on your site — free, no signup.
Real browser scan, no signup to run it. You see a summary of the findings; the full report with every tracker unlocks with your email.