When you run a Shake scan from your Axeptio admin or from our website, you receive an audit report in PDF format.
This report lists all the services/vendors detected on the sample of pages that Shake analyzed on your site, grouped by purpose/category. For each service, the report shows:
The service name and the company that develops it
A brief description of the service
An indication of whether consent is required, depending on whether the service collects personal data or not to our knowledge (see note below)
The service status, indicating whether it is properly configured or not
Shake helps you identify which services require consent
Shake relies on a database created and maintained by Axeptio, listing a large number of services and vendors used on websites. This helps you identify which services require consent.
This database evolves regularly, but the compliance of your site remains your responsibility. We recommend you always verify these elements and update your configurations accordingly.
Understanding the status of detected services
To assess a service’s compliance, you need to check when it is loaded: is it loaded before the visitor has interacted with your banner (and therefore before they have explicitly given consent) or after?
Shake follows this logic for each detected service:
Was the service detected before or after consent?
If detected after consent → it appears as well configured 🟢
If detected before consent:
If the service can be configured to be exempt from consent → it appears as a service with specific configuration 🟡
Otherwise:
If the service does not require consent → it appears as well configured 🟢
If the service requires consent → it appears as badly configured 🔴
Compliance goal: an all-green report
For your site to be considered compliant, all your services must be properly configured. In short, aim for as much green as possible!
🟢 Well-configured vendor
Shake detected that the service was only loaded after the visitor gave consent, or it is exempt from consent.
✅ Perfect – nothing more to do for this service!
🟡 Vendor whose configuration can be specific
Shake detected that the service was loaded before the visitor gave consent, and it can be configured to be exempt from consent.
✅ If you configured it to be exempt, you’re fine and can ignore the warning.
🛑 If not configured for exemption, this is non-compliant and you must fix it.
🔴 Badly configured vendor
Shake detected the service was loaded before consent and it is not exempt from consent.
🛑 This is non-compliant and must be corrected.
❓ Unknown vendor
Unknown vendors are listed at the end of the report and are shown as “misconfigured” by precaution.
This doesn’t necessarily mean they collect personal data, but you must check their nature and consent status.
✅ If you know the service and are sure it doesn’t require consent → no action needed.
🛑 If it requires consent → non-compliant, fix required.
⚠️ If unsure → check with the service’s support team. Most unknown vendors are functional, but don’t assume.
Fixing detected non-compliance
Review your consent conditioning logic
Most misconfigurations happen because the consent conditioning logic was not properly implemented.
Using Google Tag Manager? Check your tag is conditioned on consent.
Loading Axeptio “hardcoded”? Ensure consent logic is added in your code.
Correctly manage specific services
Some services (YouTube, Google Analytics, Google Ads, etc.) require extra configuration. Check if yours is listed.
Check which pages the service was found on
A service found on just one page will appear in the scan report.
To see the pages, open the XLSX file linked in the “Recommendation” section at the top of the “Vendors badly configured detected” block, and look at column F (“pages”).
After making changes, rerun a Shake scan to check if the service now appears as properly configured.
If you skipped steps during your initial Axeptio setup, revisit our Getting started guide, especially the Cookie blocking section.