Skip to main content

How to interpret your Shake scan report

Understand the statuses of your Shake scan report and identify properly configured services, those requiring verification, or non-compliant ones.

Written by Alexandre Dias Da Silva

When you launch a Shake scan from your Axeptio administration or from our website, you receive an audit report in PDF format.

This report lists all services/providers detected on the sample of pages that Shake analyzed on your site, classified by purpose/category. For each service, the report indicates:

  • The name of the service and the company that develops it

  • A brief description of the service

  • An indication of whether or not consent is necessary, depending on whether the service collects personal data or not to our knowledge (see note below)

  • The status of the service, which indicates whether the service is properly or improperly configured

Shake helps you identify which services should be subject to consent or not. Shake relies on a database created and maintained by Axeptio, which lists a large number of services and providers used on websites. It helps you easily identify which services should be subject to consent or not. This database is updated regularly, but your site's compliance remains your responsibility. We therefore recommend that you systematically verify these elements and update your configurations accordingly.

Understanding the status of detected services

To assess a service's compliance, it is necessary to check when the services are loaded: are they loaded before the visitor has interacted with your banner (and therefore before they have explicitly given their consent) or after?

Shake follows the following logic for each detected service:

  • Was the service detected before or after consent?

  • If it is detected after consent, then it appears to be properly configured 🟢

  • If it is detected before consent:

  • If the service can be configured to be exempt from consent, then it appears as a provider whose configuration can be specific 🟡

  • Otherwise:

  • If the service is not subject to consent, it appears to be properly configured 🟢

  • If the service is subject to consent, it appears to be improperly configured 🔴

Compliance objective: an all-green report. As you will have understood: for your site to be considered compliant, all your services must be properly configured. In short, you want a report with maximum green!

Let's now review the different statuses a service can have.

🟢 Properly configured provider

Shake has detected that the service was only loaded after the visitor gave their consent, or it is exempt from consent.

✅ Perfect: you have nothing more to do for this service!

🟡 Provider whose configuration can be specific

Shake has detected that the service was loaded before the visitor gave their consent and that it can be configured to be exempt from consent.

✅ Have you configured the service so that it is exempt from consent? If so, then perfect, you have nothing more to do and you can ignore the warning!

🛑 If you have not configured the service to be exempt from consent (intentionally or not), this constitutes non-compliance and you are required to remedy it by adapting your settings! Continue reading the next section to find out how to correct the situation.

🔴 Improperly configured provider

Shake has detected that the service was loaded before the visitor gave their consent, while it is not exempt from consent.

🛑 This constitutes non-compliance and you are required to remedy it by adapting your settings! Continue reading the next section to find out how to correct the situation.

❓ Unknown provider

Unknown providers are listed at the end of the report and, as a precaution, are displayed as "improperly configured." This does not necessarily mean they collect personal data, but you must verify their nature and consent status.

Shake has detected that the service was loaded before the visitor gave their consent, but we do not know if it should be subject to consent because it is not listed in our database.

✅ You recognize the service and you are certain it does not require consent? If so, then perfect, you have nothing more to do and you can ignore the warning!

🛑 If the service must be subject to consent, this constitutes non-compliance and you are required to remedy it by adapting your settings! Continue reading the next section to find out how to correct the situation.

⚠️ If you do not know whether the service must be subject to consent, it is up to you to verify this by contacting the service's support. We observe, however, that the majority of services listed in unknown providers are often functional, but in case of doubt, do not make assumptions!

Services appear to be improperly configured in your report? Consult Correcting non-compliance detected by Shake to find out how to remedy the situation.

Related Articles
How do tracker categories and CNIL exemptions work?
What is Shake?
Correct the non-conformities detected by Shake
Did this answer your question?