Tag & SDK Inventory Template

Map every tag, pixel, and SDK before implementing your CMP.

Why You Need a Tag Inventory

A CMP (Consent Management Platform) is only as good as the inventory it is built on. If you do not know what tags and SDKs are on your platform, you cannot:

  • Block non-essential tags before consent
  • Classify tags correctly by purpose
  • Respond accurately to DSARs
  • Demonstrate accountability to regulators

Tag Inventory Template

Create a spreadsheet with these columns for every tag, pixel, SDK, and third-party integration:

Column Description
Name Tag/SDK name (e.g. "Google Analytics 4")
Purpose Analytics / Marketing / Ad Delivery / Functional / Strictly Necessary
Data collected What personal or device data does it access or store?
Storage mechanism Cookie / Local Storage / Session Storage / SDK identifier
Vendor Who operates the third-party service?
Vendor privacy policy URL Link to vendor's privacy/data processing documentation
Data sent to Which countries/regions does data flow to?
Retention How long is data retained by the vendor?
Legal basis Consent / Legitimate interests / Contract / Legal obligation
Consent category Which consent category does this map to in your CMP?
Fires before consent? Yes / No — does it currently fire before a consent choice?
Blocked by CMP? Yes / No — is it currently blocked until consent?

Common Tags Found on OTT Platforms

Analytics

  • Google Analytics 4 / Google Tag Manager
  • Mixpanel, Amplitude, Segment
  • Mux Data, Conviva, Youbora (video quality analytics)
  • Hotjar, FullStory (session recording — high personal data risk)

Marketing & Retargeting

  • Meta Pixel / Conversions API
  • Google Ads (remarketing tag)
  • LinkedIn Insight Tag
  • TikTok Pixel

Ad Delivery (AVOD/FAST)

  • Google IMA SDK
  • SpotX / Magnite
  • FreeWheel
  • Amazon Publisher Services

Functional

  • Intercom, Drift (customer support)
  • Calendly embed (booking)
  • Stripe.js (payment)

Audit Process

  1. Crawl your site — use a tag auditing tool (Chrome DevTools > Network, Ghostery, or a CMP's pre-scan tool) to capture all tags currently firing
  2. Crawl with consent declined — verify which tags fire without consent (these are your non-compliant tags)
  3. Check apps — repeat the audit for your iOS/Android apps using Charles Proxy or equivalent
  4. Document each tag using the template above
  5. Map to CMP categories — assign each tag to a consent category
  6. Block non-essential tags in your CMP or tag manager
  7. Re-test after blocking to confirm compliance

Build this inventory before selecting a CMP, not after.

Want help auditing your tag implementation?

We can review your current tag setup and help you build the inventory.

Book a tag audit review call
Cookie Consent Basics Consent UX Patterns