B84%
Quality Score
7
Pages
109
Issues
8.1
Avg Confidence
8.0
Avg Priority
52 Critical41 High15 Medium1 Low
>_ Testers.AI
AI Analysis
Tempo.New was tested and 109 issues were detected across the site. The most critical finding was: Unconsented third-party tracking across the site (ads/analytics). Issues span Security, Performance, A11y, Other categories. Persona feedback rated Visual highest (8/10) and Accessibility lowest (6/10).
Qualitative Quality
Tempo.New
Category Avg
Best in Category
Pages Tested · 7 screenshots
Homepage
tempo.new
tempo.new
tempo.new
tempo.new
tempo.new
tempo.new
Detected Issues · 109 total
1
Unconsented third-party tracking across the site (ads/analytics)
CRIT P9
Prompt to Fix
In the app, add a consent gate before loading any third-party trackers (GTM, GA, Facebook Pixel, Twitter, PostHog external scripts). Implement a CMP banner, ensure trackers only load after user consent, and configure trackers to respect consent state. Remove or lazy-load non-essential trackers until consenting. Audit all third-party requests and provide a privacy notice explaining data sharing with these services.
Why it's a bug
The page loads multiple third-party trackers (Google Tag Manager, Google Analytics gtag, Facebook Pixel, Twitter/uwt, PostHog config/js, etc.) without any visible consent indicators in the captured data. This enables cross-site user tracking and behavioral profiling without user opt-in.
Why it might not be a bug
If a robust consent mechanism were present and actively enforced, this could be acceptable. However, there is no evidence of consent gating in the provided network activity, making this a high-risk privacy issue.
Suggested Fix
Implement a consent management workflow (cookie banner or CMP). Block or defer all non-essential third-party trackers until explicit user consent is obtained. Ensure trackers honor consent signals, respect Do Not Track where applicable, and provide an option to opt-out. Review and minimize the set of trackers to only those necessary for core functionality.
Why Fix
Reducing unsolicited third-party data collection protects user privacy, improves regulatory compliance, and boosts user trust by making data sharing transparent.
Route To
Privacy Engineer / Frontend Engineer
Page
Tester
Pete · Privacy Networking Analyzer
Technical Evidence
Console:
⚠️ POTENTIAL ISSUE: Tracking request detectedNetwork:
https://www.googletagmanager.com/gtm.js?id=GTM-MRV6D84X https://www.googletagmanager.com/gtag/js?id=G-TDJ3XQ8CB1&cx=c https://connect.facebook.net/en_US/fbevents.js https://static.ads-twitter.com/uwt.js https://us-assets.i.posthog.com/array/phc_jjpEvBVV0R2mp44ePAL8Yt4jdtX5HW1lc493rkpUwwa/config.js POST https://us.i.posthog.com/flags/?v=2&config=true&ip=0&_=1774473594655&ver=1.324.1&compression=base642
AI/LLM endpoints are invoked on page load without user interaction
CRIT P9
Prompt to Fix
Identify and remove or defer all AI/LLM endpoint calls that occur during initial page load. Implement a consent/opt-in mechanism before any AI calls occur. Add a loading state or placeholder while awaiting user interaction, and ensure calls are only made after explicit user action or consent.
Why it's a bug
Network activity shows multiple AI endpoints being queried during initial render (AI/LLM ENDPOINT DETECTED). This can cause performance degradation, unintended data leakage, and privacy concerns without user consent.
Why it might not be a bug
If the app intends prefetching for performance, it should be clearly opt-in and transparent to users with controls and privacy disclosures.
Suggested Fix
Move AI calls behind explicit user action or a clearly presented consent/opt-in flow. Add feature flags or lazy-load AI endpoints after user initiation. Audit calls to ensure no sensitive data is sent on load.
Why Fix
Reduces unnecessary network traffic, respects user privacy, and improves perceived performance and trust.
Route To
Frontend Engineer / Privacy & Security Engineer
Page
Tester
Jason · GenAI Code Analyzer
Technical Evidence
Console:
[⚠️ AI/LLM ENDPOINT DETECTED]Network:
GET https://www.tempo.new/#ai - Status: 3043
Third-party tracking script loaded without consent - Facebook Pixel (fbevents.js)
CRIT P9
Prompt to Fix
You're an AI coding assistant. For the Facebook Pixel loading issue on tempo.new: 1) Do not load https://connect.facebook.net/en_US/fbevents.js by default. 2) Integrate a consent banner if not present; 3) After user consents to marketing cookies, dynamically inject a script tag for fbevents.js with data attributes to track consent. 4) Gate this and other third-party trackers behind explicit user consent; 5) Remove or minimize passing any user identifiers or personal data in the script URL or requests. 6) Provide sample code to lazily-load the script after consent and to conditionally skip loading when consent is not given.
Why it's a bug
The page loads the Facebook Pixel script (fbevents.js) without an apparent user consent gate, enabling potential cross-site tracking and user profiling by Facebook. No explicit consent indicator is visible in the network activity.
Why it might not be a bug
If there is a consent UI elsewhere or a policy stating trackers are used, the network log alone does not prove consent is missing. However, the absence of a clear consent gate in the captured activity constitutes a privacy risk.
Suggested Fix
Implement a consent management mechanism and gate all third-party trackers behind explicit user consent. Do not load fbevents.js by default; load it only after marketing/ads cookies are accepted. Use dynamic script injection after consent and ensure no sensitive data is sent to Facebook via URL parameters. Audit other trackers similarly.
Why Fix
Protect user privacy, comply with data protection regulations (GDPR/CCPA), and reduce risk of penalties and user trust loss due to unconsented tracking.
Route To
Frontend Privacy Engineer
Page
Tester
Pete · Privacy Networking Analyzer
Technical Evidence
Console:
⚠️ POTENTIAL ISSUE: Tracking request detectedNetwork:
https://connect.facebook.net/en_US/fbevents.js