Skip to content
ePrivacy Dir. + GDPRCookie compliance scanner for websites

Most websites break GDPR before visitors even click “Accept”

One scan finds every cookie violation regulators would flag — and shows you exactly how to fix each one.

Used byBookify logoBookifyWebscore logoWebscoreMe-mo logoMe-moPantazisoft logoPantazisoft

Last real scan flagged 5 critical issues — scored 42/100.

Not a checklist — we open your site in a real browser and record what actually loads before, during, and after consent.

This is the report you get — real scan, domain masked

Scanned website faviconexample.comreal scan · domain masked
42 / 100
42
Critical
CriticalConsent tool: custom

This website has a critical compliance mismatch: the privacy policy states "no analytics, no tracking" but the site deploys Google Analytics (GA4) via Google Tag Manager. While non-essential cookies are correctly blocked until consent, the policy completely fails to disclose these Google services, violating both GDPR Article 13 (transparency) and ePrivacy Directive Article 5(3) (informed consent). The website also lacks key GDPR-required information including DPO contact, data retention periods, user rights, and withdrawal instructions.

0/2
cookies before consent
2
undeclared cookies
5
critical issues

2 cookies detected

0 before consent (violation)2 after consent

Top violations — mapped to the law

criticalGDPR Art. 13Google Analytics Cookies Undeclared in Policy
criticalGDPR Art. 13No Data Retention Periods Specified
criticalGDPR Art. 13No Data Protection Officer or Controller Contact Information
criticalGDPR Art. 13No Information on GDPR User Rights

+ 4 more findings in the full report

Step-by-step fixes + AI cookie policy — unlocked with 1 credit
Unlock →
Based on real enforcement

The 4 things every audit checks

Data protection authorities don't read your privacy page — they crawl your site and measure what actually happens. Any visitor can trigger that audit with a complaint that costs them nothing. These are the exact checks, and what trips them.

1
ePrivacy Dir. Art. 5(3)

Cookies firing before consent

Non-essential cookies must not load until the visitor actively accepts. Authorities run automated crawlers that record every cookie set on page load.

Flagged

Google Analytics or Meta Pixel sets a cookie the moment the page opens.

2
EDPB Guidelines 03/2022

Reject must be as easy as accept

Refusing consent has to be one click, just like accepting it. Anything that nudges users toward “Accept all” counts as an illegal dark pattern.

Flagged

A bright “Accept all” button with “Reject” hidden behind a settings menu.

3
GDPR Art. 13

Every cookie named in the policy

Each cookie must be listed by name with its provider, purpose, and retention period. A vague “we use cookies” line does not satisfy the disclosure duty.

Flagged

The policy says “analytics cookies” without naming _ga, _gid, or _fbp.

4
GDPR Art. 28

Third-party processors disclosed

Every tracker that receives visitor data — analytics, ads, embeds — must be disclosed as a processor with a signed DPA, independent of your banner.

Flagged

A YouTube embed or ad pixel quietly shares IP addresses with no mention.

Our scanner runs all four checks on your site in ~2 minutes — and maps each finding to the exact article above.

The way out

Find every violation before they do

One scan runs the same checks regulators do — under the ePrivacy Directive and GDPR — and hands you the fix for each finding, before a complaint turns it into a fine.

Cookie Detection

Detect all cookies — first-party and third-party — with category, provider, duration, and whether they fire before consent.

Consent Banner Audit

Check if your CMP actually blocks cookies before consent, offers a reject option, and avoids dark patterns.

Policy Analysis

Compare your privacy policy against what's actually running. Find undeclared cookies, missing retention info, and gaps.

Third-Party Scripts

Identify every tracker, analytics tool, and advertising pixel. Know exactly who processes your visitors' data.

AI-Powered Report

Claude AI analyzes all findings and generates a detailed compliance report with a score from 0-100.

Actionable Fixes

Get step-by-step remediation for each issue, priority-ranked. Copy the fix prompt into your AI coding assistant.

See what your site loads before visitors ever click “Accept”.

Run a Free Scan
Simple process

Three steps to compliance

No setup, no config. From URL to a law-mapped report in about two minutes.

01

Paste your URL

Sign in free with Google and drop in any website. No tag, no snippet, no install.

02

We scan it for real

A real browser loads your site before, during, and after consent — capturing every cookie and tracker.

03

Fix before they fine

Get your score, issues ranked by severity, and copy-paste fixes mapped to each law.

Free vs Premium

See the problems free. Unlock the solutions.

Free scans show you what regulators would flag. Premium gives you the exact fixes — before they send a letter.

Free

Diagnosis

Know exactly where you stand — and what regulators would flag today.

  • Compliance score (0–100)
  • Issue count by severity
  • Cookie breakdown by category
  • Consent banner pass/fail checks
  • Policy coverage checklist
  • Positive findings
  • 1 free scan
Start Scanning — Free
Most popular
Premium

Prescription

Everything in Free, plus the exact fixes — from €3 per scan.

  • Detailed issue breakdown + remediation
  • Step-by-step fix instructions
  • AI-generated cookie policy (copy-paste)
  • Copy-to-LLM prompts for each issue
  • Downloadable fix report (.md)
  • Managed sites dashboard
  • Priority support
Get Credits — from €3
After using a bunch of tools to get our sites in line with the ePrivacy Directive under GDPR, this is the first one that gives you a proper way to fix the major cookie-compliance issues. The cherry on top: actionable fixes you can run straight in your agentic coding tool.
Robert
Founder, PantaziSoft
Pricing

Simple, transparent pricing

ePrivacy and GDPR fines start at €5,000. Prevention starts at €3 per scan.

Free

Free Scan

€0

1 scan — free forever

  • 1 free scan
  • Compliance score
  • Issues by severity
  • Cookie & consent breakdown
  • Policy checklist
Scan for free
Pay as you go

1 Detailed Scan

€3

one full report

  • Everything in Free
  • Full issue details + fixes
  • Step-by-step remediation
  • AI cookie-policy generator
  • Copy-to-LLM fix prompts
Buy 1 credit
Most popularSave 67%

10 Detailed Scans

€10

just €1 per scan

  • Everything in Free
  • 10 full report unlocks
  • Step-by-step remediation
  • AI cookie-policy generator
  • Downloadable fix reports
Buy 10 credits

One-time payment — no subscription, no hidden fees.

FAQ

Common questions

Does my website need to be GDPR compliant?

Yes — if your website is accessible to people in the EU or you process personal data of EU residents, GDPR applies regardless of where your business is based. This includes using Google Analytics, Facebook Pixel, or any tool that sets cookies or collects IP addresses. Non-compliance risks fines of up to €20 million or 4% of global annual turnover, whichever is higher.

What's the difference between GDPR and the ePrivacy Directive for my website?

They work together but cover different things. The ePrivacy Directive (2002/58/EC) is the specific law governing cookies and electronic tracking — it requires prior, informed consent before any non-essential cookie fires on a user's device. GDPR is the broader framework that defines what valid consent looks like, requires you to document all data processors, list data retention periods, and respect user rights. For day-to-day cookie compliance, the ePrivacy Directive is the primary rule. Our scanner checks both.

How accurate is the scan?

Very. We use a real headless browser (Playwright) to visit your site exactly like a user would — once before consent, once after accepting, and once after rejecting. We capture actual cookies at each stage, detect your consent banner, and extract your live privacy policy. The AI maps each finding to the specific ePrivacy or GDPR article it violates.

Do I need to create an account?

Yes — a free Google sign-in is required to save your results. It takes 2 seconds.

How often should I re-scan?

After any site changes (new plugins, scripts, or CMP updates), and at minimum quarterly. New plugins and theme updates often silently add tracking scripts.

What's the AI-generated cookie policy?

A complete, GDPR-compliant cookie policy tailored to your site's actual cookies and services. Includes cookie tables, third-party disclosures, user rights, and consent withdrawal instructions. Ready to copy-paste.

What does 'Copy to LLM' do?

It copies a structured prompt with the issue details and fix instructions. Paste it into Claude, ChatGPT, Cursor, or any AI assistant to implement the fix in your codebase.

Don't wait for a complaint. Check your site now.

Regulators use automated tools to scan websites at scale. Your site is already visible to them.

Free scan · no credit card · results in under 2 minutes

As seen on