Cookie consent is the #1 enforced area of GDPR

Is your cookie banner
putting you at risk of a fine?

Most cookie banners look compliant but don’t actually stop tracking when visitors click Reject. Regulators are actively fining for this. Find out if you’re exposed.

Results in 15 secondsNo sign-up required
See if you’re tracking users before consentProof your banner actually enforces choicesKnow which vendors put you at riskPrioritised by what regulators fine for

Why this matters right now

Cookie consent is the most enforced area of GDPR

The French DPA fined Criteo €40M for dropping tracking cookies before consent. The Spanish DPA fined CaixaBank €6M for the same issue. These aren’t just big-company problems — the average cookie consent fine starts at €10,000 for SMBs.

€4.5B+

GDPR fines issued since 2018

2,000+

Enforcement actions on record

#1

Cookie consent: top enforcement area

30+

Countries with active DPA enforcement

Every finding in your report is scored against published enforcement decisions. You see which issues regulators actually fine for.

Is your site at risk? Check in 15 seconds
9 sites scanned
83% had pre-consent tracking violations
Used by compliance teams, agencies & DPOs across Europe
GDPR · ePrivacy · CCPA · PECR · LGPD

What makes this different

Most scanners count cookies.
We test whether your banner actually works.

A deep scan runs three full browser sessions — baseline, reject, and accept — then compares them to prove whether your consent banner enforces user choices. This is the evidence trail that fines are built on.

Baseline

Are you tracking visitors before they consent?

We load your site in a real browser and capture every cookie, tracker, and third-party request that fires before anyone touches the banner. This is the evidence regulators look for first.

Reject flow

Does clicking Reject actually stop anything?

The scanner clicks your Reject button and records what changes. If trackers keep firing, you have a consent violation — the exact issue DPAs are fining companies for.

Accept flow

Which vendors ignore consent entirely?

We click Accept and compare the difference. This three-way comparison reveals which vendors respect user choices and which track regardless of what visitors click.

Verdicts

Per-vendor proof for your lawyer or DPO

Every vendor gets a verdict: pass, fail, or warning. Each finding is backed by evidence — request URLs, cookie names, and timing data. Ready for legal review or audit.

Risk scoring

Know which issues DPAs are actively fining for

Findings are ranked using data from published enforcement decisions across 30+ countries, so you fix the issues that carry real regulatory risk first.

From URL to compliance proof in seconds

No sign-up required. No code to install. Just enter a URL and see exactly where you stand.

1

Paste any URL — takes 2 seconds

Enter a website URL. We load it in a real Chromium browser — the same engine your visitors use. No browser extensions, no code snippets, nothing to install on your site.

2

See the violations regulators see

Get a full evidence report: every cookie, tracker, and third-party request — plus whether your banner actually stops tracking when visitors say no. Quick scan in ~15 seconds. Deep scan with consent verification in ~90 seconds.

3

Fix the issues that trigger fines — before regulators find them

Findings are scored using real enforcement patterns from 30+ countries. You see which issues carry the highest regulatory risk, with clear fix guidance for each one. No guesswork.

What your report proves

Every finding is backed by evidence. Every risk is connected to real enforcement patterns. This isn’t a cookie count — it’s compliance proof.

Proof you're not illegally tracking visitors

See exactly which cookies and trackers fire before anyone interacts with the banner. Pre-consent tracking is the #1 issue regulators fine for — documented per request with timestamps.

Know if your banner has dark patterns regulators flag

Identifies your consent platform (Cookiebot, OneTrust, Didomi, etc.), checks for dark patterns, accessibility issues, and Google Consent Mode v2 configuration.

Evidence your consent flow works — for auditors and lawyers

Deep Scan clicks Reject and Accept in separate sessions, then diffs the results. Per-vendor verdicts show which trackers respect consent and which ignore it — ready for legal review.

A single score so you know exactly where you stand

A transparent 0-100 compliance score with clear deductions for each issue found. No black box — you see exactly what lowered your score and by how much.

Catch fingerprinting and CNAME cloaking before the DPA does

Detects fingerprint APIs, CNAME cloaking, server-side tagging, and other advanced tracking techniques that bypass traditional cookie controls.

See which issues DPAs are currently fining companies for

Findings are prioritised using patterns from published enforcement decisions across 30+ countries. You fix the issues that carry real regulatory risk first.

Simple, transparent pricing

Scan any website for free. Upgrade when you need continuous monitoring so you know the moment something breaks.

The average GDPR cookie consent fine starts at €10,000. Continuous monitoring starts at €49/month.

Free

Scan any site, no sign-up needed

0forever
  • Unlimited quick scans
  • Unlimited deep scans
  • Full compliance report
  • Cookie detection & classification
  • 1 monitored site (with account)
  • 7-day scan history
Most popular

Pro

For businesses serious about staying compliant

49/month
  • Everything in Free
  • 5 monitored sites
  • Weekly automated scans
  • Instant alerts when your score drops
  • 90-day scan history
  • PDF compliance report export
  • Compliance badge embed
  • Priority support

Agency

For agencies managing client compliance

149/month
  • Everything in Pro
  • 25 monitored sites
  • Daily automated scans
  • 1-year scan history
  • Webhook & email alerts
  • PDF & JSON evidence export
  • Team members (up to 5)
  • REST API access
  • White-label reports
14-Day Risk-Free Guarantee

Try Pro or Agency for 14 days. If the scanner doesn’t find at least one compliance issue you didn’t know about, we’ll refund you — no questions asked.

Payments processed securely by Mollie. Supports iDEAL, credit cards, SEPA Direct Debit, and more European payment methods. Cancel anytime.

Common questions

Everything businesses ask before their first scan.

Yes. Cookie consent is the single most enforced area of GDPR. The French DPA fined Criteo €40M and the Spanish DPA fined CaixaBank €6M for dropping tracking cookies before consent. Fines for SMBs typically start at €10,000–€50,000. If your banner doesn’t actually stop tracking when visitors click Reject, you’re exposed.

GDPR fines can reach up to 4% of annual global turnover or €20M, whichever is higher. In practice, cookie consent fines for small and mid-sized businesses range from €10,000 to €500,000 depending on the severity, the number of affected users, and the DPA handling the case. Beyond fines, there’s the cost of legal defense, reputation damage, and mandatory remediation.

Having a consent management platform (CMP) installed doesn’t mean it’s working correctly. Misconfigured CMPs are one of the most common sources of consent violations. Our scanner tests whether your CMP actually blocks trackers before consent and stops them after reject — not just whether the banner appears. Many sites pass a visual check but fail the technical one.

Every finding in your report comes with clear fix guidance and a priority ranking based on real enforcement patterns. You’ll know exactly what to fix first (the issues regulators actually fine for) and how to fix it. For ongoing protection, monitoring plans alert you the moment something breaks so you can fix it before it becomes a complaint.

Quick Scan loads the page without clicking anything and captures everything on first load — cookies, trackers, banner presence, and a compliance score. It takes ~15 seconds and is always free. Deep Scan runs three full browser sessions (baseline, reject, accept), compares them, and generates per-vendor consent verdicts with evidence. It takes ~60–90 seconds and proves whether your banner actually enforces choices.

No. You can run both Quick Scans and Deep Scans directly from the homepage without creating an account. A free account gives you a dashboard to track sites over time, view scan history, and set up monitoring alerts.

We store scan results (cookies found, trackers detected, compliance scores) so you can access your reports. We do not store any personal data from the websites you scan. Scan results are retained based on your plan (7 days for free, 90 days for Pro, 1 year for Agency). You can delete your data at any time from the dashboard.

The scanner checks against requirements from GDPR (EU), the ePrivacy Directive, CCPA/CPRA (California), PECR (UK), and LGPD (Brazil). Risk scoring uses enforcement data from European DPAs to provide country-specific context. The evidence reports are designed to be useful for legal review, DPO audits, and regulatory inquiries.

You’ve read this far — which means you’re not sure your banner is compliant

Find out in 15 seconds. No sign-up, no code to install. See exactly what fires before consent and whether Reject actually stops tracking.

Check My Site Now

The average site has 7 pre-consent tracking violations. What’s your number?