What CookieRisk
actually does
Most cookie scanners count cookies. We test whether your consent banner actually enforces user choices — with per-vendor evidence regulators can act on.
Quick Scan vs Deep Scan
Quick Scan shows what’s on the page. Deep Scan proves whether your consent banner actually stops tracking when users say no.
Both scan types are free. No sign-up required. No code to install.
Try both scans nowHow the Deep Scan works
Three full browser sessions — baseline, reject, and accept — compared to prove whether your consent banner enforces user choices.
Baseline
What fires before anyone touches the banner
We load your site in a real Chromium browser and capture every cookie, tracker, and third-party request that fires before any consent interaction. This is the evidence regulators look for first.
Reject flow
What happens when a user clicks Reject
The scanner clicks your Reject button and records what changes. If trackers keep firing, you have a consent violation — the exact issue DPAs are fining companies for.
Accept flow
What fires after Accept
We click Accept and compare the difference. This three-way comparison reveals exactly which vendors respect consent and which track regardless of what visitors click.
Verdicts
Per-vendor pass/fail with evidence
Every vendor gets a verdict: pass, fail, or warning. Each finding is backed by evidence — request URLs, cookie names, and timing data. Ready for legal review or audit.
Risk scoring
Prioritised by real enforcement patterns
Findings are ranked using data from published DPA enforcement decisions across 30+ countries, so you fix the issues that carry real regulatory risk first.
What your report proves
Every finding is backed by evidence. Every risk is connected to real enforcement patterns. This isn’t a cookie count — it’s compliance proof.
Proof you’re not illegally tracking visitors
See exactly which cookies and trackers fire before anyone interacts with the banner. Pre-consent tracking is the #1 issue regulators fine for — documented per request with timestamps.
Know if your banner has dark patterns regulators flag
Identifies your consent platform (Cookiebot, OneTrust, Didomi, etc.), checks for dark patterns, accessibility issues, and Google Consent Mode v2 configuration.
Evidence your consent flow works
Deep Scan clicks Reject and Accept in separate sessions, then diffs the results. Per-vendor verdicts show which trackers respect consent and which ignore it — ready for legal review.
A single score so you know where you stand
A transparent 0–100 compliance score with clear deductions for each issue. No black box — you see exactly what lowered your score and by how much.
Catch fingerprinting and CNAME cloaking before the DPA does
Detects fingerprint APIs, CNAME cloaking, server-side tagging, and other advanced tracking techniques that bypass traditional cookie controls.
See which issues DPAs are currently fining for
Findings are prioritised using patterns from published enforcement decisions across 30+ countries. You fix the issues that carry real regulatory risk first.
Monitoring & automation
Scanning once isn’t enough. CMP updates, new tags, and developer changes can break consent at any time. Monitoring catches it before regulators do.
Multi-site dashboard
Monitor all your sites in one place. See scores, trends, and alerts at a glance.
Automated scheduled scans
Weekly (Pro) or daily (Agency) deep scans run automatically. No manual work.
Regression alerts
Get notified by email or webhook the moment your compliance score drops.
Scan diff comparison
Compare any two scans side-by-side. See exactly what changed: new cookies, removed trackers, score shifts.
PDF & JSON export
Export compliance reports for clients, auditors, or your DPO. Evidence included.
Compliance badge embed
Embed a real-time compliance badge on your site. Auto-updates with each scan.
See it in action
Paste any URL and get a full compliance report in 15 seconds. No sign-up. No code to install. Free.