Meet the Free Compliance Scanner: See Where Your Site Leaks Consent

Today we're introducing the ConsentStack compliance scanner: a free tool that checks whether your website actually respects visitor consent. You type in your domain, and in about a minute you get a plain report on what your site does before and after someone makes a choice. No signup, no sales call.

It runs the same check a regulator's investigator would run, from both a European and a United States vantage point, and shows you exactly where things go wrong.

What it actually checks

The scanner visits your site the way a real visitor would, twice. Once it clicks Reject, once it clicks Accept, and it watches what happens each time. From that, it tells you four things:

• What fires before anyone chooses. Trackers and cookies that load the moment the page opens, before the visitor has agreed to anything. This is the single most common problem we see.
• What keeps firing after Reject. Trackers and cookies that ignore the visitor's "no" and keep collecting data anyway.
• Whether you have a working banner, and which one. It detects your consent platform (OneTrust, Cookiebot, Termly, ConsentStack, and others), or flags that there isn't one.
• Whether your site behaves differently by region. It scans from the EU and the US, so if your site hides trackers from European visitors but lets them run for everyone else, you'll see it.

That's the announcement. Here's why it matters more than it sounds like it should.

A banner is not the same as compliance

Most cookie banners on the internet do nothing.

That sounds like an exaggeration. It isn't. A huge share of consent setups fall into one of two buckets. Either the banner is cosmetic, a box that asks for permission while the tracking scripts fire the moment the page loads regardless of what the visitor clicks. Or the engine is real but misconfigured, so Reject doesn't actually reject and a whole category of scripts slips through. Plenty of sites manage both at once.

The catch is that you can't tell which bucket you're in by looking. A banner you can see tells you nothing about whether the thing behind it works. The only way to know is to do what the scanner does: click the buttons, then watch what the site actually loads. We broke down how script blocking actually works, and why most CMPs fake it, if you want the longer version.

The scanner closes that gap. In about a minute, it turns "I think we're fine" into a list of exactly what is and isn't working.

How to read your report

Your report opens with a score from 0 to 100 and two verdicts, one for the EU and one for the US, because the rules and the right answer differ by region. A site can pass in one place and fail in the other.

Below that, every problem the scanner found is listed out. Each one explains why it matters and how to fix it, in order of severity, so you can start at the top and work down.

You'll also see your cookies and trackers broken out individually, with what each one does and whether it respects the visitor's choice, so the fix is never a guessing game.

Why it's free, no signup

We think everyone running a website should be able to find out where they stand without paying for the privilege or handing over an email first. Knowing you have a problem is the hard part. Once you can see it clearly, fixing it is straightforward, and we're happy to help with that too.

So the scanner is free, for any site, as many times as you want. Run it on your own site, run it on a competitor's, run it before and after you make a change to confirm it worked.

Try it

Scan your website at consentstack.io/compliance-scanner. Type in your domain and see where your site stands.