Compliance Scanner
Scan your website for trackers, cookies, and consent issues, checked against EU and US privacy rules. Free, no signup.
The compliance scanner is a free tool that checks whether your website respects visitor consent. Enter a domain and, in about a minute, you get a plain report on what your site loads before and after a visitor makes a choice, checked from both the EU and the US. No signup required.
You can run it on any site, including your own, as many times as you want. It's a fast way to confirm your consent setup actually works, and to verify a fix after you make one.
What it checks
Third-party trackers
Detects scripts loaded from external domains, including analytics, advertising, and social widgets, and identifies the vendor behind each one.
Cookie analysis
Examines every cookie set during page load, including expiration, security flags, and whether it is first or third party.
Consent banner detection
Identifies which consent platform you use, or flags that there isn't one, and measures how it behaves.
Pre-consent leakage
The most common violation: trackers and cookies that fire before the visitor has made any consent choice.
Regulation coverage
Evaluates your site against GDPR, CCPA and CPRA, ePrivacy, and 195+ more applicable regulations.
Geo-variant behavior
Scans from both EU and US servers to catch sites that behave differently for visitors in different regions.
Running a scan
Enter your domain
Go to the compliance scanner and type in a domain, for example example.com. You can paste a full URL too. The scan starts immediately, no account needed.
The scanner runs both choices, from both regions
The scanner visits your site the way a real visitor would, twice. Once it clicks Reject, once it clicks Accept, and it records what loads each time. It does this from both an EU and a US vantage point, because the rules and the expected behavior differ by region.
Read your report
In about a minute you get a full report: a compliance score, a verdict for each region, and a list of every issue found with what it means and how to fix it. See Reading your report below.
Reading your report
Your report opens with a compliance score from 0 to 100 and two regional verdicts, one for the EU and one for the US. The rules differ by region, so a site can pass in one place and fail in the other. When either region fails, the overall score is capped so a regulator-level failure can never read as passing.
Each regional verdict is one of:
| Verdict | What it means |
|---|---|
| Compliant | A working banner is present, Reject blocks non-essential tracking, and nothing fires before a choice is made. |
| Non-compliant | Something is wrong: no banner, Reject doesn't work, trackers fire after a Reject, or tracking happens before any choice. |
| Not graded | The scan couldn't complete, usually because bot protection blocked it. It is not a pass or a fail. |
A non-compliant verdict is not a legal judgment or a fine. It means the scanner observed tracking in a way the law in that region doesn't allow, usually data collection before consent or after a Reject. Treat it as a signal of where to look.
Below the verdicts, the report breaks everything out:
- Critical issues are listed first, in order of severity, each with why it matters and how to fix it.
- Cookies are listed individually with their domain, party, expiration, and whether they respect the visitor's choice.
- Trackers are listed with their vendor, category, and whether they fire in the Reject and Accept phases.
- Regulations show a pass, partial, or fail verdict for each law that applies to your site.
Common findings and what they mean
| Finding | What it means |
|---|---|
| Tracking before consent | Trackers or cookies fired before the visitor made any choice. Under EU rules, non-essential tracking must wait for opt-in. This is the most common failure. |
| Tracking after Reject | Trackers or cookies kept going after the visitor clicked Reject. The visitor's choice is being ignored. |
| No banner detected | No consent banner was found on a site that loads tracking which needs one. |
| Over-strict | A warning, not a failure. Something is blocked more aggressively than the law requires, which costs you data or analytics without adding compliance. |
Reporting a missed banner
The scanner recognizes a wide range of consent platforms, but it can miss less common or custom ones. If your report says no banner was detected and you know you have one, use the Report a missed banner button on the report. Add your email and, if you can, which platform you use. That goes straight to our team and helps us improve detection.
What's next
- Compliance overview: how ConsentStack applies the right rules in 195+ regulations worldwide.
- Script blocking: how trackers are stopped before they run, which is what a clean scan depends on.
- Testing & verification: confirm your own setup is working as expected.