Is your cookie banner actually GDPR compliant?
Run a free cookie compliance check on any website. We visit your site like a real EU visitor - before you click anything, after "Accept All", and after "Reject All" - and tell you in plain English which cookies and trackers fire at each step, whether Google Analytics and Google Tag Manager respect that choice, and whether your site meets GDPR, ePrivacy, CCPA, GPC, and Google Consent Mode v2 requirements.
What our cookie compliance checker tests
8 plain-English checks covering cookie consent, tracking, and regional privacy laws like GDPR, ePrivacy, and CCPA.
We open your site like a brand-new visitor and record every cookie that loads before your banner is even clicked. Tracking, analytics, or ad cookies running this early is one of the most common cookie law violations.
We check whether Google Analytics (GA4) keeps sending data after a visitor clicks "Reject All". If it does, your analytics - and your compliance - are both at risk.
We check whether your Google Tag Manager container fires ad and analytics tags before a visitor has made a choice. GTM itself can load - the tags inside it should wait for consent.
Many cookie banners bury "Reject" behind extra clicks, or show it without enforcing it. We click your real Reject All button and confirm tracking actually stops.
We check whether your site sends the right consent signals to Google (Consent Mode v2) and to ad networks (IAB TCF) - the systems that decide whether Google Ads and Analytics keep working under privacy law.
Every cookie on your site is labelled necessary, functional, analytics, or advertising, with a 0-100 privacy score, so you and your legal team know exactly what is running and why.
We recognize 15+ popular cookie consent tools - OneTrust, Cookiebot, Usercentrics, CookieYes and more - and check your banner text, buttons, and pre-ticked boxes against GDPR rules.
We re-test your site with Global Privacy Control switched on - the browser signal for "Do Not Sell or Share My Info" under California law - across up to 15 regions including the EU, UK, and California.
Cookie compliance, explained in plain English
Cookie law comes with a lot of acronyms. Here is what they actually mean - no legal degree or developer required.
What is a CMP (Consent Management Platform)?
A CMP is the cookie banner software that asks visitors for permission to use cookies, remembers their answer, and is supposed to block tracking scripts until they say yes. Popular CMPs include OneTrust, Cookiebot, Usercentrics, Didomi, Quantcast Choice, TrustArc, Termly, CookieYes, Osano, and Complianz. Installing a CMP is step one - it has to be configured correctly to actually be GDPR compliant.
CMP vs CMS - what is the difference?
A CMS (Content Management System) is the software that runs your website, such as WordPress, Shopify, Webflow, Wix, or Squarespace. A CMP (Consent Management Platform) is a separate tool, usually a plugin or script added to your CMS, that handles cookie consent. Your CMS builds the site; your CMP decides which cookies are allowed to run and when.
What is IAB TCF (Transparency & Consent Framework)?
IAB TCF is an industry-standard way for websites and advertising companies to record and share a visitor’s cookie choices. When someone makes a choice in your banner, a compliant CMP generates a "TC string" - a coded signal that tells every ad network and tracking partner exactly what that visitor agreed to. If your CMP supports TCF and your ad partners read it correctly, advertising cookies only run with real consent.
What is Google Consent Mode (and Consent Mode v2)?
Google Consent Mode lets Google tags - Google Analytics, Google Ads, GTM - adjust their own behaviour based on a visitor’s cookie choice, instead of switching off completely. Consent Mode v2, the newer version, is now required if you run Google Ads for visitors in the EU. It checks four signals - ad_storage, analytics_storage, ad_user_data, and ad_personalization - which should be "denied" by default and "granted" only after consent.
What is GPC (Global Privacy Control)?
Global Privacy Control is a setting some visitors turn on in their browser that automatically tells every website "do not sell or share my personal information" - the wording used in California’s CCPA/CPRA privacy law. A compliant site should treat a GPC signal the same way it treats a visitor clicking Reject All, with no extra clicks required.
What do GDPR and ePrivacy actually require for cookies?
Under the EU ePrivacy Directive and GDPR, you generally need a visitor’s permission before storing non-essential cookies on their device - that covers analytics, advertising, and personalization cookies. "Necessary" cookies, like the ones that keep a shopping cart working, do not need consent. Everything else does, and saying no must be just as easy as saying yes.
Cookie banner (CMP) providers our scanner recognizes
Built for real compliance questions
Every check maps to a question a regulator, auditor, or legal team would actually ask.
GDPR Cookie Consent Audit
Confirm your site only sets necessary cookies before consent, and respects whatever a visitor chooses afterwards.
Cookie Banner & CMP Audit
A full consent banner test: which CMP you are running, how it presents choices, and whether the setup matches what actually happens on the page.
Google Consent Mode v2 Checker
Verify the four Consent Mode v2 signals update correctly - required if you run Google Ads or Analytics for EU/UK visitors.
Reject Button & "Do Not Sell" Compliance
Test that Global Privacy Control (GPC) signals are detected, and that clicking Reject All is actually enforced, not just displayed.
Who it's for
Agencies & Consultants
Add a standard cookie compliance check to every client audit or CMP rollout, with a report you can hand straight to the client.
Marketing & Privacy Teams
Get a clear, evidence-backed answer to "are we GDPR compliant?" without filing a developer ticket every time.
Developers & Marketing Ops
Catch tags and pixels firing before consent during development and QA, before they ever reach production.
How It Works
See exactly how we test cookies before consent, Accept All, Reject All, GPC, and Google Consent Mode v2 - step by step.
Benefits
Why agencies, legal teams, and marketers run a cookie compliance audit - and what happens if you skip it.
Pricing
Free scans, plus paid plans for multi-region GDPR cookie compliance audits and scheduled monitoring.
Frequently asked questions
Find out what your cookie banner is really doing
Join the waitlist to get early access when the Cookie Compliance Checker launches.