Free Tool
Free GDPR Website Check
Send me your website address and I'll run a real GDPR & cookie-consent audit — not an automated badge. I check whether tracking actually waits for consent, then send you a scored report with screenshots and a prioritised fix list.
How I test your site
This isn't a scanner that pings your homepage and guesses. I load your site as a first-time visitor who hasn't consented, capture every network request and script, and verify — with evidence — whether your tracking respects consent. Here's the process, step by step.
- 1
Load your site with a clean slate — no consent given
I open your site with cookies and local storage cleared and never touch the consent banner. This captures exactly what fires for a brand-new visitor before they agree to anything — the moment GDPR cares about most.
- 2
Capture every network request and script
A full network trace records which third-party domains your site contacts on first load, and whether tracking scripts are genuinely blocked (type="text/plain", CMP gating) or fire unconditionally.
- 3
Verify your CMP actually blocks tracking
Cookiebot, OneTrust, Axeptio or a TCF banner looking pretty isn't the same as it working. I confirm the consent platform really gates scripts before consent — not just hides a banner while tags fire underneath.
- 4
Check Google Consent Mode v2 wiring
I confirm consent defaults are present and set to denied, that an update fires when a visitor acts on the banner, and that Google tags respect denied mode (cookieless pings carrying gcs=G100 / npa=1) instead of leaking full user data.
- 5
Catch trackers that fire before consent
GA4, Google Ads, Meta Pixel, LinkedIn Insight, Hotjar, Microsoft Clarity and chat widgets are each identified and classified. Any tag firing — or writing to localStorage / sessionStorage — before consent is flagged as a leak.
- 6
Score, evidence and prioritise
Findings are scored 1–5 across five areas, captured with screenshots, and turned into a fix list ranked Critical / High / Medium so you know exactly what to address first.
What your report scores
Each area gets a score from 1 (critical violation) to 5 (fully compliant), so you can see at a glance where you stand.
- Banner UX — Is the consent banner clear, with a real reject option — not dark patterns?
- Script blocking — Are third-party scripts genuinely blocked until consent, or just visually hidden?
- Consent Mode v2 — Defaults denied, updates on interaction, and Google tags honouring denied mode.
- Non-Google tag gating — Meta, LinkedIn, Hotjar and Clarity held back until consent is granted.
- Storage hygiene — No cookies, localStorage or sessionStorage writes before a consent decision.
Trackers I detect
If any of these fire before a visitor consents, they show up in your report — named, categorised, and flagged by severity.
This is a manual, evidence-based audit run by me — not legal advice. It tells you what your site technically does with tracking before consent, so you and your team can act on it.
Next Step
Not sure if your site is leaking data?
Send me your website and find out for free. You'll get a clear, scored report within one business day — no obligation, no sales pitch.