Is your site CCPA / CPRA compliant?
Run a free automated CCPA/CPRA scan. We load your site, find the advertising and sharing tags that fire before any opt-out, and map them to your CCPA obligations with a plain-English risk score.
- Find sale/share tags firing on load
- Map findings to CCPA / CPRA duties
- Get a prioritized fix list in seconds
What the CCPA / CPRA scan checks
Pre-consent tracking
Cookies and scripts that fire before a visitor chooses, the single biggest CCPA / CPRA risk.
Obligation mapping
Each finding is mapped to a specific CCPA / CPRA duty, marked pass, fail or needs review.
Risk score & fixes
A plain-English risk score with the exact gaps to close first, and how to close them.
How it works
Enter your domain
Add the website to check and where to send the full report.
We scan public pages
We load your site in a real browser and inventory cookies, scripts and third-party calls.
Get a CCPA / CPRA report
A scored checklist maps what we found to your CCPA / CPRA obligations and how to fix each gap.
Found CCPA / CPRA gaps? Close them in minutes
ConsentX blocks trackers before consent, honors withdrawal and keeps an audit-ready evidence trail. Free to start.
Get started freeCCPA / CPRA scanner questions
What does the CCPA/CPRA scanner check?+
It loads your public pages, lists the advertising and sharing tags that fire before any opt-out (a possible 'sale or share' under CPRA), and maps each finding to a CCPA obligation, honor Global Privacy Control, Do Not Sell or Share, easy opt-out, sensitive-data limits and consumer rights, as pass, fail or needs review.
Is the CCPA scanner free?+
Yes. It is free and needs no account. We scan public pages only, and the full report (with PDF) is emailed to you.
Can a scan tell if I honor Global Privacy Control?+
Not directly, GPC handling happens server-side, so the scanner flags it as 'needs review'. The scan does detect ad and sharing tags loading before any opt-out, which is the most common CCPA risk.
What does the deep scan inspect?+
It fetches your homepage and key policy pages and inspects security headers, advertising and sharing tags firing on load, the consent platform in use, third-party domains, and whether a 'Do Not Sell or Share / Your Privacy Choices' link is present, then maps it all to CCPA/CPRA duties with evidence.
Does the scanner read my privacy policy?+
Yes. It fetches your linked privacy and cookie policy pages and checks whether the text references GPC, sale or sharing of data, and consumer rights. It reads public pages only and is indicative triage, not a legal audit.
Do I have to honor Global Privacy Control in California?+
Yes. Under CPRA a GPC signal must be treated as a valid opt-out of the sale or sharing of personal information.
Is CCPA opt-in or opt-out?+
Opt-out. Consumers can opt out of sale and sharing, and you must make that easy and honor GPC.