Is your site GDPR compliant?
Run a free automated GDPR scan. We load your site, find the trackers and cookies that fire before consent, and map them to your GDPR obligations with a plain-English risk score.
- Spot trackers firing before consent
- Map findings to GDPR obligations
- Get a prioritized fix list in seconds
What the GDPR scan checks
Pre-consent tracking
Cookies and scripts that fire before a visitor chooses, the single biggest GDPR risk.
Obligation mapping
Each finding is mapped to a specific GDPR duty, marked pass, fail or needs review.
Risk score & fixes
A plain-English risk score with the exact gaps to close first, and how to close them.
How it works
Enter your domain
Add the website to check and where to send the full report.
We scan public pages
We load your site in a real browser and inventory cookies, scripts and third-party calls.
Get a GDPR report
A scored checklist maps what we found to your GDPR obligations and how to fix each gap.
Found GDPR gaps? Close them in minutes
ConsentX blocks trackers before consent, honors withdrawal and keeps an audit-ready evidence trail. Free to start.
Get started freeGDPR scanner questions
What does the GDPR compliance scanner check?+
It loads your public pages in a real browser, lists the cookies and trackers that fire before a visitor consents, and maps each finding to a GDPR obligation, prior consent, equal reject, provable records, withdrawal and data-subject rights, as pass, fail or needs review.
Is the GDPR scanner free?+
Yes. It is free and needs no account. We scan public pages only, and the full report (with PDF) is emailed to you.
Can a scan prove I am fully GDPR compliant?+
No tool can. The scan definitively flags trackers and cookies firing before consent (the most common violation) and surfaces the remaining obligations for a human to verify. Treat the result as a prioritized starting point, not legal advice.
What does the deep scan inspect?+
It fetches your homepage and key policy pages and inspects security headers, cookies set before consent, the consent management platform (CMP) in use, third-party domains, advertising and analytics tags, and whether your privacy and cookie policies are linked, then maps it all to GDPR obligations with evidence.
Does the scanner read my privacy policy?+
Yes. It fetches your linked privacy and cookie policy pages and checks whether the text mentions items like data retention, lawful basis, consent withdrawal and data-subject rights. It reads public pages only and is indicative triage, not a legal audit.
Do I need consent before setting cookies under GDPR?+
Yes. Non-essential cookies and trackers need freely given, specific, informed prior consent before they run.
Is an Accept-only cookie banner GDPR compliant?+
No. Refusing must be as easy as accepting, and non-essential categories must not be pre-selected.
How do I prove consent in a GDPR audit?+
ConsentX stores a tamper-evident receipt with the policy version and hash for each consent, exportable on demand.