What does the scanner look for?
Everything you need to know about the scan and what the results mean.
How the scanner works
Enter your domain and we load your site the same way a visitor's browser would. We intercept outgoing network requests and match them against a database of known tracking scripts like Google Analytics, Facebook Pixel, Hotjar, and others. The whole process takes about ten seconds.
What actually requires consent under GDPR?
Strictly necessary cookies, keeping a user logged in, remembering a cart are exempt. Everything else requires active consent before it runs: analytics that track behaviour across sessions, advertising pixels that build user profiles, and third-party embeds that set their own cookies. 'Implied consent' and pre-ticked boxes are not legal under GDPR.
Why most cookie banners don't make you compliant
A banner that shows a notice but loads the scripts underneath regardless is not compliant, and most free plugins work exactly that way. GDPR requires that tracking scripts don't fire until the visitor actively consents. Consentify blocks scripts at the network level and only activates them after consent is given. Setup takes about five minutes.
Frequently Asked Questions
Everything you need to know about cookie scanning and GDPR compliance.
Is this cookie scanner really free?
Yes, completely free. No account, no credit card, no signup required. Just enter your domain and get results in about 10 seconds.
Do I need a cookie banner on my website?
If your website uses any non-essential cookies or third-party tracking scripts such as Google Analytics, Facebook Pixel, or Hotjar you are required by GDPR and the ePrivacy Directive to show a cookie consent banner before those scripts load. Our scanner tells you instantly whether your site uses trackers that require consent.
What trackers can the scanner detect?
The scanner detects the most common third-party tracking scripts including Google Analytics, Google Tag Manager, Facebook Pixel, LinkedIn Insight Tag, Hotjar, Intercom, HubSpot, Crisp, Segment, TikTok Pixel, and 20+ more. It matches outgoing network requests against a database of known tracking domains and script signatures.
What's the difference between necessary cookies and tracking cookies?
Necessary cookies like session cookies that keep a user logged in or remember a shopping cart are exempt from GDPR consent requirements. Tracking cookies are anything that profiles user behaviour, enables advertising, or sends data to third parties. That includes analytics tools, ad pixels, session recording tools, and social media embeds. These require explicit user consent before they are allowed to load.
How does the scanner work?
When you enter a domain, we load your website the same way a visitor's browser would. We intercept all outgoing network requests and match them against a database of known tracking scripts and cookie domains. The entire process runs on our servers. Your visitors never see it and takes about 10 seconds.
What should I do if trackers are found on my site?
You need a consent management platform (CMP) that actually blocks the scripts until the user gives consent, not just a banner that shows a notice. Most free WordPress plugins fall into the latter category and are not GDPR compliant. Consentify blocks third-party scripts at the network level and only activates them after consent is given. Setup takes about 5 minutes and the free plan covers one domain.
Is it safe to scan my website?
Yes. We load your public website the same way any search engine crawler or browser would. We do not store your domain name, we do not interact with any login pages or private areas, and we do not save any scan results after the session ends.