ConsentAudit

How it works

We test behaviour, not banners. Here's exactly what happens on a scan.

1 — Pre-consent capture

We launch a real headless Chromium browser with a fresh, empty profile and load your homepage. Before clicking anything, we record every cookie, plus localStorage and sessionStorage keys that were set.

2 — Classification

Each cookie is classified against the Open Cookie Database — strictly necessary, functional, analytics, or marketing — so we can tell which ones legally require consent.

3 — Reject interaction

If a consent banner is present, we click “reject”, wait, and re-capture cookies. Anything that appears after rejection is flagged — those cookies should never have fired.

What we flag

Pre-consent firing

Analytics/marketing cookies set before any interaction. Fail.

No consent mechanism

Non-essential cookies set with no CMP at all. Fail.

Fires after reject

Cookies that ignore the user's rejection. Fail.

Clean state

No non-essential cookies before consent. Pass.

See all checks (V1–V7) and how we score them →