What we check
Every scan loads your site in a real browser and grades it against the checks below. Each maps to a specific GDPR / ePrivacy obligation. This is an automated technical indicator — not legal advice.
| ID | Check | Severity | Reference |
|---|---|---|---|
| V1 | Pre-consent non-essential cookie | Fail | Art. 5(1)(a), Art. 7 |
| V2 | No consent mechanism | Fail | Art. 7 |
| V3 | Cookie fires after rejection | Fail | Art. 7(3) |
| V4 | Unknown cookie | Warn | — |
| V5 | Clean pre-consent state | Pass | — |
| V6 | Undisclosed cookie | Warn | Art. 13 |
| V7 | No cookie policy located | Warn | Art. 13 |
Fail V1 — Pre-consent non-essential cookie
What it is. An analytics or marketing cookie was set before any interaction with the consent banner.
Why it matters. Non-essential cookies require prior consent — they must not be stored until the user agrees. (Art. 5(1)(a), Art. 7)
How to fix it. Gate these tags behind your CMP’s consent callback so they only fire after opt-in.
Fail V2 — No consent mechanism
What it is. Non-essential cookies were set and no consent banner (CMP) was found at all.
Why it matters. There is no lawful basis to set analytics/marketing cookies without a way to obtain consent. (Art. 7)
How to fix it. Install a compliant CMP and block non-essential cookies until the user consents.
Fail V3 — Cookie fires after rejection
What it is. A non-essential cookie was still set after we clicked the banner’s “reject” option.
Why it matters. Refusing consent must be as easy as giving it, and must actually stop the cookies. (Art. 7(3))
How to fix it. Ensure your tag manager / CMP integration honours the reject signal for every tag.
Warn V4 — Unknown cookie
What it is. A cookie we couldn’t classify against the Open Cookie Database.
Why it matters. Not necessarily a breach, but undocumented cookies should be identified and declared.
How to fix it. Identify the cookie’s purpose and add it to your cookie policy.
Pass V5 — Clean pre-consent state
What it is. A consent banner is present and no non-essential cookies fired before interaction.
Why it matters. This is the compliant baseline — consent is obtained before any tracking.
How to fix it. No action needed; re-test after any CMP or tag-manager change.
Warn V6 — Undisclosed cookie
What it is. A cookie was set but isn’t listed in the site’s cookie policy.
Why it matters. Transparency requires disclosing every cookie, its purpose and its duration. (Art. 13)
How to fix it. List each cookie (name, purpose, retention) in your cookie policy.
Warn V7 — No cookie policy located
What it is. Non-essential cookies were set, but no cookie policy page could be found to verify disclosure.
Why it matters. Users must be told what cookies are used and why, in an accessible policy. (Art. 13)
How to fix it. Publish a cookie policy that lists each cookie, its purpose and duration.