Free tool · No sign-up Run a free scan
GDPR · ePrivacy · CCPA

Is your website actually compliant?

ComplianceMonitor.io scans any URL and flags every cookie, tracker and third-party request that fires before the visitor gives consent.

Run a free compliance scan

Paste any URL. We'll load it in a real browser and report every cookie, tracker and third-party request that fires before consent.

https://
Features

The whole picture, not just the banner.

A cookie banner is the visible 5%. The other 95% is what your visitors' browsers actually do before they get a choice.

Violation & Fingerprinting Detection

Identifies pre-consent trackers, covert fingerprinting techniques and storage abuse — the exact patterns regulators flag, captured at the network layer.

Compliance Regression

Tracks compliance over time. Get alerted the moment a new tag, vendor or marketing tool quietly breaks what was already approved.

Jurisdiction Compliance

Audits the same URL against GDPR, ePrivacy, CCPA, LGPD and Greek Law 4624/2019 — each framework, each region, in one report.

Evidence & Evidence API

Every finding ships with timestamped network proof. Pull it via the Evidence API into your DPO workflow, legal hold system or audit log.

Resources

Dark patterns, trackers, laws and lingo — decoded.

Four references that sit behind every scan: the deceptive UX patterns we flag, the trackers we recognise, the regulations we audit against, and the vocabulary your team needs to talk about all of it.

Consumer protection

Dark Patterns Encyclopedia

Websites often employ psychological tricks to force users into decisions they didn't intend to make. ComplianceMonitor.io detects these deceptive design patterns during every scan.

Asymmetric Buttons The 'Accept' button is visually much more prominent than the 'Reject' button, nudging users toward acceptance. High
What is this pattern?

A website makes the 'Accept All' button visually dominant — bright color, larger size — while the 'Reject All' or 'Settings' button is minimized, greyed out, or disguised as plain text. This tricks users into accepting tracking because they assume it's the only primary action.

What Not To Do

Using deceptive layouts, hiding options, or manipulating the user's focus away from privacy-preserving choices.

How To Fix It

Ensure both 'Accept' and 'Reject' buttons have equal visual weight, size, and contrast. Neither choice should be visually prioritized over the other.

Hidden Reject Option The option to decline is buried in secondary menus or written in extremely small text. Critical
What is this pattern?

The option to decline non-essential cookies is buried in secondary layers or menus. Users are forced to click 'Settings', navigate through multiple screens, and uncheck boxes manually, whereas accepting takes just one click on the first layer.

What Not To Do

Using deceptive layouts, hiding options, or manipulating the user's focus away from privacy-preserving choices.

How To Fix It

Provide a clear 'Reject All' button on the first layer of the consent banner, right next to the 'Accept All' button.

Cookie Wall Interfaces that completely block access to content unless the user accepts all tracking cookies. High
What is this pattern?

A cookie wall is a strict barrier that prevents users from accessing any part of a website unless they consent to the use of cookies and trackers. This violates the principle that consent must be freely given.

What Not To Do

Using deceptive layouts, hiding options, or manipulating the user's focus away from privacy-preserving choices.

How To Fix It

Allow users to consume the basic content of the website even if they refuse non-essential cookies. Do not gate content behind mandatory tracking.

Pre-checked Categories Non-essential cookie categories are selected by default before user consent, violating opt-in requirements. Medium
What is this pattern?

When a user opens the cookie 'Settings' panel, categories for marketing or analytics are already checked by default. Under GDPR, silence or inactivity does not constitute consent; it requires a positive, opt-in action.

What Not To Do

Using deceptive layouts, hiding options, or manipulating the user's focus away from privacy-preserving choices.

How To Fix It

All non-essential cookie categories must be unchecked by default. Users must actively select them to give valid consent.

What are Dark Patterns? Dark patterns are deceptive UX techniques in cookie banners and consent interfaces designed to manipulate users into accepting tracking. Under GDPR Article 7 and ePrivacy Directive, consent must be freely given, specific, informed, and unambiguous — dark patterns violate these requirements.
How it works

A real browser. Real conditions. No shortcuts.

Three steps. No accounts, no SDK, no JavaScript on your site. Just paste a URL and let a fresh Chromium session do what regulators do: visit you cold and watch what fires.

  1. You paste a URL

    Any page on the public web. We never ask for credentials, analytics access or a tag on your site.

  2. A real browser visits

    Fresh Chromium session, EU IP, no prior consent stored. Every request, cookie and storage write is captured at the network layer.

  3. You get a verdict

    A scored report with concrete violations, the regulation each one breaks, and timestamped evidence ready for your DPO or legal team.

What actually happens before consent

Real results from 10,000+ website scans.

Anonymized scans of widely used services. Industry, not brand — but every number is real, captured at the network layer.

Major streaming service
streaming-platform.example
F
74third-party trackers
Pre-consent tracking detected
5violations found
74 trackers active · 5 compliance violations
Leading news network
news-network.example
D
184third-party trackers
Pre-consent tracking detected
7violations found
184 trackers active · 7 compliance violations
Top business network
business-network.example
D
60third-party trackers
Pre-consent tracking detected
3violations found
60 trackers active · 3 compliance violations
Global social platform
social-platform.example
D
21third-party trackers
Pre-consent tracking detected
1violation found
21 trackers active · 1 compliance violation
Based on real browser scans — not estimates or vendor claims. Even major websites deploy trackers before consent. See how your site compares →
Why this matters

A clean banner doesn't make a site compliant.

Most websites pass a glance and fail a scan. Tag managers fire on page-load, analytics phone home before the banner paints, and pixels drop cookies the moment the visitor arrives. Regulators look at the network — and so do we.

  • Average pre-consent trackers per scanned site: 14
  • Sites with reject-all parity in the banner: 31%
  • GDPR fines issued for cookie violations since 2020: €1.7B+
Verdict
Not compliant
Pre-consent loads 23
Reject-all parity Missing
Consent Mode v2 Not wired
Cookie policy Found
Frequently asked

The questions everyone asks first.

Is it really free?

Yes. No card, no account, no trial. Run as many scans as you like. We may rate-limit very heavy use from a single IP to keep the service fair.

Do you store the URLs I scan?

Reports are kept for 30 days so you can re-open the same link, then permanently deleted. We don't publish or index them anywhere.

Is this legal advice?

No. ComplianceMonitor.io is a technical scanner. It tells you what your site does. Whether that breaks the law in your jurisdiction is a question for your DPO or lawyer — and our reports are designed to be the evidence they need.

Can I scan a staging or password-protected site?

Today we only support publicly reachable URLs. Authenticated scanning is on the roadmap — get in touch if you have a real use case.

Will fixing the report make my site faster?

Almost always, yes. Blocking trackers before consent removes dozens of third-party requests from the critical path — most clients see Largest Contentful Paint drop by 200–600ms.

Start your first scan in seconds.

No setup required. Paste a URL, hit scan, and see exactly what tracking fires before your visitors give consent.

Free forever · No credit card required · Results in ~30 seconds.