Skip to main content
CompliantHQ
Cookie and consent scanner

Find every cookie and third-party request that fires before consent — on every page of your site.

Our scanner visits each page in a real browser and captures exactly what loads before the visitor has given consent. Then the AI advisor explains what each cookie does, which law applies, and how to fix it — in plain language.

Start free scanSee pricing

What we look for

Every page is tested in a real Chromium browser before any consent dialog is answered. No static code analysis — we see exactly what happens for a real visitor.

Cookies set before consent

Name, domain, lifetime, Secure/HttpOnly flags, SameSite policy, first-party or third-party. Every cookie set without active consent is flagged with a reference to ePrivacy Art. 5(3).

Third-party scripts and trackers

Google Analytics, Facebook Pixel, LinkedIn Insight, HubSpot, Hotjar, Vizzit — and all the lesser-known tools. We match every outgoing request against known tracker domains and our internal knowledge base of what requires consent.

Iframes from external sites

YouTube embeds, Vimeo, Google Maps, Skola24, municipal map services and similar. They load their own trackers into your site — we show which ones, and which ones need to be gated behind consent.

Session and technical cookies

Cookies that are genuinely strictly necessary (authentication, cart state, CDN session) are identified separately so you can mark them correctly — and our AI refuses to fabricate legal justifications for things that are actually tracking.

Which regulations we cover

The cookie + consent module covers the core of EU electronic privacy rules, with Swedish enforcement practice from IMY as the interpretive layer.

  • ePrivacy Directive (Art. 5(3))

    The legal foundation for "no cookies without consent". We check that every cookie or tracker that isn't strictly necessary is actually blocked until the visitor has said yes.

  • GDPR (Art. 6, 7, 13)

    Lawful basis for processing, valid consent collection, information obligations. We point to where your consent platform falls short — not just that the cookie exists, but that the consent itself doesn't meet GDPR standards.

  • IMY enforcement practice

    We track Swedish regulatory decisions from IMY (Integritetsskyddsmyndigheten) and reference current practice when recommending fixes. Especially relevant when weighing legitimate interest vs. consent.

How it works

  1. 1
    Enter your URL

    All we need is the address. No install, no agent, no changes to your site.

  2. 2
    We scan in a real browser

    Playwright visits each page and records exactly what loads before consent. You see progress live.

  3. 3
    The AI advisor analyses

    Our compliance-specialised AI weighs what it found against Swedish and EU law, your business context, and your consent platform — and delivers a prioritised action plan.

  4. 4
    You follow the plan step by step

    Each issue has clear instructions. When you've fixed one, click "Verify" and we re-scan just that item.

What you get

  • Prioritised action plan with specific issues and exact fix steps
  • AI advisor to chat with about edge cases — references ePrivacy and GDPR
  • Full scan history so you can show regulators that compliance is an ongoing process
  • Email when something new appears between scheduled scans — e.g. when marketing adds a new pixel

Start scanning your site — free for 30 days

No credit cards. No mandatory installations. Enter your URL and see first results within minutes.

Get started
Cookie consent — CompliantHQ