cookiebox logo

GDPR website check:
review of free cookie scanners

Which is the best cookie & 3rd-party scanner?
Content of this article

GDPR & cookies are not friends and probably never will be. But you can do your best to bring the two closer together – with the help of a website check.

Use cookie banners correctly with the help of a website check

With the entry into force of the GDPR, a lot has changed for website operators. Rulings by the ECJ, such as the well-known Planet49 ruling, have further tightened the rules and put website operators under pressure to comply with the cookie guidelines and thus avoid high fines. A simple cookie notice such as “We use cookies”, has long been insufficient. Websites are only allowed to set cookies if they first obtain the clear, voluntary and informed consent of your website visitors via a so-called “opt-in”. This means that they grant cookie consent by clicking.


To enable data protection on websites and the protection of users’ privacy, countless consent management tools have appeared on the market in recent years. However, there are huge differences in quality and only relatively few of these offerings actually comply with the extensive cookie guidelines of the GDPR. However, before deciding on a suitable tool, one should first find out which cookies exist on the website and whether they require consent. A free website check scans and analyzes the entire website for cookies. We have taken a closer look at the most popular cookie checker tools.

Why do I need a website security check?

Since cookies are often hidden, in the vast majority of cases website operators themselves do not know which cookies are set on their website and to whom this data is passed on. In addition, websites today are no longer static, but in a constant state of change. New cookies are added frequently and the information in the cookie banner quickly becomes outdated and incomplete. To make sure your website and consent management tool are complete and DSGVO compliant, a website check with a Cookie Checker DSGVO can be useful.


Cookie checkers are website analytics tools for scanning websites. They check entire URLs for cookies, so that website operators can get an overview of the tools, plugins & services used (such as Google Analytics, YouTube or Facebook) and adjust the privacy policy and the consent management tool.

FAQ: Questions & answers about cookies and cookie banners

Cookies are small text files or pixels that are stored in the user’s browser for a specific period of time and for a specific purpose. These cookies store information that is often specific to the visitor – or sometimes only to the device he/she is using to visit the website, such as device model, browser or IP address.

Some cookies are only stored for the duration of time spent on a domain, while others can be stored in a user’s browser for weeks, months, and even years, and can be used to create user profiles for marketing purposes, thus deeply invading the user’s privacy. Due to the different functions and scope of cookies, they are divided into categories.

A distinction is made between cookies that require consent and cookies that require information.

Cookies requiring consent include so-called marketing or analysis cookies. Example: Google Analytics

Functional cookies such as Google Maps, contact forms and YouTube videos also require consent. 

Then there are essential or necessary cookies. These are among the information-requiring cookies and do not require the consent of the user(s), such as the cookies of the Consent Management Platform itself. 

Another category are the technical cookies. These also do not require consent, as they are equally necessary. Thus, like the necessary cookies in the CMP, they may be preselected and immutable. These include cookies that are required for the proper operation of the site, for example, cookies for the shopping cart or the login. 

Almost all websites use cookies. In order to actually be allowed to play them on the computer of the website visitor, website operators must obtain explicit consent according to the General Data Protection Regulation (GDPR). A consent management platform (CMP) is a tool that website operators can use to obtain consent for the use of cookies from their visitors. 

The criteria for consent management platforms or cookie banners are high and require some features on the part of the provider. A cookie banner according to the GDPR must obtain the unambiguous, voluntary and informed consent of the website visitors via a so-called “opt-in” before cookies are set. An implicit opt-in, for example, is not permitted. At the same time, the consent tool must offer the possibility of an opt-out at any time, so that users can change their settings. Furthermore, the cookie guidelines include the obligation to document the consent/rejection history in order to be able to prove this in case of doubt. You can find out here which other criteria cookie banners must fulfill and what website operators must pay attention to.

  1. Customizability of design & UI/UX
  2. Legal flexibility
  3. No blanket consents, but granularity
  4. Compatibility with IAB TCF 1.0 and 2.0
  5. Audit-proof documentation and storage
  6. Support for cookies, plugins
  7. Legal texts & integration with privacy policy
  8. Features for opt-in reporting and optimization
  9. Revocability and change of preferences
  10. Integration into apps and the wider system landscape

Website Check: Which cookies does my website set?

Find out what cookies are being played on your website and what you need to do to become GDPR compliant. To protect your users’ privacy, you need to inform not only about first-party cookies – these are cookies that your website uses – but also about third-party cookies, i.e. cookies from third-party providers that collect user data on your website. The purpose of a website check is to locate all first- and third-party cookies and trackers used on a site and to encourage website operators to act in a GDPR-compliant manner when handling user data.


Here’s how:

Select the cookie scanner tool you trust and enter your URL in the input slot. It is important to note, however, that these results usually only give a rough estimate and cannot provide a reliable statement, as the entire website is not scanned.  This means that none of these scan results can provide a sound and reliable statement about the data protection situation of a website.

Request a scanner widget for your website

You want to implement our Cookie Scanner on your own website? Write us a message! We will gladly take the time to customize the widget according to your custom design for free. Our developers are always ready to help you.

The 5 best website analysis tools in Europe in comparison:

The following website analysis tools will show you if your website already sets cookies before user consent and which ones.


Cookiebot is probably the most popular cookie checker on the market. Through its detection of unauthorized cookies on government websites, the Cookie Tool has become well-known. As a provider of a consent management tool, they have benefited greatly from this. Cookiebot’s Cookie Checker does not provide useful information for laymen, but only aims to sell their own CMP.


Consent Manager

Similar to Cookiebot, as a provider of a consent management tool for the Consent Manager, the focus is on marketing its own CMP. The presentation of the results of the free Website Check is appealing, but not understandable for laypersons. Thus, users remain dependent on the provider.



Again, Cookieserve is powered by Cookieyes and is a commercial provider of a consent management platform. The presentation in tabular form is clear, but not very appealing. Unfortunately, an assessment of the cookies found is missing and thus also recommendations for action for the prospective customer, who expects exactly that from a website check.



CookieMetrix scans the site for cookies and third party cookies, cookie banners & first level links and uses a traffic light system understandable for laymen as a visual assessment of the services. The website scan is fast, but only available online and does not provide a categorization of cookies or recommendations for action useful for the interested party.



The newest tool on the market with high user-friendliness & data protection competence.

The Cookiebox Quick Check is so far the only tool that stands out due to its high user-friendliness, 100% GDPR compliance and tool-independent recommendations for its users.


How does the Cookiebox free website check work?

The Cookiebox website check is performed by Cookie Scanner. Cookie Scanner is a bot that simulates a real website visit. It scrolls and clicks through the website like a real user would do and thereby activates all cookies and trackers on the page – without giving its consent. These are analyzed for their technical properties, to which users must be made aware.

Cookie Checker in the browser:

In addition to some, not mentioned, further providers, there is also the possibility to use the cookie display of the installed browser. Most browsers now offer the function to inform about the cookies of a currently opened page. However, this function only offers insights into this one URL at this current time and does not provide any categorization or data protection assessment of the cookies. Therefore, some questions and to-dos on the part of website operators remain open here. Data protection advice and the technically correct integration of the services are therefore generally advisable.

CONCLUSION: How do I do a website security check?

A regular website check is an important part of a guaranteed permanently GDPR-compliant website and is therefore also called website security check. Most websites change daily and so do your content and cookies used. If you want to have a homepage that is secure in terms of data protection not only today, but also tomorrow, you must always keep an eye on your website and the easiest way to do this is with a cookie checker. But which cookie checker is best? When choosing a website analysis tool, you should make sure that the provider also offers a scan of the entire website (a so-called deep dive audit). Scanning a single URL makes no more sense in the long run than scanning a website once. Only regular scanning of the entire website for cookies and other changes can guarantee long-term GDPR compliance.

At a glance: Why the Cookiebox Quickcheck?

Content of this article

Any questions?

Then feel free to call us. We will help you with questions about our product and features or generally about all data protection topics:

fragen icon

Du wünschst weitere Infos zum Privacy Hub oder unseren Beratungsleistungen?

jörg ter beek portrait

Jörg ter Beek

Managing Director, Head of Sales & Partnerships

Want more information about the Privacy Hub or our consulting services?

jörg ter beek portrait

Jörg ter Beek

Managing Director, Head of Sales & Partnerships