What does a cookie policy checker do?

It reads your cookie policy and compares each section against the disclosures that ePrivacy Directive / PECR (EU + UK), GDPR consent guidance, and CCPA / CPRA cookie-sharing rules actually require. The result is a structured report listing what is present, what is missing, and what is inconsistent, with each finding citing the specific clause it maps to.

Is the cookie policy checker free?

Yes. Full report, no email, no card. The $2 unlock fee is for our generator automatically applying the fixes — not for seeing more findings.

What jurisdictions does it cover?

EU (ePrivacy Directive, GDPR Art. 7 consent guidance), UK (PECR + UK GDPR), US (CCPA / CPRA cookie-sharing rules). You can scope to a specific region on the audit page — picking US-only skips the ePrivacy / PECR block entirely.

Does it check my actual banner, or just the policy text?

The audit reads the policy text, but it surfaces contradictions when the policy claims something the site obviously contradicts (e.g. "we only use essential cookies" while the policy itself mentions Stripe). For a full banner audit (consent flow, dark patterns, banner UX), our cookie-banner-generator tool is the next step.

Home / Free audit / Cookie Policy Checker

Cookie Policy Checker

Paste a URL or your cookie policy text. See what is missing in 20 seconds.

Check my cookie policy → Free · No signup · ~20 seconds

Catches contradictions between the policy and the banner
Surfaces categorization gaps (essential vs. analytics vs. marketing)
Each finding cites the specific framework clause

Most cookie policies were written years ago, before the EDPB tightened consent guidance and before CCPA started treating cookies as "sale of personal information" in many cases. Our checker reads your document, compares it against what ePrivacy / PECR, GDPR consent rules, and CCPA opt-out rules actually require today, and shows you what is missing. It checks the doc against the consent banner you actually run on the site, not just the words on the page. The whole report appears in under a minute.

What we check

Grounded in real law, not training-data recall.

Cookie categorization

Whether cookies are grouped into the standard buckets — strictly necessary, functional, analytics, marketing / advertising — and whether each category names specific cookies or third parties.

Consent disclosure (ePrivacy / PECR)

For EU and UK audiences: whether the policy describes the consent mechanism, how to withdraw consent, and how to re-open the cookie-preferences UI.

Third-party cookies

Whether third parties (Google Analytics, Meta Pixel, Stripe, Intercom, etc.) are named explicitly with links to their own policies, or hidden behind generic phrases like "analytics providers".

CCPA "Do Not Sell or Share"

For US audiences: whether the policy describes the opt-out path for the sale or sharing of personal information via cookies (CPRA expanded this for 2026).

Cookie duration and storage

Whether persistent cookies have stated expiry, whether session cookies are distinguished, and whether the policy is consistent with what the site actually sets.

Internal consistency

Whether claims in the policy ("we only use essential cookies") match the third-party scripts the site actually loads (Stripe, GA, Meta, etc.).

Common findings

What you'll probably see in the report.

"Only essential cookies" contradicted by named third parties

A policy claiming essential-only but listing Stripe / GA / Intercom. Most common critical we surface for cookie audits.
No re-open-preferences link

EU/UK consent rules require the user be able to change consent as easily as they gave it. A banner without a persistent re-open link is a real gap.
No CCPA opt-out for cookie-based sharing

US sites using ad-network cookies (Meta, Google Ads) typically fall under CCPA "sharing". The policy must describe the opt-out mechanism.
Vague third-party disclosure

"We use third-party analytics providers" without naming them is technically allowed but flagged as polish — naming specific providers is current best practice.

Ready to find the gaps in your cookie policy?

Paste a URL or your cookie policy text. Get a structured gap report plus a 0–100 compliance score in around 20 seconds. Free, no signup, no email.

Check my cookie policy → See example audits

FAQ

Questions people ask before running the audit.

Other ways people audit their policies.

Rate My Cookie Policy Cookie Policy Review Is My Cookie Policy GDPR Compliant?Free Cookie Policy Audit

Run your audit now.

Free, structured, calibrated for SMBs. Paste your URL or text and get the report in seconds.

Check my cookie policy →