How is my cookie policy rated?

The rater reads your policy and checks it against ePrivacy / PECR consent rules (EU + UK), GDPR Art. 7 consent guidance, and CCPA / CPRA cookie-sharing rules. You get a 0-100 score plus a plain-English verdict — publish-ready, solid, good enough, needs work, or rewrite.

What score should my cookie policy have?

For a small business, 70 or higher is shippable. Most live cookie policies score in the 45-65 range on first audit because cookie policies tend to be the most-neglected. Fixing the contradictions and adding consent re-open language usually gets you to 75+.

Why are cookie policies usually low-scoring?

Because they were generated once by a scanner tool and never refreshed when the site added third-party services. The most common pattern is a policy claiming essential-only cookies on a site that loads Stripe, Google Analytics, and Meta Pixel — directly contradictory.

Home / Free audit / Rate My Cookie Policy

Rate My Cookie Policy

Get a 0–100 score, a clear verdict, and a list of what is missing.

Rate my cookie policy → Free · No signup · ~20 seconds

A clear grade — ship, polish, or rewrite
Each finding flagged by priority
Includes a sanity check against the site's actual third-party stack

Cookie policies are usually the most-neglected of the three core legal docs. Most were generated by an old cookie-scanner tool, never refreshed when the site's third-party stack changed, and now sit out of sync with the actual cookies the site sets. Our rater gives you a numeric score, a verdict, and a list of the specific gaps. Calibrated against the consent rules that EU / UK regulators actually enforce, plus the CCPA / CPRA cookie-sharing rules that took effect in 2023 and tightened in 2026.

What we check

Grounded in real law, not training-data recall.

Consent disclosure

EU + UK: whether the consent mechanism is described, whether the legal basis is consent (it usually has to be for non-essential cookies), whether re-opening preferences is possible.

Cookie categorization

Whether cookies are bucketed (strictly necessary / functional / analytics / marketing) and whether each bucket is mapped to specific cookies and third parties.

CCPA / CPRA sharing disclosure

US: whether the policy addresses cross-context behavioral advertising and the "Do Not Sell or Share" opt-out path that CPRA 2026 requires.

Document-vs-site consistency

Whether the policy's claims ("we use essential cookies only") are contradicted by the third-party services the policy itself names (Stripe, GA, etc.).

A grade you can act on

Plain-English verdict: publish-ready, solid, good enough, needs work, or rewrite. Tells you what to do next.

Common findings

What you'll probably see in the report.

Score of 50-70 on first audit

Most cookie policies sit here. After fixing the contradictions and adding the consent re-open language, the score usually jumps 15-20 points.
No CCPA opt-out for ad cookies

Sites that ran ad-network cookies before CCPA expansion (Meta, Google Ads) and never updated the policy. Common critical for US-focused audits.
"Strictly necessary" misuse

Analytics cookies declared as strictly-necessary. ICO and EDPB are clear that analytics is not strictly necessary; misuse can attract enforcement.

Ready to find the gaps in your cookie policy?

Paste a URL or your cookie policy text. Get a structured gap report plus a 0–100 compliance score in around 20 seconds. Free, no signup, no email.

Rate my cookie policy → See example audits

FAQ

Questions people ask before running the audit.

Other ways people audit their policies.

Cookie Policy Checker Cookie Policy Review Is My Cookie Policy GDPR Compliant?Free Cookie Policy Audit

Run your audit now.

Free, structured, calibrated for SMBs. Paste your URL or text and get the report in seconds.

Rate my cookie policy →