Free GDPR Compliance Scanner: Test Your Site

Free · No signup · Results in 30 seconds

Is your website actually compliant with privacy law? Most sites have at least one significant gap: a missing consent banner, an incomplete privacy policy, or tracking scripts that fire before anyone clicks “accept.” The penalties are real: up to €20 million under the GDPR, and $7,500 per violation under the CCPA. WebLegal’s free GDPR scanner analyzes any website in about 30 seconds and returns a score from 0 to 100 with a concrete, prioritized action plan.

Unlike a checklist you fill in by hand, the scanner loads your site the way a real visitor does (a headless browser driven by AI), so it sees exactly what your visitors’ browsers see: the scripts that run, the cookies that get set, the banner that does or doesn’t appear, and the legal pages you actually publish.

What the scanner checks

The scan covers the five pillars of website compliance:

  • Cookie consent banner: detects whether a compliant banner is present and whether it appears before any cookie is set. It recognizes the major consent platforms (Cookiebot, Tarteaucitron, Usercentrics and 36+ others) as well as custom implementations. No banner yet? Our free cookie banner installs in one line of code.
  • Legal pages: looks for your privacy policy, terms of use, cookie policy, terms of sale and legal notice, then checks each for the clauses regulators expect to find.
  • Company identification: verifies your company name, registration number and registered address against national business registries (Sirene, Companies House, KRS and more).
  • Document quality: analyzes the documents you already publish for legal basis, retention periods, data-subject rights and international-transfer disclosures.
  • Trackers firing without consent: identifies scripts loaded before any banner interaction, including Google Analytics, Meta Pixel, TikTok, LinkedIn Insight and 300+ other tracker families.

Every checkpoint is graded on three levels: compliant (green), improvement recommended (orange), or non-compliant (red).

Scan your site now, it’s free →

Your compliance score, explained

The scanner condenses every checkpoint into a single number from 0 to 100 so you know where you stand at a glance:

  • 80-100 (green): solid foundation. A banner is present, your core legal pages exist, and no trackers fire before consent. Minor wording fixes may remain.
  • 50-79 (orange): partial compliance. Usually a missing document, or a consent banner that loads too late. Fixable in an afternoon.
  • 0-49 (red): significant exposure. Trackers running without consent, no privacy policy, or no banner at all. This is the range that draws complaints and fines.

The score is weighted: a tracker firing before consent costs you more than a missing retention period, because it is exactly what a regulator (or a competitor’s lawyer) looks for first.

The 5 gaps we find most often

Across the sites people scan, the same handful of issues come up again and again:

  1. Analytics loading before consent. Google Analytics or Meta Pixel fires on page load, before the visitor accepts anything. This is the single most common, and most cited, violation.
  2. A privacy policy that is generic or missing. Copy-pasted templates that never mention the site’s actual tools, legal basis or retention periods.
  3. A cookie banner with no real “reject” option. “Accept” is one click; refusing takes five, or is impossible. Regulators now treat this as invalid consent.
  4. No legal notice or company identification. In much of the EU this is mandatory, and its absence is a frequent target for warning letters.
  5. Undisclosed third-party sharing. Payment processors, hosting, CRM and ad networks that receive personal data but appear nowhere in the privacy policy.

If any of these sound familiar, the scan shows you exactly where they occur on your site.

5 jurisdictions covered

The scanner is not limited to European GDPR. It adapts its checks to the jurisdiction it automatically detects:

JurisdictionRegionKey difference
GDPREuropean Union / EEAPrior consent required, fines up to €20M / 4% of turnover
UK GDPRUnited KingdomPost-Brexit version, supervised by the ICO
CCPA/CPRACalifornia (USA)No cookie banner required, but mandatory opt-out
PIPEDACanadaMeaningful consent and transparency
LGPDBrazilGDPR-inspired, own legal bases

For a site that serves several regions, the scanner applies the strictest applicable rule and tells you which regulation governs each checkpoint.

Scanner vs manual audit vs paid tools

Three ways to find your compliance gaps, with very different trade-offs:

  • A manual audit by a law firm is thorough but slow and expensive (often several hundred to a few thousand euros), and it captures a single moment in time.
  • Enterprise compliance suites (OneTrust and similar) are built for large organizations with dedicated privacy teams, and priced accordingly.
  • WebLegal’s scanner targets the technical and documentary gaps that make up the large majority of real-world problems, in 30 seconds, for free, then lets you fix them on the spot by generating the missing documents.

The scanner does not replace legal advice on a genuinely novel question. It replaces the tedious first pass: the part that finds the obvious, costly gaps most sites have.

From scan to compliance in 3 steps

  1. Scan: enter your URL. The scanner analyzes your site like a real visitor (headless browser plus AI).
  2. Understand: the report details every gap with a concrete recommendation and a severity level.
  3. Fix: generate the missing documents directly from the report, pre-filled with the information the scan already detected.

Documents come in 6 languages, legally adapted to your country (not merely translated), from €19.90 per document or in packs from €19.90 to €49.90. To weigh the options, see our breakdown of lawyer vs AI-generator pricing.

Run the scan →

How often should you scan?

Compliance is not a one-time task. Every time you add a tool (a new analytics script, a chat widget, a retargeting pixel) you can reintroduce a tracker that fires without consent. A sensible rhythm:

  • After any change to your stack, theme or plugins.
  • Quarterly, as a routine check, even if nothing obvious changed.
  • Before a launch or a campaign that will drive traffic and scrutiny.

Because the scan is free and takes 30 seconds, re-running it costs you nothing.

What the scanner does not check

Being clear about the limits matters:

  • It reviews public pages, not what happens inside a logged-in account or your back office.
  • It flags whether a document exists and covers the expected clauses, but a lawyer’s judgment is still best for an unusual processing activity.
  • It does not file your records of processing or run a full data protection impact assessment.

Think of it as the fast, free first pass that catches the gaps most sites actually have, and points you to the fix.

FAQ

Is the scanner free?

Yes, completely. No signup, no credit card, and no personal data collected during the scan. You get your score and action plan in about 30 seconds.

How accurate is it?

The scanner reports what it can observe in your live page: scripts, cookies, banners and published legal pages. It is highly reliable on technical checkpoints (trackers, banner timing, page presence) and gives a strong first read on document quality. It is a diagnostic, not a legal opinion.

Is my data safe during the scan?

The scanner only reads your public pages, the same ones anyone can visit. It does not log in, submit forms, or store personal data from your site.

What websites can be scanned?

Any public website, on any CMS: WordPress, Shopify, Wix, Webflow, or hand-coded HTML. The scanner loads the page and analyzes what it sees.

Very likely, yes. A large share of the banners we scan either load trackers before consent or lack a genuine reject option, which makes the consent invalid. The scan tells you whether yours actually does its job.

It identifies the most common technical and documentary gaps and helps you fix them fast. For end-to-end compliance, our 10-step action plan covers the whole process, and for anything unusual, consult a professional.

Test your website now, free →