Audit cookie consent
without the guesswork

Open-source CLI that scans any website for GDPR compliance — detects dark patterns, scores 4 regulatory dimensions, and generates ready-to-share Markdown reports.

$ npx @slashgear/gdpr-cookie-scanner scan https://example.com
$ docker run --rm ghcr.io/slashgear/gdpr-cookie-scanner scan https://example.com

What it checks

Four compliance dimensions, each scored out of 25 — total 100 points.

🎭

Dark pattern detection

Catches pre-ticked boxes, buried reject buttons, asymmetric button sizing, misleading wording, and click asymmetry.

📊

Score 0–100

Grades A–F across consent validity, easy refusal, transparency, and cookie behaviour — with per-issue deductions.

📄

3 Markdown reports

Compliance report, per-rule checklist with legal references, and a deduplicated cookie inventory — all rendered in GitHub.

⚙️

CI-friendly

Exits with code 1 on grade F. Drop it into any pipeline to block non-compliant deployments automatically.

Live GDPR reports

Real scans run on 22 Feb 2026. Click to read the full Markdown report.

F

reddit.com

34 / 100

Scanned 22 Feb 2026

View report →
F

github.com

15 / 100

Scanned 22 Feb 2026

View report →
D

gitlab.com

50 / 100

Scanned 22 Feb 2026

View report →
C

stackoverflow.com

66 / 100

Scanned 22 Feb 2026

View report →
F

npmjs.com

25 / 100

Scanned 22 Feb 2026

View report →
D

afp.com

47 / 100

Scanned 22 Feb 2026

View report →

How it works

4 sequential phases using real Chromium browsers via Playwright.

1

Load without interaction

Captures all cookies and network requests fired before any user action — the baseline for tracking before consent.

2

Detect consent modal

Tries known CMP selectors, then falls back to DOM heuristics. Extracts buttons with visual properties for dark-pattern analysis.

3

Reject & capture

Clicks the reject button in the same session and records remaining cookies — checking what persists after refusal.

4

Fresh session, accept

Opens a clean browser, accepts consent, and compares the cookie delta to validate that consent actually changes behaviour.