Check if a site sets cookies before consent

A free tool that checks whether a website sets tracking cookies before you give consent.

You get 10 free scans per day. Signup required to prevent abuse. No emails will be sent to you.

What it does

See what is set before consent

Paste any URL and get a clean report showing which cookies are already stored before a visitor interacts with the cookie banner.

Highlight non-essential cookies

Marketing and analytics cookies are clearly marked, making it easy to spot potential consent issues right away.

Compare before and after consent

See which cookies were present on page load and which only appeared after the banner was accepted.

Also used for

Check if cookies fire before consent, Do cookies load before consent banner, Cookie compliance checker, GDPR cookie audit tool, Test cookie consent implementation, Are cookies set before accept, Pre-consent cookie scanner, Check third-party tracking scripts, Cookie banner compliance test, Free GDPR cookie checker, Marketing cookies without consent, ePrivacy cookie audit, Does my site set cookies before consent, Check if Google Analytics fires before consent.

How it works

  1. A headless browser opens the page in a clean session with no prior cookies.
  2. We capture every cookie and third-party network request before any user interaction.
  3. We detect and click the cookie consent banner (if present).
  4. We capture cookies and requests again after consent is accepted.
  5. The report compares both states so you can see exactly what changed.

Why it matters

Under GDPR and the ePrivacy Directive, non-essential cookies, such as analytics and marketing cookies, may not be placed in a visitor's browser without their prior, freely given consent. Many sites get this wrong: tracking pixels fire immediately on page load, or consent management platforms (CMPs) are misconfigured. This tool lets you spot those issues in seconds, without opening DevTools or reading network logs manually.

Check it yourself

You can verify cookie behaviour yourself using the built-in developer tools in any modern browser. Here is how to do it step by step, with no extensions or accounts required.

Step 1: Open DevTools & clear storage

  1. Open the site in Chrome, Edge, or Firefox.
  2. Press F12 (or Cmd ⌥ I on Mac) to open DevTools.
  3. Go to the Application tab (Chrome/Edge) or Storage tab (Firefox).
  4. In the left sidebar, right-click Cookies and choose Clear all cookies. Also clear localStorage and sessionStorage.
  5. Reload the page with Ctrl R. You are now starting fresh.

Step 2: Inspect cookies before consent

  1. With the cookie banner still visible (do not click Accept yet), open the Application → Cookies panel.
  2. Select the site's domain in the left tree.
  3. Any cookies listed here were set before you gave consent.
  4. Look for names like _ga, _fbp, or _gcl_au. These are analytics or marketing cookies and should not appear here.

Step 3: Check the Network tab for early requests

  1. Switch to the Network tab and reload the page.
  2. Filter by domain and search for google-analytics, facebook.net, or doubleclick.
  3. If requests to these domains appear before you click Accept, the site is sending tracking data without consent.
  4. The Initiator column tells you which script triggered each request.

Step 4: Compare before and after consent

  1. Note the cookies present before clicking Accept (take a screenshot or write them down).
  2. Click the Accept button on the cookie banner.
  3. Go back to Application → Cookies and refresh the panel.
  4. New entries that appear now were correctly gated behind consent.
  5. Anything that was already there before you clicked is a potential compliance issue.

This manual method works well for a quick sanity check, but it requires repeating the process for every page you want to audit. This tool automates the whole flow with a clean browser session, pre-consent capture, banner detection, and post-consent capture, then gives you a structured report in one go.

FAQ

Is AuditCookies free to use?

Yes. AuditCookies is a free cookie audit tool. You can scan a website's cookie behaviour without paying, it's 100% free. A quick sign-up keeps the service fair and rate-limited for everyone. Contact me if you need more scans or API access for whitelabeling.

What do I get in the report?

Every scan returns a structured report that includes:

  • A plain-English verdict on whether non-essential cookies fire before consent
  • The full list of cookies set before you interact, with marketing and analytics ones flagged
  • A before-and-after comparison showing what changes when you accept or decline the banner
  • Every third-party data flow (Google Analytics, Facebook Pixel, and more), including which ones send data via POST
  • Any localStorage and sessionStorage keys the site writes
  • A step-by-step timeline of how the scan loaded the page and handled the banner

How does AuditCookies check a cookie banner?

A headless browser opens the page in a clean session, records every cookie and third-party request before any interaction, clicks the consent banner, then records cookies and requests again so you can compare the before and after states.

How accurate is AuditCookies?

I've done manual tests on hundreds of websites and done my best to make it as accurate as possible, but every website is different. View my guide on how to check it yourself for complete accuracy. Contact me if you find any inaccuracies.

Can i use it for legal purposes?

AuditCookies is a diagnostic tool for educational purposes. It does not constitute legal advice or shouldnt be used in legal proceedings. If you need legal advice, you should consult a qualified lawyer or GDPR legal expert.

What counts as a non-essential cookie?

Analytics and marketing cookies — for example Google Analytics (_ga), Facebook Pixel (_fbp) or Google Ads (_gcl_au). These require consent, unlike strictly necessary cookies needed for the site to function.

Can a website legally set cookies before I give consent?

Under the GDPR and the ePrivacy Directive, non-essential cookies such as analytics and marketing cookies may not be stored before a visitor gives prior, freely given consent. Strictly necessary cookies are the main exception.