# GDPR & Privacy Cookie Scanner (`andok/gdpr-cookie-scanner`) Actor Scan websites to identify tracking cookies and third-party scripts. Automate privacy compliance and GDPR audits. - **URL**: https://apify.com/andok/gdpr-cookie-scanner.md - **Developed by:** [Andok](https://apify.com/andok) (community) - **Categories:** Business, Developer tools - **Stats:** 15 total users, 2 monthly users, 99.2% runs succeeded, 0 bookmarks - **User rating**: No ratings yet ## Pricing $1.00 / 1,000 site scanneds This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ## GDPR Cookie Compliance Scanner Scan any website for GDPR cookie compliance violations in seconds. Privacy audits and consent banner checks are time-consuming when done manually — run bulk scans across client portfolios and get a clear Pass/Warning/Fail grade for each site. Built on a real browser engine to catch JavaScript-set cookies that static scanners miss. ### Features - **Pre-consent cookie detection** — identifies analytics, marketing, and tracking cookies set before user consent - **Cookie categorization** — classifies every cookie as necessary, analytics, marketing, functional, or unknown - **Consent banner detection** — recognizes major CMPs including OneTrust, Cookiebot, and Cookie Notice - **Compliance grading** — assigns Pass, Warning, or Fail based on GDPR best practices - **Third-party cookie analysis** — flags cookies from external domains (Facebook, Google, HubSpot, Hotjar, etc.) - **Post-consent comparison** — captures cookies before and after accepting consent to show what changes - **Bulk scanning** — process hundreds of URLs in a single run for agency-scale audits ### Input | Field | Type | Required | Default | Description | |-------|------|----------|---------|-------------| | `urls` | `array` | Yes | — | Website URLs to scan for cookie compliance. Each URL is loaded in a real browser to capture all cookies, including those set by JavaScript. | | `waitForBanner` | `boolean` | No | `true` | When enabled, the scanner waits for a cookie consent banner to appear and attempts to click "Accept" to compare pre- and post-consent cookies. Disable if you only want the pre-consent snapshot. | | `timeout` | `integer` | No | `30000` | Maximum time in milliseconds to wait for page load and banner detection. Increase for slow-loading sites or complex single-page applications. Range: 5,000–120,000 ms. | #### Input Example ```json { "urls": [ { "url": "https://crawlee.dev" }, { "url": "https://example.com" } ], "waitForBanner": true, "timeout": 30000 } ```` ### Output Each scanned URL produces a detailed compliance report with cookie inventories, categorization, consent banner status, and a compliance grade. Key output fields: - `url` — the scanned page URL - `complianceGrade` — `Pass`, `Warning`, or `Fail` - `issues` — list of specific compliance problems found - `preConsentCookies` — cookies present before any user interaction - `postConsentCookies` — cookies added after accepting the consent banner - `cookiesSetWithoutConsent` — non-necessary cookies loaded before consent (the main GDPR risk) - `consentBannerDetected` — whether a cookie consent banner was found - `consentManagementPlatform` — detected CMP (OneTrust, Cookiebot, etc.) - `totalCookies` — total cookie count across the session - `trackingCookies` — number of identified tracking cookies - `thirdPartyCookies` — cookies from external domains #### Output Example ```json { "url": "https://example.com", "timestamp": "2025-01-15T10:30:00.000Z", "complianceGrade": "Fail", "issues": [ "3 non-necessary cookies set before consent", "2 tracking cookies set before consent" ], "consentBannerDetected": true, "consentManagementPlatform": "OneTrust", "totalCookies": 12, "trackingCookies": 5, "preConsentCookies": [ { "cookie": { "name": "_ga", "domain": ".example.com", "path": "/", "expires": 1737000000 }, "category": "analytics", "isTracker": true, "trackerType": "Google Analytics" } ], "thirdPartyCookies": [ { "cookie": { "name": "_fbp", "domain": ".facebook.com", "path": "/", "expires": 1737000000 }, "category": "marketing", "isTracker": true, "trackerType": "Facebook Pixel" } ] } ``` ### Pricing | Event | Cost | |-------|------| | Site Scanned | $0.01 per URL | Free tier available — pay only for Apify platform usage beyond free limits. ### Use Cases - **Privacy compliance audits** — scan client websites before GDPR audits and generate evidence-ready reports showing cookie violations - **Agency client reporting** — run bulk scans across all client domains on a schedule and flag new compliance issues automatically - **Vendor due diligence** — verify that third-party SaaS tools and marketing platforms are not setting tracking cookies without consent - **Pre-launch QA** — check new websites or redesigns for cookie compliance before going live - **Competitive benchmarking** — compare cookie practices across competitors to identify industry-standard consent implementations ### Related Actors | Actor | What it adds | |-------|-------------| | [Security Headers Analyzer](https://apify.com/andok/security-headers-analyzer) | Audit HTTP security headers alongside cookie compliance for a full privacy and security review | | [Tech Stack Analyzer](https://apify.com/andok/tech-stack-analyzer) | Identify the CMS, frameworks, and third-party scripts that may be setting the cookies you found | | [Broken Links Checker](https://apify.com/andok/broken-links-checker) | Combine cookie compliance with broken-link detection for a comprehensive site health audit | ### Notes - The scanner uses a real Chromium browser via Playwright, so it captures JavaScript-set cookies that HTTP-only scanners miss. - Consent banner detection relies on common CMP selectors (OneTrust, Cookiebot, generic patterns). Custom or uncommon banners may not be detected. - Compliance grading is advisory — it highlights common GDPR issues but does not constitute legal advice. # Actor input Schema ## `urls` (type: `array`): Website URLs to scan for cookie compliance. Each URL is loaded in a real browser to capture all cookies, including those set by JavaScript. ## `waitForBanner` (type: `boolean`): When enabled, the scanner waits for a cookie consent banner to appear and attempts to click "Accept" to compare pre- and post-consent cookies. Disable to capture only the pre-consent snapshot. ## `timeout` (type: `integer`): Maximum time in milliseconds to wait for page load and banner detection. Increase for slow-loading sites or complex single-page applications. ## Actor input object example ```json { "urls": [ { "url": "https://crawlee.dev" } ], "waitForBanner": true, "timeout": 30000 } ``` # Actor output Schema ## `results` (type: `string`): No description # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "urls": [ { "url": "https://crawlee.dev" } ] }; // Run the Actor and wait for it to finish const run = await client.actor("andok/gdpr-cookie-scanner").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`💾 Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "urls": [{ "url": "https://crawlee.dev" }] } # Run the Actor and wait for it to finish run = client.actor("andok/gdpr-cookie-scanner").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "urls": [ { "url": "https://crawlee.dev" } ] }' | apify call andok/gdpr-cookie-scanner --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=andok/gdpr-cookie-scanner", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "GDPR & Privacy Cookie Scanner", "description": "Scan websites to identify tracking cookies and third-party scripts. Automate privacy compliance and GDPR audits.", "version": "0.0", "x-build-id": "SujbnDRrCbx9ItSkO" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/andok~gdpr-cookie-scanner/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-andok-gdpr-cookie-scanner", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/andok~gdpr-cookie-scanner/runs": { "post": { "operationId": "runs-sync-andok-gdpr-cookie-scanner", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/andok~gdpr-cookie-scanner/run-sync": { "post": { "operationId": "run-sync-andok-gdpr-cookie-scanner", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "required": [ "urls" ], "properties": { "urls": { "title": "URLs to scan", "minItems": 1, "type": "array", "description": "Website URLs to scan for cookie compliance. Each URL is loaded in a real browser to capture all cookies, including those set by JavaScript.", "items": { "type": "object", "required": [ "url" ], "properties": { "url": { "type": "string", "title": "URL of a web page", "format": "uri" } } } }, "waitForBanner": { "title": "Wait for consent banner", "type": "boolean", "description": "When enabled, the scanner waits for a cookie consent banner to appear and attempts to click \"Accept\" to compare pre- and post-consent cookies. Disable to capture only the pre-consent snapshot.", "default": true }, "timeout": { "title": "Page timeout (ms)", "minimum": 5000, "maximum": 120000, "type": "integer", "description": "Maximum time in milliseconds to wait for page load and banner detection. Increase for slow-loading sites or complex single-page applications.", "default": 30000 } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```