Privacy & Cookie Compliance Scanner | GDPR / CCPA Banner Audit
Pricing
Pay per usage
Go to Apify Store
Privacy & Cookie Compliance Scanner | GDPR / CCPA Banner Audit
Scan public privacy pages and cookie banners for GDPR/CCPA compliance signals. Returns one clean compliance summary row per site with banner detection, consent framework identification, policy freshness, and recommended actions.
Pricing
Pay per usage
Rating
0.0
(0)
Developer
太郎 山田
Maintained by Community
Actor stats
0
Bookmarked
1
Total users
0
Monthly active users
a day ago
Last modified
Categories
Share
Privacy & Cookie Compliance Scanner
Scan public privacy pages and cookie banners for GDPR/CCPA compliance signals. Returns one clean compliance summary row per site with cookie banner detection, consent framework identification, privacy policy freshness, snapshot-based drift detection, and recommended actions.
What it does
For each site you provide, the actor:
- Fetches the homepage — detects cookie banners and consent management platform (CMP) signatures (OneTrust, Cookiebot, TrustArc, Osano, Didomi, iubenda, IAB TCF, and more)
- Fetches the privacy policy page — confirms reachability and extracts the "Last Updated" date
- Fetches the cookie policy page — confirms reachability (auto-discovered from homepage links if not supplied)
- Compares against the previous run snapshot — flags changes in banner presence, policy URL, policy date, and consent signal set
- Produces one compliance summary row per site with
complianceStatus,cookieBannerDetected,consentSignals,policyUpdatedAt,changedSinceLastRun,recommendedActions, and rawevidence
Use cases
- Recurring compliance monitoring — schedule daily or weekly runs to catch banner removals, CMP changes, or policy date regressions before they become audit findings
- Agency portfolio audits — scan all client sites in one run, export results as a dataset for dashboards or handoff reports
- Pre-launch checklists — verify cookie banner, privacy policy, and cookie policy are in place before go-live
- Post-deploy regression watch — webhook delivery for immediate alerts when compliance signals change after a release
Inputs
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
sites | array | ✅ | — | List of sites to scan. Each entry needs homepageUrl; privacyPolicyUrl and cookiePolicyUrl are auto-discovered if omitted. |
sites[].homepageUrl | string | ✅ | — | Full URL of the homepage to scan for the cookie banner. |
sites[].privacyPolicyUrl | string | ❌ | auto | Direct URL of the privacy policy page. Auto-discovered from footer links if not supplied. |
sites[].cookiePolicyUrl | string | ❌ | auto | Direct URL of the cookie policy page. Auto-discovered from footer links if not supplied. |
sites[].region | string | ❌ | — | Expected region (EU, US, etc.) — used to apply stricter banner checks for GDPR jurisdictions. |
sites[].consentMode | string | ❌ | — | Optional expected consent mode tag (e.g. CCPA) for evidence labelling. |
delivery | string | ❌ | dataset | dataset writes results to the Apify dataset; webhook POSTs the payload to webhookUrl. |
webhookUrl | string | ❌ | — | Required when delivery is webhook. |
snapshotKey | string | ❌ | privacy-cookie-compliance-snapshots | Key for persisting run-to-run snapshots. Keep stable for recurring drift detection. |
concurrency | integer | ❌ | 2 | Parallel site scans (1–10). |
batchDelayMs | integer | ❌ | 500 | Pause between batches in milliseconds. |
requestTimeoutSecs | integer | ❌ | 20 | Per-request timeout (5–60s). |
followRedirects | boolean | ❌ | true | Follow HTTP redirects before scanning. |
dryRun | boolean | ❌ | false | Preview results without saving snapshots, dataset rows, or sending webhooks. |
Output
One dataset row per site. Key fields:
| Field | Type | Description |
|---|---|---|
siteUrl | string | Homepage URL from input. |
complianceStatus | string | compliant | partial | non_compliant | unknown |
executiveSummary | string | Plain-text one-line summary for dashboards and reports. |
cookieBannerDetected | boolean | Whether a cookie consent banner or CMP was found on the homepage. |
privacyPolicyDetected | boolean | Whether a reachable privacy policy page was found. |
cookiePolicyDetected | boolean | Whether a reachable cookie policy page was found. |
policyUpdatedAt | string | null | "Last Updated" date extracted from the privacy or cookie policy page. |
consentSignals | string[] | Named CMPs detected (e.g. ["OneTrust", "IAB TCF"]). |
recommendedActions | string[] | Prioritised, human-readable action items. |
changedSinceLastRun | boolean | null | true if any compliance signal changed; null on first run. |
evidence | object | Raw evidence: status codes, discovered URLs, banner match details, region, consent mode. |
checkedAt | string | ISO 8601 timestamp of when the scan ran. |
Quickstart
- Open the actor and click Try for free
- Under Sites to scan, keep the default or paste your own site's
homepageUrl - Click Start — you'll have a compliance summary row in seconds
- Add a schedule to repeat the scan daily or weekly for drift detection
Detected consent frameworks
OneTrust · Cookiebot · TrustArc · Osano · iubenda · CookieYes · Quantcast Choice · Didomi · Usercentrics · Sourcepoint · CIVIC Cookie Control · Cookiefirst · Termly · IAB TCF · CCPA USP API · Google Consent Mode · Generic banner keywords
Notes
- The actor uses lightweight HTTP fetching (no browser/JavaScript rendering). Dynamic SPAs that inject the cookie banner only after JS execution may show
cookieBannerDetected: falseeven if a banner exists visually. For JS-rendered banners, supplement with a Playwright-based actor. changedSinceLastRunrequires at least two runs with the samesnapshotKey.- No external dependencies beyond Node.js 18+ built-in
fetch.
