Skip to content

The best free cookie scanners, ranked

By Philipp Kant 6 min read

A cookie scanner is a tool that loads a website, records the cookies and third-party trackers it sets, and reports them for privacy compliance. Free cookie scanners fall into two groups: inventory tools that list and categorize cookies, and behavior tools that test what actually fires before consent. That difference decides whether the scan tells you anything useful.

We ranked the well-known free options by how much of the real compliance question each one answers, and by whether it is independent or a lead magnet for a paid consent platform. If you only need a cookie list to paste into a banner, skip to Cookiebot at number four.

ScannerTypeIndependent?Free tier
BlacklightTracker inspectorYes (nonprofit)Fully free, no signup
WebbkollPrivacy / behavior checkYes (open source)Fully free
Piwik PROConsent-gate testerNo (EU vendor)Free scan
CookiebotCookie inventoryNo (CMP vendor)1 domain, ~50 subpages
CookieYesCookie inventoryNo (CMP vendor)Free checker
TermlyCookie inventoryNo (CMP vendor)Free tier
CookieserveCookie inventoryNoFully free

1. Blacklight, the deepest independent look

Blacklight, from the nonprofit newsroom The Markup, drives a headless browser to a URL and reports what it finds: third-party cookies, ad trackers, session recording, canvas fingerprinting, the Meta pixel, and Google Analytics remarketing. It is fully free, needs no signup, and has no product to sell you, which makes it the most trustworthy read on what a page is really doing.

The limit is scope. Blacklight inspects tracking; it does not build a cookie declaration or test whether your reject button works. Use it to see the truth, then act on it elsewhere.

2. Webbkoll, open source and honest about the load

Webbkoll, run by the 5th of July Foundation, simulates a plain visit with no clicks and reports third-party requests, cookies, security headers, and referrer behavior. Because it never clicks the banner, what it shows is the pre-consent state, which is exactly the state that gets sites in trouble.

It is open source and developer-oriented. The output is technical and there is no hand-holding, but for an unbiased picture of what loads before any choice, it is excellent and completely free.

Piwik PRO’s scanner is built around the right question: it checks whether cookies fire before the visitor has allowed or denied them. Most free scanners never ask that. As an EU analytics and consent vendor, Piwik PRO is privacy-focused, and the scan is a genuine consent-gate check rather than a plain inventory.

It is a vendor tool, so expect a nudge toward the platform. The consent testing still makes it more useful than the inventory-only crowd below.

4. Cookiebot, the most thorough inventory

Cookiebot, by Usercentrics, runs the best-known free cookie checker. It crawls your site, lists every cookie in five categories, and often tells you what set each one, down to the script, iframe, or image and a line number. The free tier covers one domain and roughly fifty subpages.

It is lead generation for a paid CMP, and it is built to produce a cookie declaration, not to prove your gate works. A thorough cookie list is useful, but a list is not evidence that reject actually blocks anything.

5. CookieYes, a fast free checker

CookieYes gives you a quick categorized cookie audit from a single URL: necessary, functional, analytics, performance, advertising, with durations and descriptions. It is a clean first pass for building a cookie list, tied to the company’s freemium consent platform.

Like Cookiebot, it inventories cookies rather than testing behavior. It will tell you what cookies exist, not whether your banner gates them.

6. Termly, inventory plus a banner generator

Termly’s free scanner detects and categorizes cookies and pairs with a free banner builder, so it is popular with small sites that want both in one place. The categorization is solid and the free tier is generous for a first setup.

It is a consent vendor, and the same caveat applies: the scan lists cookies and feeds a declaration, it does not check that tracking holds until the visitor agrees.

7. Cookieserve, bare-bones and free

Cookieserve is a no-frills free cookie checker: enter a URL, get a list of cookies and their categories. There is no account and no upsell, which is refreshing, but also no depth. It is fine for a quick “what cookies does this page set” answer and nothing more.

Treat it as a spot check, not an audit.

What every free scanner on this list still misses

Even the best free tool here stops short of the questions that decide whether a site is actually compliant:

  • Does reject really block? None of these click reject and then measure again. A banner that ignores reject is the most common serious failure, and a cookie list will not catch it.
  • Is each tool named in your privacy policy? GDPR Article 13 requires disclosure. Scanners list cookies; they do not cross-check the policy.
  • Does data leave the EU before consent? US transfers before a choice is made are an Article 44 problem, and most scanners do not separate them out by phase.
  • What runs before consent, after reject, and after accept? The three phases tell different stories. Inventory tools collapse them into one list.

Most free scanners answer “what cookies exist,” when the question that gets sites fined is “does your consent actually work.”

FAQ

What is the best free cookie scanner? It depends on the question. For an honest look at trackers, Blacklight. To test whether cookies fire before consent, a behavior tool like Piwik PRO or Webbkoll. To build a cookie declaration, Cookiebot. No single free tool does all of it.

Do free cookie scanners test if my reject button works? Most do not. They load the page and list the cookies they find. Testing reject means clicking reject and measuring again, which few free tools do, even though a broken reject is the failure regulators care about.

Is Cookiebot’s free scanner enough for GDPR? It builds a thorough cookie inventory, which is useful, but an inventory is not proof that your consent gate works. Pair it with a behavior check that looks at what loads before consent and after reject.

Are vendor cookie scanners biased? They are lead generation for paid consent platforms, which is fine, but it shapes what they measure: cookies to declare, not whether your setup blocks tracking. Independent tools like Blacklight and Webbkoll have no upsell.

Is this legal advice? No. We are a technical partner, not a law firm. A scan is technical evidence; a lawyer interprets what it means for your situation.

The gap above is why we built our own free Cookie Scanner: it drives a headless browser through all three phases (before consent, after reject, after accept), names the trackers and cookies in each, cross-checks your privacy policy, and flags data leaving the EU. Full disclosure, it is ours. For what compliant consent requires, see Is your cookie banner actually GDPR-compliant?; for the failures to look for, see 7 cookie consent mistakes that break GDPR. The same third-party tags are usually the heaviest thing on the page, too; see The best free website speed tests, ranked.

Have something in mind?

Send a short email describing the problem and what success looks like. We read every one and reply within a few days.