CookieSmog

Cookies are the fine particles of the web — invisible, pervasive, and quietly polluting your users' privacy.

Enter a domain to audit

What is CookieSmog?

Cookies are the smog of the internet

Just as industry fills the air with invisible pollutants, websites fill your browser with tracking cookies — collecting, profiling, and silently trading your behavior across the web.

CookieSmog visits any URL with a real browser, intercepts every cookie and network request, and produces a clear privacy report — no signup, no extensions required.

How it works

Step 01

Submit a URL

Paste any website address. Our headless browser loads the page exactly as a real visitor — executing scripts, iframes, and all third-party resources.

Step 02

Deep scan

Every cookie is captured and cross-referenced against the Open Cookie Database to identify trackers, their owners, and GDPR purpose categories.

Step 03

Privacy report

Receive a full breakdown: cookie names, lifetimes, categories, third-party hosts, and a privacy pollution score from 0 to 100.

Pollution types

Not all cookies are
created equal

From harmless session tokens to aggressive cross-site trackers — CookieSmog classifies every cookie by its real privacy impact.

Functional / Necessary
Session state, login tokens, preferences
Low risk
Analytics / Statistics
Traffic stats, A/B tests, user flow
Medium
Marketing / Advertising
Ad targeting, retargeting, conversion pixels
High
Cross-site Tracking
Third-party beacons following users across the web
Critical
Why it matters

GDPR enforcement is real — and growing

€20M
Maximum fine
or 4% of global annual turnover — whichever is higher
€6.8B+
Total GDPR fines
issued across the EU since 2018
enforcementtracker.com
Consent
Before any click
tracking cookies set on first load — before any consent — are a clear GDPR violation
Art. 7
Consent must be
freely given, specific, informed, and unambiguous — pre-ticked boxes are illegal
Under the hood

Built for accuracy

CookieSmog doesn't guess — it loads your page as a real browser would and cross-references every finding against authoritative sources.

Headless browser

A full Chromium instance loads your page — executing JavaScript, lazy content, and third-party scripts exactly as a real visitor's browser would. No static HTML scraping shortcuts.

Open Cookie Database

Every detected cookie is looked up against the community-maintained Open Cookie Database to identify the vendor, category, and GDPR purpose.

GDPR classification

Each cookie is classified by its legal purpose — Necessary, Analytics, Marketing, or Cross-site tracking — so you know exactly which consent categories you need to cover under GDPR and ePrivacy.

What this audit checks

First load, no consent given

CookieSmog visits your URL exactly as a new visitor would — it does not click any consent banner or accept cookies. It then checks what cookies and trackers are already active at that point.

What a pass means

No tracking or marketing cookies are set before the user interacts with a consent banner. This is the correct baseline under GDPR and ePrivacy Directive.

What a violation means

Tracking cookies are present on first load — before any consent is collected. Regardless of whether you have a banner, this is non-compliant.

This tool does not audit the content or wording of your consent banner, your cookie policy, or your data processing agreements. A clean result here is a necessary — but not sufficient — condition for full GDPR compliance.

Ready to clear the air?

Enter any domain above to get your free privacy pollution report.

Talk to an expert

Get help implementing Consent Mode v2 and achieving full GDPR compliance. Free initial consultation — no obligations.