About
Built to surface what compliance tools miss.
CookieGap was built in response to a pattern seen across large public websites: privacy regulations were growing more complex faster than most organizations could verify their own compliance posture.
Working across large public-facing websites over many years made one pattern clear: organizations were investing in compliance tooling without a reliable way to verify whether that tooling was working as intended. Add a cookie banner, configure it once, and assume it stays correct.
That assumption became harder to justify as the regulatory landscape expanded. GDPR, CCPA, LGPD, PIPEDA, the ePrivacy Directive: overlapping frameworks with conflicting requirements depending on where your users are located, and enforcement that has steadily increased.
Headquarters
Retegio LLC
Raleigh, North Carolina
The Assumption
CMPs don't automatically equal compliance.
Consent management platforms are widely deployed, but misconfiguration is common. Scripts fire before consent is recorded. Trackers persist after rejection. The reject button is buried or absent. Having a CMP installed is not the same as being compliant. And sites can drift from their CMP configuration over time without anyone noticing.
The Reality
What your site does vs. what your CMP is configured to do.
Site managers need visibility into their site's actual runtime behavior from different geographic jurisdictions, not what the CMP documentation says it should do. What actually happens when a user in the EU lands on the page and clicks Reject? What cookies are already set before any interaction?
The Tool
CookieGap closes that gap.
CookieGap runs a real browser against any URL and simulates the full consent lifecycle: what loads before any interaction, what fires after accepting, and what persists after rejecting. Results are scored against the specific regulatory frameworks that apply based on scan location.
The tool is useful for compliance teams auditing their own properties, site managers checking CMP behavior after configuration changes, agencies reviewing client sites, and anyone who wants to understand whether a site is collecting data without meaningful consent.
See where your site stands.
A scan takes under two minutes. No account required to get started.
Scan your site