See everything. Miss nothing.
Gretelfy loads your page in a clean, headless browser with zero prior state. We capture every cookie dropped, every script executed, every network request fired — all before a single pixel of your consent banner is interacted with.
Full Cookie Inventory
Every first-party and third-party cookie, with name, domain, path, expiry, secure flag, and SameSite attribute.
Script Origin Mapping
Identify every JavaScript source loaded on the page, grouped by domain and classified by purpose.
Network Request Log
Complete log of all HTTP requests including trackers, pixels, beacons, and API calls — with timing data.
Technology Fingerprinting
Detect which analytics, ad-tech, and CMP platforms are active on your site.
Does 'Reject' actually work?
The most critical test: when a visitor clicks 'Reject All', do the trackers actually stop? Gretelfy performs a functional validation of your consent mechanism — not just a visual check.
Pre/Post Consent Comparison
Side-by-side diff of cookies and scripts before consent vs. after rejection.
Script Blocking Verification
Confirms that marketing and analytics scripts are genuinely suppressed, not just hidden.
Cookie Persistence Check
Detects cookies that persist after rejection — a common and serious compliance failure.
Consent Mode Audit
Verifies Google Consent Mode v2 signals are correctly implemented and respected.
Compliance drifts. We catch it.
A single scan is a snapshot. Websites change daily — new tags, plugin updates, third-party script changes. Gretelfy runs automated scans on your schedule and alerts you the moment compliance degrades.
Scheduled Scans
Set daily, weekly, or monthly automated scans per domain. No manual effort required.
Regression Detection
Automatic comparison against previous scans. New violations are flagged immediately.
Email & Slack Alerts
Get notified within hours when your Gretel Score drops or new violations appear.
Compliance Trending
Track your score over time. Demonstrate continuous improvement to auditors and regulators.
Where does the data actually go?
Beyond cookies and scripts, Layer 5 maps the full data flow: which third parties receive personal data, where servers are located, and whether cross-border transfers comply with Schrems II requirements.
Cross-Border Transfer Mapping
Identify which third-party servers receive data and their geographic locations. Flag non-EU transfers without adequacy decisions.
PII Leak Detection
Detect when email addresses, phone numbers, or other personal data is passed to third-party scripts via URL parameters or request payloads.
Vendor Dependency Chains
Trace script loading chains to reveal hidden fourth-party dependencies your privacy policy may not cover.
Schrems II Compliance
Automatically flag data transfers to countries without EU adequacy decisions. Identify high-risk vendors requiring additional safeguards.
Your Gretel Score at a glance.
Gretel Score
Needs Improvement
Block marketing cookies before consent
Add Facebook Pixel and Google Ads scripts to your CMP blocking configuration and assign them to the Marketing category.
Every plan includes independent compliance scanning
All plans include Layers 1-3. Professional and above unlock continuous monitoring and data flow intelligence.
| Layers | Monitor€49/mo | Professional€149/mo | Agency€349/mo |
|---|---|---|---|
| Layer 1: Discovery Scan | |||
| Layer 2: Banner UX Audit | |||
| Layer 3: Consent Validation | |||
| Layer 4: Continuous Monitoring | — | ||
| Layer 5: Data Flow Intelligence | — |
Start with a free scan
See what Layer 1 reveals about your website in under a minute. No signup required.