When the same vendor sells the consent banner and grades your compliance, the self-scan checks the vendor's own product. We are an independent scanner with no CMP affiliation, surfacing issues a built-in scanner is less likely to flag.
| Capability | GDPR Privacy Monitor | CMP built-in scanners | Other runtime scanners |
|---|---|---|---|
| Pre-consent tracking detection | Runtime, real browser | Static cookie lists | Runtime |
| Before / after consent diff | With evidence | No | No |
| Evidence pack (HAR + screenshots) | Yes | No | No |
| CMP-specific fix guides | Cookiebot, CookieYes, OneTrust… | N/A - they are the CMP | Generic only |
| Banner accessibility audit | 4 WCAG checks | No | No |
| Reject flow verification | Full click-through | No | No |
| DPA enforcement context | Per finding | No | No |
| "Cannot determine" transparency | Yes | No - vendor checks its own product | No |
| Risk score granularity | 0–100 with breakdown | Pass/fail or basic | 1–5 scale |
| Agency pricing (50 sites) | €199/mo flat | Varies, often per-domain | - |
| Independent (no CMP conflict) | Yes | No - vendor self-grades | Yes |
| External font detection | LG München ruling | No | No |
| Mixed content detection | GDPR Art. 32 | No | No |
Comparison based on publicly available documentation and our own testing as of March 2026. Features may have changed.
When a CMP vendor grades compliance with its own product, issues caused by the banner configuration can be harder to surface from inside the same dashboard. An independent verifier looks at the live result with no vendor relationship.
Built-in CMP scanners are useful for inventory of cookies and configuration, but may not capture every runtime scenario, especially dynamically injected tags, iframe embeds, or behavior that depends on user interaction.
As an independent scanner, we have no commercial reason to minimize findings. If your site leaks data before consent or makes reject buttons hard to find, we report it - regardless of which CMP you use.
Practical, vendor-neutral guides for auditing your installation of each major consent management platform.
Audit your Cookiebot setup: check GTM, Consent Mode v2, reject flow, iframes, post-reject tracking, and evidence packs for client reporting.
Audit your CookieYes setup: check GTM, Consent Mode v2, reject flow, plugin scope, post-reject tracking, and evidence packs for client reporting.
Audit your OneTrust setup or decide whether you need OneTrust at all: enterprise governance, sales-driven pricing, where lightweight audit fits alongside.
Audit your Iubenda setup: where the policy generator and cookie banner each fit, what self-scans can miss, and when to add independent verification.
Audit your Complianz setup: WordPress-native consent management, what self-scans can miss, and when multi-CMS portfolios need independent verification.
Run a free scan and compare the findings with what your CMP dashboard shows. Most teams find issues their current tools missed.
Scan your site free