Title: fepo — GDPR Cookie Scanner
Author: fepo
Published: <strong>June 23, 2026</strong>
Last modified: June 23, 2026

---

Search plugins

![](https://ps.w.org/fepo-gdpr-scanner/assets/banner-772x250.png?rev=3583143)

![](https://ps.w.org/fepo-gdpr-scanner/assets/icon-256x256.png?rev=3583103)

# fepo — GDPR Cookie Scanner

 By [fepo](https://profiles.wordpress.org/fepo/)

[Download](https://downloads.wordpress.org/plugin/fepo-gdpr-scanner.1.0.1.zip)

 * [Details](https://wordpress.org/plugins/fepo-gdpr-scanner/#description)
 * [Reviews](https://wordpress.org/plugins/fepo-gdpr-scanner/#reviews)
 *  [Installation](https://wordpress.org/plugins/fepo-gdpr-scanner/#installation)
 * [Development](https://wordpress.org/plugins/fepo-gdpr-scanner/#developers)

 [Support](https://wordpress.org/support/plugin/fepo-gdpr-scanner/)

## Description

**fepo GDPR Cookie Scanner** is a diagnostic plugin that checks whether your cookie
consent banner is really effective — or whether trackers fire before a visitor clicks“
Accept”.

It is not a cookie banner. It is a diagnostic tool that audits whatever cookie banner
you already have, independent of which cookie management platform you use.

**What the plugin checks:**

 * Which Cookie Management Platform (CMP) is active (Cookiebot, Usercentrics, Borlabs,
   Complianz, CookieYes, and more).
 * Which third-party trackers (Google Analytics, Meta Pixel, HotJar, …) are present
   in the page source.
 * Whether those trackers are visible in the static HTML _before_ any consent is
   given — a sign that the CMP integration may be misconfigured.
 * A CMP-specific remediation guide pointing to the vendor’s official documentation.

**What the plugin does NOT do:**

 * It does not install, configure, or modify your cookie banner.
 * It does not change any files on your site.
 * It does not collect any data from your visitors.

**Scan modes:**

The plugin uses a PHP-based quick-scan (Stufe A) that works on every WordPress host—
no Headless Chrome, no Node.js, no extra dependencies. For JS-injected trackers (
e.g. Google Tag Manager tags) and a full three-phase Reject-Path test, an optional
full scan via dsgvochecker.de is available as an upsell.

This plugin only diagnoses — it makes no changes to your site.

### External services

The scan itself runs entirely on your own server. The tracker-definition list is

bundled with the plugin — no external request is made to perform a scan.

The plugin uses one optional external service:

**dsgvochecker.de** (operated by fepo) — an optional, paid full scan.

The result page shows an optional “Run three-phase scan” button. The plugin works

fully without it; nothing is sent unless you click the button.

 * What it is: a deeper cookie/consent scan (JS-injected trackers + reject-path
   
   test) run by dsgvochecker.de.
 * What data is sent and when: only if you click the button, a new browser tab
    
   opens at dsgvochecker.de with your site URL passed as a URL parameter, so the
   external service can analyse that page. Nothing is sent in the background.
 * Terms of service: https://dsgvochecker.de/agb
 * Privacy policy: https://dsgvochecker.de/datenschutz

## Screenshots

[⌊Scan page — the homepage URL and the "Check now" button, in native WP-Admin style.⌉⌊
Scan page — the homepage URL and the "Check now" button, in native WP-Admin style
.⌉[

Scan page — the homepage URL and the “Check now” button, in native WP-Admin style.

[⌊Scan result — traffic-light verdict, the detected cookie banner with its setup
guide, and the trackers found in the source code.⌉⌊Scan result — traffic-light verdict,
the detected cookie banner with its setup guide, and the trackers found in the source
code.⌉[

Scan result — traffic-light verdict, the detected cookie banner with its setup guide,
and the trackers found in the source code.

## Installation

 1. Upload the plugin via “Plugins  Add New  Upload” or install from the WordPress 
    plugin directory.
 2. Activate the plugin.
 3. In WordPress admin, click “fepo GDPR Scanner” in the sidebar.
 4. Click “Check now” — the scan runs on your server.

No account, no API key, no credit card required.

## FAQ

### Does the plugin modify my website?

No. This plugin is purely diagnostic. It does not write to any files, install anything,
modify CSS/JS, or change any WordPress settings.

### Does it work on every WordPress host?

Yes. The PHP quick-scan (Stufe A) works on every host — shared hosting, managed 
WordPress, VPS, all fine. No external dependencies beyond PHP 7.4.

### What is the difference between the quick-scan and the full scan?

The quick-scan (Stufe A) fetches your homepage’s raw HTML via PHP and checks for
tracker domains and CMP signatures in the static source. It cannot detect trackers
injected purely via JavaScript (e.g. GTM tags). For that, the full scan on dsgvochecker.
de uses a headless Chromium and includes a three-phase Reject-Path test.

### Is this plugin GDPR compliant itself?

Yes. No visitor data is collected and the scan runs entirely on your own server.
The tracker-definition list is bundled with the plugin, so no external request is
made to scan. No site URL is transmitted.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“fepo — GDPR Cookie Scanner” is open source software. The following people have 
contributed to this plugin.

Contributors

 *   [ fepo ](https://profiles.wordpress.org/fepo/)
 *   [ michaelpehl ](https://profiles.wordpress.org/michaelpehl/)

[Translate “fepo — GDPR Cookie Scanner” into your language.](https://translate.wordpress.org/projects/wp-plugins/fepo-gdpr-scanner)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/fepo-gdpr-scanner/),
check out the [SVN repository](https://plugins.svn.wordpress.org/fepo-gdpr-scanner/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/fepo-gdpr-scanner/)
by [RSS](https://plugins.trac.wordpress.org/log/fepo-gdpr-scanner/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.0.1

 * Tracker-definition list is now bundled with the plugin — the scan no longer makes
   any external request.
 * Documentation clarified (external services, neutral wording).

#### 1.0.0

 * First public release.
 * PHP-based quick scan: detects tracker scripts in the raw HTML source before consent.
 * Cookie banner / CMP detection with per-CMP setup guides linking to vendor documentation(
   13 cookie banners).
 * Bilingual: English by default + German translation (de_DE).
 * Optional full three-phase scan via dsgvochecker.de (reject-path test).

## Meta

 *  Version **1.0.1**
 *  Last updated **15 hours ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 6.0 or higher **
 *  Tested up to **7.0**
 *  PHP version ** 7.4 or higher **
 * Tags
 * [cookie consent](https://wordpress.org/plugins/tags/cookie-consent/)[Cookie Scanner](https://wordpress.org/plugins/tags/cookie-scanner/)
   [dsgvo](https://wordpress.org/plugins/tags/dsgvo/)[GDPR](https://wordpress.org/plugins/tags/gdpr/)
   [tracker](https://wordpress.org/plugins/tags/tracker/)
 *  [Advanced View](https://wordpress.org/plugins/fepo-gdpr-scanner/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/fepo-gdpr-scanner/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/fepo-gdpr-scanner/reviews/)

## Contributors

 *   [ fepo ](https://profiles.wordpress.org/fepo/)
 *   [ michaelpehl ](https://profiles.wordpress.org/michaelpehl/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/fepo-gdpr-scanner/)