GDPR · ePrivacy monitoring for European enterprises
Huxley visits your pages in a real browser — loads, accepts, rejects — and records every request and cookie that fires. When tracking slips past consent, you get the evidence: screenshot, request log, cookie diff.
● No code to install — checks run from the outside, like a real visitor
Before consent
After accept
After reject — fresh session
Three browser phases, run daily or hourly on every page you track. Not a scan of what cookies exist — a test of what your banner actually enforces.
Phase 1
A clean browser session opens your page. The banner must appear, and nothing may track before a choice is made.
banner visible ✓ · requests = 0
Phase 2
We find and click accept — any CMP, shadow DOM included — then record every request and attribute every cookie to its source.
requests logged · cookies attributed
Phase 3
A second, isolated session rejects everything. Marketing and analytics trackers must stay silent. This is where most sites fail.
requests after reject = 0
The verdict is binary: pass = banner visible ∧ 0 requests before consent ∧ 0 after reject
Every violation ships with the artefacts a DPO or a regulator would ask for — captured at the moment it happened, stored as an audit trail.
What the page looked like on load, after accept, and after reject. Proof the banner was — or wasn't — there.
Every third-party hostname that fired, in every consent state. Filterable, downloadable, timestamped.
Not just which cookies exist — who set them and how. We trace JavaScript writes to their calling script and HTTP cookies to their response.
httpOnly cookies are invisible to JavaScript — including your consent tool. We read them from the browser itself and flag the ones set without consent.
Every hostname resolved to a vendor and category — advertising, analytics, social, functional — so you can read a report without a lookup table.
A failed check emails your team immediately with the affected page, the failed phase, and a link to the evidence. No dashboard-checking ritual.
I spent ten years implementing GTM and server-side tagging. The same violations reappeared in audit after audit — a one-shot review was never going to catch them.
Lucas Kostka · Founder, ex-Cloudflare
Audits go stale the day they're delivered. Huxley re-checks your pages every day — starting free.
Free
Try it out
Standard
For teams that need real coverage
Monthly only
Enterprise
Market leaders
Billed yearly
Your site changed this week. Your last audit didn't notice.