GDPR · ePrivacy monitoring for European enterprises

Your consent banner breaks.
Know the same day, with proof.

Huxley visits your pages in a real browser — loads, accepts, rejects — and records every request and cookie that fires. When tracking slips past consent, you get the evidence: screenshot, request log, cookie diff.

No code to install — checks run from the outside, like a real visitor

shop.acme.com/checkout Check running
Load
Accept
Reject

Before consent

consent.acme.comCMP detected · Didomi
analytics.google.com✕ fired before consent

After accept

doubleclick.net✓ consented

After reject — fresh session

static.hotjar.com✓ blocked
connect.facebook.net✕ fired after reject
FAIL 2 violations — alert sent
Screenshots Request log Cookie diff
Works with every CMP
OneTrustDidomiAxeptioCookiebotUsercentricsTrustArcOsano+ custom banners

Every check is a full consent lifecycle

Three browser phases, run daily or hourly on every page you track. Not a scan of what cookies exist — a test of what your banner actually enforces.

Phase 1

Load

A clean browser session opens your page. The banner must appear, and nothing may track before a choice is made.

banner visible · requests = 0

Phase 2

Accept

We find and click accept — any CMP, shadow DOM included — then record every request and attribute every cookie to its source.

requests logged · cookies attributed

Phase 3

Reject

A second, isolated session rejects everything. Marketing and analytics trackers must stay silent. This is where most sites fail.

requests after reject = 0

The verdict is binary: pass = banner visible ∧ 0 requests before consent ∧ 0 after reject

Evidence, not opinions

Every violation ships with the artefacts a DPO or a regulator would ask for — captured at the moment it happened, stored as an audit trail.

Screenshots of every phase

What the page looked like on load, after accept, and after reject. Proof the banner was — or wasn't — there.

load
accept
reject

Full request logs

Every third-party hostname that fired, in every consent state. Filterable, downloadable, timestamped.

doubleclick.netbefore consent
connect.facebook.netafter reject
static.hotjar.comafter accept

Cookie attribution

Not just which cookies exist — who set them and how. We trace JavaScript writes to their calling script and HTTP cookies to their response.

_gajs · googletagmanager.com
_fbpjs · connect.facebook.net
datadomehttp · api.acme.com

Cookies your CMP can't see

httpOnly cookies are invisible to JavaScript — including your consent tool. We read them from the browser itself and flag the ones set without consent.

__cf_bmhttpOnly
datadomehttpOnly · before consent

Vendor classification

Every hostname resolved to a vendor and category — advertising, analytics, social, functional — so you can read a report without a lookup table.

Google Adsadvertising
Hotjaranalytics
Meta Pixeladvertising

Alerts the moment it breaks

A failed check emails your team immediately with the affected page, the failed phase, and a link to the evidence. No dashboard-checking ritual.

✕ /checkout failed09:14
→ 3 recipients notified09:14
I spent ten years implementing GTM and server-side tagging. The same violations reappeared in audit after audit — a one-shot review was never going to catch them.

Lucas Kostka · Founder, ex-Cloudflare

Constant coverage, for less than a one-time audit

Audits go stale the day they're delivered. Huxley re-checks your pages every day — starting free.

Free

Try it out

Free
  • Frequency: Monthly
  • Domains: 1
  • Monitored Pages: 5
  • Team members: 1
  • Data Retention: 1 month
  • Quaterly report: No
  • Pages sequences: Not included
Request a demo
Popular

Standard

For teams that need real coverage

€15 / 100 pages / mo

Monthly only

  • Frequency: Monthly
  • Domains: Custom
  • Monitored Pages: 100
  • Team members: 5
  • Data Retention: 1 year
  • Quaterly report: No
  • Pages sequences: Not included
Request a demo

Enterprise

Market leaders

Custom

Billed yearly

  • Frequency: Weekly
  • Domains: Custom
  • Monitored Pages: Custom
  • Team members: Unlimited
  • Data Retention: Custom
  • Quaterly report: Yes
  • Pages sequences: Custom
Request a demo

Questions, answered

No. Huxley works entirely from the outside — it visits your pages like a real user, in a real browser. No tag, no SDK, no involvement from your development team.

Compliance isn't a yearly event

Your site changed this week. Your last audit didn't notice.