What percentage of websites track users before consent?

7% of scanned websites — 32 out of 442 — fire at least one tracking technology before the user has had any opportunity to provide or withhold consent.

What are the most common GDPR violations on websites?

The most common GDPR violation detected is "Tag manager present — verify all tags respect consent", found on 256 scanned websites. Other frequent issues include missing reject options on consent banners and undisclosed third-party cookies.

Which trackers are most commonly found without user consent?

Google Tag Manager is the most commonly detected tracker, found on 304 scanned websites. Google Analytics, Meta Pixel, and Google Tag Manager collectively appear on the majority of non-compliant sites.

Live data · Updated daily

GDPR Compliance Statistics

Q: How many websites are GDPR compliant?

Based on 442 websites scanned by ConsentLens, approximately 44% achieve full GDPR compliance. The most common risk level is compliant.

Aggregate data from 442 website scans — tracking consent violations, third-party trackers, and compliance scores across the web.

Data recalculated daily. Last updated: 15 June 2026

442

Websites scanned

72/100

Avg compliance score

0 = worst · 100 = best

Fire trackers before consent

44%

Fully compliant

How many websites are GDPR compliant?

Compliance level assigned to each scanned website based on the severity and number of issues detected.

CompliantNo significant GDPR issues detected

193 (44%)

Low RiskMinor issues unlikely to attract regulatory attention

145 (33%)

Medium RiskMeaningful consent gaps that warrant remediation

43 (10%)

High RiskActive violations — trackers fire before consent or no banner present

61 (14%)

What are the most common GDPR violations?

Ranked by the number of scanned websites where each issue was detected.

#	Violation	Affected sites
1	Tag manager present — verify all tags respect consent	256(58%)
2	Advertising / remarketing trackers detected	196(44%)
3	Long-lived cookies detected	166(38%)
4	Third-party cookies detected	160(36%)
5	Consent banner missing reject option	87(20%)
6	No cookie consent banner detected	68(15%)
7	Tag manager detected with no consent mechanism	48(11%)
8	Google Conversion Linker tracking cookie present — verify consent gating	37(8%)
9	Cookies set before consent	30(7%)
10	Reject button could not be verified — cross-origin CMP iframe	17(4%)

Which trackers are most commonly found?

Number of scanned websites where each third-party tracking technology was detected. Includes trackers found both before and after consent.

Google Tag Manager304 (69%)

Google Analytics289 (65%)

X (Twitter) Pixel114 (26%)

Meta Pixel64 (14%)

Microsoft Clarity52 (12%)

Microsoft Ads51 (12%)

Google Ads48 (11%)

LinkedIn Insight39 (9%)

HubSpot29 (7%)

Hotjar26 (6%)

How are compliance scores distributed?

Each website receives a 0–100 compliance score. A score above 80 indicates good compliance; below 40 indicates significant active violations.

0–19

5 (1%)

20–39

56 (13%)

40–59

43 (10%)

60–79

145 (33%)

80–100

193 (44%)

Learn how scores are calculated →|Read the scanning methodology →

Scan activity — last 12 weeks

Number of completed website scans per week.

Mar 23

Mar 30

Apr 6

Apr 13

Apr 20

Apr 27

May 4

May 11

May 18

May 25

Jun 1

Jun 8

Browse by industry

See how GDPR compliance compares across different sectors.

E-Commerce SaaS Travel News & Media Finance Healthcare Entertainment Social Government NGO

Methodology

What is a scanned website?: A unique domain that has been scanned at least once using the ConsentLens Playwright-based scanner. Statistics reflect the most recently completed scan per domain.
How is the compliance score calculated?: Each website receives a 0–100 score composed of four equally-weighted sub-scores: cookie consent handling, tracking transparency, third-party script management, and consent option availability.
What does 'fires before consent' mean?: Any tracker that sends a data-collection network request (XHR, fetch, beacon, or image pixel) within the first 500ms of page load, before the user has had the opportunity to interact with a consent interface.
Data freshness: Statistics are recalculated from the live database once per day. The timestamp at the top of this page shows when data was last computed.

Based on 442 completed scans. Data as of 15 June 2026.

Scan your website →