What percentage of websites track users before consent?

21% of scanned websites — 13 out of 63 — fire at least one tracking technology before the user has had any opportunity to provide or withhold consent.

What are the most common GDPR violations on websites?

The most common GDPR violation detected is "Long-lived cookies detected", found on 24 scanned websites. Other frequent issues include missing reject options on consent banners and undisclosed third-party cookies.

Which trackers are most commonly found without user consent?

Twitter Pixel is the most commonly detected tracker, found on 23 scanned websites. Google Analytics, Meta Pixel, and Google Tag Manager collectively appear on the majority of non-compliant sites.

Live data · Updated daily

GDPR Compliance Statistics

Q: How many websites are GDPR compliant?

Based on 63 websites scanned by ConsentLens, approximately 38% achieve full GDPR compliance. The most common risk level is compliant.

Aggregate data from 63 website scans — tracking consent violations, third-party trackers, and compliance scores across the web.

Data recalculated daily. Last updated: 24 April 2026

Websites scanned

72/100

Avg compliance score

0 = worst · 100 = best

21%

Fire trackers before consent

38%

Fully compliant

How many websites are GDPR compliant?

Compliance level assigned to each scanned website based on the severity and number of issues detected.

CompliantNo significant GDPR issues detected

24 (38%)

Low RiskMinor issues unlikely to attract regulatory attention

23 (37%)

Medium RiskMeaningful consent gaps that warrant remediation

10 (16%)

High RiskActive violations — trackers fire before consent or no banner present

6 (10%)

What are the most common GDPR violations?

Ranked by the number of scanned websites where each issue was detected.

#	Violation	Affected sites
1	Long-lived cookies detected	24(38%)
2	Third-party cookies detected	21(33%)
3	No cookie consent banner detected	12(19%)
4	Cookies set before consent	12(19%)
5	Advertising / remarketing trackers detected	11(17%)
6	Consent banner missing reject option	6(10%)
7	Tag manager present — verify all tags respect consent	1(2%)
8	Google Conversion Linker tracking cookie present — verify consent gating	1(2%)
9	Twitter Pixel may load before consent is resolved	1(2%)
10	LinkedIn Ads tracking cookie present — verify consent gating	1(2%)

Which trackers are most commonly found?

Number of scanned websites where each third-party tracking technology was detected. Includes trackers found both before and after consent.

Twitter Pixel23 (37%)

Google Analytics21 (33%)

Google Ads9 (14%)

Meta Pixel5 (8%)

Snap Pixel2 (3%)

Segment1 (2%)

Google Tag Manager1 (2%)

Microsoft Clarity1 (2%)

Amplitude1 (2%)

Mixpanel1 (2%)

How are compliance scores distributed?

Each website receives a 0–100 compliance score. A score above 80 indicates good compliance; below 40 indicates significant active violations.

0–19

1 (2%)

20–39

5 (8%)

40–59

10 (16%)

60–79

23 (37%)

80–100

24 (38%)

Scan activity — last 12 weeks

Number of completed website scans per week.

Mar 16

Mar 23

Mar 30

Apr 6

Apr 13

Apr 20

Methodology

What is a scanned website?: A unique domain that has been scanned at least once using the ConsentLens Playwright-based scanner. Statistics reflect the most recently completed scan per domain.
How is the compliance score calculated?: Each website receives a 0–100 score composed of four equally-weighted sub-scores: cookie consent handling, tracking transparency, third-party script management, and consent option availability.
What does 'fires before consent' mean?: Any tracker that sends a data-collection network request (XHR, fetch, beacon, or image pixel) within the first 500ms of page load, before the user has had the opportunity to interact with a consent interface.
Data freshness: Statistics are recalculated from the live database once per day. The timestamp at the top of this page shows when data was last computed.

Based on 63 completed scans. Data as of 24 April 2026.

Scan your website →