ComplyGuard performs 11 checks related to the ePrivacy Directive and cookie regulations. These checks cover encryption, cookie consent, cookie policy content, and security headers.
Rule-Based Checks
Check
What We Look For
Reference
HTTPS Encryption
Verifies the website is served over HTTPS with a valid SSL/TLS certificate
ePrivacy Directive Art. 4
Cookie Policy Page
Checks for a dedicated cookie policy page or section
ePrivacy Directive Art. 5(3)
Cookie Reject Button
Verifies that users can reject non-essential cookies as easily as accepting them
EDPB Guidelines
AI-Powered Checks PRO
Check
What We Look For
Reference
Cookie Categories
Checks if cookies are categorized (e.g., necessary, functional, analytics, marketing)
ePrivacy Directive Art. 5(3)
Cookie Purposes
Verifies that the purpose of each cookie or cookie category is explained
ePrivacy Directive Art. 5(3)
Cookie Duration
Checks if cookie lifetimes/expiration periods are specified
EDPB Guidelines
Third-Party Cookies
Verifies that third-party cookies are disclosed with the identity of the third party
ePrivacy Directive Art. 5(3)
User Control Instructions
Checks for clear instructions on how users can manage or delete cookies
ePrivacy Directive Art. 5(3)
Security Headers
Header
What We Check
Why It Matters
X-Frame-Options
Checks for DENY or SAMEORIGIN value
Prevents clickjacking attacks
Strict-Transport-Security (HSTS)
Verifies HSTS header is present
Forces HTTPS connections
Content-Security-Policy (CSP)
Checks for a CSP header
Prevents XSS and injection attacks
X-Content-Type-Options
Checks for nosniff value
Prevents MIME type sniffing
Security headers are checked on all plans as part of the ePrivacy scanning. AI cookie policy analysis requires a Pro or Enterprise plan.