This is a sample report. Scan your own website free →
Scanned on 29 March 2026
example-restaurant.nl
Poor
12 issues found
Issues by Category
Findings
Getty Images stock photo detected
An image loaded from media.gettyimages.com was found on the homepage. Using Getty Images without a license can result in demand letters of €1,000-10,000+.
Google Analytics loaded before consent
The _ga and _gid cookies from Google Analytics are set immediately on page load, before any cookie consent is given. This violates GDPR Article 5(1)(a) and the ePrivacy Directive.
Privacy policy not found
No link to a privacy policy was found on the website. Dutch privacy law (AVG/UAVG) requires every website processing personal data to have an accessible privacy policy.
8 images missing alt text
8 images on the homepage do not have alt attributes. Screen readers cannot describe these images to visually impaired users. Required by WCAG 2.1 AA and the European Accessibility Act (EAA).
Outdated WordPress version detected
WordPress 5.9.3 was detected via the generator meta tag. This version has known security vulnerabilities. Update to the latest version.
Mixed content on 3 pages
HTTP resources (images, scripts) are loaded on HTTPS pages. Browsers may block these resources or show security warnings to visitors.
KVK number not displayed
No KVK (Chamber of Commerce) registration number was found on the website. Dutch businesses are required to display their KVK number.
Google Fonts loaded externally
Google Fonts are loaded from fonts.googleapis.com. This shares visitor IP addresses with Google, which a German court ruled violates GDPR. Self-host fonts instead.
Facebook Pixel fires before consent
The Meta/Facebook tracking pixel was detected loading before cookie consent. This sends visitor data to Meta without permission.
DMARC policy set to none
Your DMARC record uses p=none, which only monitors but doesn't prevent email spoofing. Consider upgrading to p=quarantine or p=reject.
No unsubscribe mechanism visible
A newsletter signup form was found but no visible unsubscribe link or information on the page.
Missing Content-Security-Policy header
No Content-Security-Policy header was found. CSP helps prevent cross-site scripting (XSS) and data injection attacks.
Want to see your own results?
Scan your website for free. Get your risk score and top issues in under 60 seconds.
This report is generated by automated scanning tools and provides a technical assessment of publicly accessible website characteristics. It does not constitute legal advice. The findings may include false positives or miss certain issues. For definitive compliance assessment, consult a qualified legal professional. Risk exposure estimates are based on publicly available regulatory guidelines and actual penalties may differ.