asda.com
UK compliance audit.
How the score was calculated
- Starting score
- 100
- 2 critical findings
- −50
- 1 high finding
- −15
- 1 medium finding
- −5
- Final score
- 30
AI Analysis
The ASDA website's cookie consent and privacy compliance audit reveals partial adherence to UK GDPR and PECR requirements, with a score of 30/100. While the site passed 23 checks and had no errors, it failed four critical checks related to specific cookies (da_lid, kndctr_B9CB1CFE53309CAD0A490D45_AdobeOrg_identity, da_intState, _mibhv) for which consent mechanisms were either absent or insufficiently transparent. Seven additional checks were skipped due to unmet conditions, indicating areas requiring further investigation and remediation in the privacy policy and cookie management practices.
Fix these first
3 priorities- 01CRITICALcheck_initial_cookies
Found 4 non-essential cookie(s): [da_lid kndctr_B9CB1CFE53309CAD0A490D45_AdobeOrg_identity da_intState _mibhv]
- 02CRITICALcheck_cookies_after_reject
Found 4 non-essential cookie(s): [da_lid kndctr_B9CB1CFE53309CAD0A490D45_AdobeOrg_identity da_intState _mibhv] (after clicking: <button#onetrust-reject-all-handler> text='Reject All')
- 03HIGHwcag_aa_scan
Found 2 accessibility violation(s): 1 critical, 1 serious, 0 moderate, 0 minor
Report Details
- Playbook
- UK Cookie Compliance
- Domain
- asda.com
- Started At
- 2 Jan 2026, 23:45
- Duration
- 3m 48s
- Total Checks
- 37
- Report ID
- Q3qfCEW9mTvD
Check Results
Data Capture
3 checks All passedcapture_html_initial
INFOCaptured HTML (546991 bytes) from https://www.asda.com/
Captured HTML:
View rendered (opens in new tab)screenshot_initial
INFOScreenshot captured
Screenshot Evidence:
Pre-Consent Cookies
1 check1 failedcheck_initial_cookies
CRITICAL-25Found 4 non-essential cookie(s): [da_lid kndctr_B9CB1CFE53309CAD0A490D45_AdobeOrg_identity da_intState _mibhv]
Non-Essential Cookies:
": The cookie "da_lid" with a long expiration period suggests it is used to store user preferences or settings, which fits the definition of a functional cookie."
": The cookie name suggests it is related to Adobe's Marketing Cloud, indicating it is used for advertising and tracking purposes."
": The cookie "da_intState" likely stores user interaction states or preferences which are not strictly necessary for the site to function but enhance usability."
": The cookie _mibhv is likely used for storing user preferences or settings on the website www.asda.com, as it does not fit the criteria for essential, analytics, or marketing cookies."
Cookies (except strictly necessary) require user consent BEFORE being set
View guidance (opens in new tab)Cookie Consent Banner
6 checks All passedfind_banner
INFOFound consent banner via heuristic (height: 315px)
Clear and comprehensive information must be provided about cookie use
View guidance (opens in new tab)find_cookie_banner
INFOValue true == true: true
verify_banner_visible
INFOElement visibility is true as expected
screenshot_banner
INFOScreenshot captured
Screenshot Evidence:
extract_banner_text
Extracted 108 words
check_banner_content
LOWValue 108 >= 10: true
Cookie notice must provide clear, comprehensive information about purposes
View guidance (opens in new tab)Cookie Controls
4 checks All passedfind_reject_button_semantic
INFOFound reject button: <button#onetrust-reject-all-handler> text='Reject All'
find_accept_button_semantic
INFOFound accept button: <button#onetrust-accept-btn-handler> text='I Accept' (confidence: 100%)
find_reject_button_any
CRITICALValue 1 == 1: true
find_accept_button_any
Value 1 == 1: true
Dark Pattern Detection
1 check All passedcompare_button_prominence
HIGHButtons have similar prominence
Reject option must have equal prominence to accept - asymmetric design is a deceptive pattern
View guidance (opens in new tab)AI Dark Pattern Analysis
2 checks All passedcheck_dark_patterns_vision
HIGHNo specific dark patterns identified in cookie banner
Visual deceptive patterns including color manipulation and hidden controls are prohibited
View guidance (opens in new tab)check_deceptive_buttons
HIGHButton labels are clear and not deceptive
Button labels must accurately reflect their function without ambiguity or deception
View guidance (opens in new tab)AI Content Analysis
3 checks1 failedcheck_banner_quality_llm
MEDIUM-5Banner content is not GDPR compliant
Banner Text Analyzed:
Cookie notices must provide clear, comprehensive information about purposes
View guidance (opens in new tab)check_language_consistency
LOWBanner language (en) matches page language
Information must be provided in a language users can understand
check_cookie_purposes
MEDIUMNo cookies available for purpose matching
All cookies used must be disclosed and explained in the notice
View guidance (opens in new tab)AI Accessibility Analysis
1 checkcheck_visual_accessibility
MEDIUM-3Accessibility score: 50/100
Cookie banners must be accessible to users with disabilities including visual impairments
View guidance (opens in new tab)Consent Verification
4 checks1 failedclick_reject_button
Clicked element <button#onetrust-reject-all-handler> text='Reject All'
wait_after_reject
Waited 2000ms
check_cookies_after_reject
CRITICAL-25Found 4 non-essential cookie(s): [da_lid kndctr_B9CB1CFE53309CAD0A490D45_AdobeOrg_identity da_intState _mibhv] (after clicking: <button#onetrust-reject-all-handler> text='Reject All')
Non-Essential Cookies:
": The cookie "da_lid" with a long expiration period suggests it is used to store user preferences or settings, which fits the definition of a functional cookie."
": The cookie name suggests it is related to Adobe's Marketing Cloud, indicating it is used for advertising and tracking purposes."
": The cookie "da_intState" likely stores user interaction states or preferences which are not strictly necessary for the site to function but enhance usability."
": The cookie _mibhv is likely used for storing user preferences or settings on the website www.asda.com, as it does not fit the criteria for essential, analytics, or marketing cookies."
When consent is withdrawn, cookies must be removed - continued tracking is unlawful
View guidance (opens in new tab)verify_banner_dismissed
LOWElement is no longer accessible (dismissed/removed from DOM)
Accessibility
1 check1 failedwcag_aa_scan
HIGH-15Found 2 accessibility violation(s): 1 critical, 1 serious, 0 moderate, 0 minor
Accessibility Issues:
Ensures ARIA attributes are not prohibited for an element's role
Affected elements (showing 3 of 8) :
<div aria-label="Amex 1 of 8"><div aria-label="Maestro Card 2 of 8"><div aria-label="Master Card 3 of 8">Ensures <meta name="viewport"> does not disable text scaling and zooming
Affected elements :
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, user-scalable=no">UK websites must meet WCAG 2.1 Level AA standards; failure may constitute disability discrimination
View guidance (opens in new tab)Evidence Collection
2 checks All passedcapture_html_after_reject
INFOCaptured HTML (591318 bytes) from https://www.asda.com/
Captured HTML:
View rendered (opens in new tab)capture_cookies_after_reject
INFOCaptured 17 cookies
Captured Cookies:
View full list (opens in new tab)Report Generation
2 checks All passedgenerate_summary
INFOAI summary generated successfully
generate_pdf
INFOPDF report generated: https://smesolutions.uk/artifacts/artifacts/5dff935a-461d-4346-9d32-75b1c8fba218/report.pdf
Other Checks
1 check All passedscreenshot_after_reject
Screenshot captured
Screenshot Evidence:
Full Compliance Report
Loading PDF viewer...