Home Verified permalink · Latest public audit

nationwide.co.uk

UK compliance audit.

Scan complete

Compliance Score

How the score was calculated

Starting score: 100
1 critical finding: −25
1 medium finding: −5
Final score: 70

AI Analysis

The Nationwide.co.uk website has partially met UK GDPR and PECR compliance standards, scoring 70/100 with 25 passed checks and 2 failed checks. Key issues include a non-compliant cookie banner that fails to disclose third-party data sharing and the consequences of declining non-essential cookies, as well as vague descriptions of user benefits from accepting certain types of cookies. Seven checks were not applicable due to specific conditions not being met.

Fix these first

1 priority

01
CRITICALcheck_cookies_after_reject
Found 1 non-essential cookie(s): [FPID] (after clicking: <button#onetrust-reject-all-handler.ot-button-order-1> text='Allow essential cookies only')

Report Details

Playbook: UK Cookie Compliance
Domain: nationwide.co.uk
Started At: 2 Jan 2026, 12:54
Duration: 3m 4s
Total Checks: 37
Report ID: zWSioPaielcY

Check Results

Data Capture

3 checks All passed

capture_html_initial

INFO

Captured HTML (451824 bytes) from https://www.nationwide.co.uk/

Captured HTML:

View rendered

screenshot_initial

INFO

Screenshot saved: https://smesolutions.uk/artifacts/artifacts/3ab5cf22-7f2a-4bf5-92fd-958e31f221bc/screenshots/initial_state.png

Screenshot Evidence:

Click to view full size

capture_cookies_initial

INFO

Captured 3 cookies

Captured Cookies:

View full list

Pre-Consent Cookies

1 check All passed

check_initial_cookies

CRITICAL

No non-essential cookies found

PECR Regulation 6(1)

Cookies (except strictly necessary) require user consent BEFORE being set

View guidance

Cookie Consent Banner

6 checks All passed

find_banner

INFO

Found consent banner via heuristic (height: 649px)

PECR Regulation 6(2)

Clear and comprehensive information must be provided about cookie use

View guidance

find_cookie_banner

INFO

Value true == true: true

verify_banner_visible

INFO

Element visibility is true as expected

screenshot_banner

INFO

Screenshot saved: https://smesolutions.uk/artifacts/artifacts/3ab5cf22-7f2a-4bf5-92fd-958e31f221bc/screenshots/cookie_banner.png

Screenshot Evidence:

Click to view full size

extract_banner_text

Extracted 83 words

check_banner_content

LOW

Value 83 >= 10: true

PECR Regulation 6(2)(a)

Cookie notice must provide clear, comprehensive information about purposes

View guidance

Cookie Controls

4 checks All passed

find_reject_button_semantic

INFO

Found reject button: <button#onetrust-reject-all-handler.ot-button-order-1> text='Allow essential cookies only'

find_accept_button_semantic

INFO

Found accept button: <button#onetrust-accept-btn-handler.ot-button-order-0> text='Allow all cookies' (confidence: 100%)

find_reject_button_any

CRITICAL

Value 1 == 1: true

find_accept_button_any

Value 1 == 1: true

Dark Pattern Detection

1 check All passed

compare_button_prominence

HIGH

Buttons have similar prominence

EDPB Guidelines 03/2022 on Dark Patterns

Reject option must have equal prominence to accept - asymmetric design is a deceptive pattern

View guidance

AI Dark Pattern Analysis

2 checks All passed

check_dark_patterns_vision

HIGH

No specific dark patterns identified in cookie banner

EDPB Guidelines 03/2022 on Dark Patterns

Visual deceptive patterns including color manipulation and hidden controls are prohibited

View guidance

check_deceptive_buttons

HIGH

Button labels are clear and not deceptive

EDPB Guidelines 03/2022 on Dark Patterns

Button labels must accurately reflect their function without ambiguity or deception

View guidance

AI Content Analysis

3 checks1 failed

check_banner_quality_llm

MEDIUM-5

Banner content is not GDPR compliant

Cookie banner does not meet GDPR compliance requirements

lacks mention of third-party data sharing

unclear about the consequences of allowing only essential cookies

does not specify what constitutes "more relevant content and adverts"

could be more explicit about user rights to withdraw consent

Banner Text Analyzed:

"Cookie settings We use cookies and similar technologies to collect information from your device when you use our website. Some are essential to make sure our website works properly and is secure. Others are optional and need your consent. For example, where we use cookies to help show you more relevant content and adverts. You can change your settings at any time. More about how we use cookies (opens in a new window) Allow all cookies Allow essential cookies only Manage cookie settings"

PECR Regulation 6(2)(a)

Cookie notices must provide clear, comprehensive information about purposes

View guidance

check_language_consistency

LOW

Banner language (en) matches page language

PECR Regulation 6(2)(a)

Information must be provided in a language users can understand

check_cookie_purposes

MEDIUM

No cookies available for purpose matching

PECR Regulation 6(2)(a)

All cookies used must be disclosed and explained in the notice

View guidance

AI Accessibility Analysis

1 check

check_visual_accessibility

MEDIUM-3

None found; the banner is visually accessible with good contrast ratios; clear button visibility; readable text size.

None found; the banner is visually accessible with good contrast ratios

clear button visibility

readable text size.

Equality Act 2010

Cookie banners must be accessible to users with disabilities including visual impairments

View guidance

Consent Verification

4 checks1 failed

click_reject_button

Clicked element <button#onetrust-reject-all-handler.ot-button-order-1> text='Allow essential cookies only'

wait_after_reject

Waited 2000ms

check_cookies_after_reject

CRITICAL-25

Found 1 non-essential cookie(s): [FPID] (after clicking: <button#onetrust-reject-all-handler.ot-button-order-1> text='Allow essential cookies only')

FPID

Button clicked to reject cookies: <button#onetrust-reject-all-handler.ot-button-order-1> text='Allow essential cookies only'

Non-Essential Cookies:

FPIDfunctional12mo

": The cookie named FPID with a long expiration period is likely used to store user preferences or settings across sessions on the nationwide.co.uk domain, making it fall under the functional category."

UK GDPR Article 7(3), PECR Regulation 6

When consent is withdrawn, cookies must be removed - continued tracking is unlawful

View guidance

verify_banner_dismissed

LOW

Element is no longer accessible (dismissed/removed from DOM)

Accessibility

1 check All passed

wcag_aa_scan

HIGH

No accessibility violations found (WCAG AA)

Public Sector Bodies Accessibility Regulations 2018, Equality Act 2010

UK websites must meet WCAG 2.1 Level AA standards; failure may constitute disability discrimination

View guidance

Evidence Collection

2 checks All passed

capture_html_after_reject

INFO

Captured HTML (465916 bytes) from https://www.nationwide.co.uk/

Captured HTML:

View rendered

capture_cookies_after_reject

INFO

Captured 10 cookies

Captured Cookies:

View full list

Report Generation

2 checks All passed

generate_summary

INFO

AI summary generated successfully

generate_pdf

INFO

PDF report generated: https://smesolutions.uk/artifacts/artifacts/3ab5cf22-7f2a-4bf5-92fd-958e31f221bc/report.pdf

Other Checks

1 check All passed

screenshot_after_reject

Screenshot saved: https://smesolutions.uk/artifacts/artifacts/3ab5cf22-7f2a-4bf5-92fd-958e31f221bc/screenshots/after_rejection.png

Screenshot Evidence:

Click to view full size

Full Compliance Report

Loading PDF viewer...