santander.co.uk
UK compliance audit.
How the score was calculated
- Starting score
- 100
- 1 medium finding
- −5
- Final score
- 95
AI Analysis
The Santander UK website has largely met UK GDPR and PECR compliance standards, scoring 95/100 with 26 passed checks but failing one check and having two errors. However, the cookie consent mechanism is non-compliant with GDPR requirements due to a lack of explanation for cookie usage, absence of information on third-party data sharing, and unclear consequences of rejecting all cookies.
Report Details
- Playbook
- UK Cookie Compliance
- Domain
- santander.co.uk
- Started At
- 2 Jan 2026, 12:07
- Duration
- 2m 10s
- Total Checks
- 37
- Report ID
- vzHBm-9pa922
Check Results
Data Capture
2 checks All passedcapture_html_initial
INFOCaptured HTML (105560 bytes) from https://www.santander.co.uk/
Captured HTML:
View rendered (opens in new tab)Pre-Consent Cookies
1 check All passedcheck_initial_cookies
CRITICALNo non-essential cookies found
Cookies (except strictly necessary) require user consent BEFORE being set
View guidance (opens in new tab)Cookie Consent Banner
6 checks All passedfind_banner
INFOFound consent banner via heuristic (height: 409px)
Clear and comprehensive information must be provided about cookie use
View guidance (opens in new tab)find_cookie_banner
INFOValue true == true: true
verify_banner_visible
INFOElement visibility is true as expected
screenshot_banner
INFOScreenshot saved: https://smesolutions.uk/artifacts/artifacts/100378b0-e6bb-435a-802e-9fc00c290704/screenshots/cookie_banner.png
Screenshot Evidence:
extract_banner_text
Extracted 89 words
check_banner_content
LOWValue 89 >= 10: true
Cookie notice must provide clear, comprehensive information about purposes
View guidance (opens in new tab)Cookie Controls
4 checks All passedfind_reject_button_semantic
INFOFound reject button: <button#onetrust-reject-all-handler> text='Reject all'
find_accept_button_semantic
INFOFound accept button: <button#onetrust-accept-btn-handler> text='Accept all'
find_reject_button_any
CRITICALValue 1 == 1: true
find_accept_button_any
Value 1 == 1: true
Dark Pattern Detection
1 check All passedcompare_button_prominence
HIGHButtons have similar prominence
Reject option must have equal prominence to accept - asymmetric design is a deceptive pattern
View guidance (opens in new tab)AI Dark Pattern Analysis
2 checks All passedcheck_dark_patterns_vision
HIGHNo specific dark patterns identified in cookie banner
Visual deceptive patterns including color manipulation and hidden controls are prohibited
View guidance (opens in new tab)check_deceptive_buttons
HIGHButton labels are clear and not deceptive
Button labels must accurately reflect their function without ambiguity or deception
View guidance (opens in new tab)AI Content Analysis
3 checks1 failedcheck_banner_quality_llm
MEDIUM-5Banner content is not GDPR compliant
Banner Text Analyzed:
Cookie notices must provide clear, comprehensive information about purposes
View guidance (opens in new tab)check_language_consistency
LOWBanner language (en) matches page language
Information must be provided in a language users can understand
check_cookie_purposes
MEDIUMNo cookies available for purpose matching
All cookies used must be disclosed and explained in the notice
View guidance (opens in new tab)AI Accessibility Analysis
1 check All passedcheck_visual_accessibility
MEDIUMBanner meets visual accessibility standards (score: 50/100)
Cookie banners must be accessible to users with disabilities including visual impairments
View guidance (opens in new tab)Consent Verification
5 checks All passedclick_reject_button
Clicked element <button#onetrust-reject-all-handler> text='Reject all'
wait_after_reject
Waited 2000ms
check_cookies_after_reject
CRITICALNo non-essential cookies found
When consent is withdrawn, cookies must be removed - continued tracking is unlawful
View guidance (opens in new tab)verify_cookies_cleared
CRITICALValue 0 == 0: true
Withdrawal of consent must be as easy as giving it; cookies must be deleted upon rejection
View guidance (opens in new tab)verify_banner_dismissed
LOWElement is no longer accessible (dismissed/removed from DOM)
Accessibility
1 check All passedwcag_aa_scan
HIGHNo accessibility violations found (WCAG AA)
UK websites must meet WCAG 2.1 Level AA standards; failure may constitute disability discrimination
View guidance (opens in new tab)Evidence Collection
2 checks All passedcapture_html_after_reject
INFOCaptured HTML (224449 bytes) from https://www.santander.co.uk/
Captured HTML:
View rendered (opens in new tab)capture_cookies_after_reject
INFOCaptured 2 cookies
Captured Cookies:
View full list (opens in new tab)Report Generation
2 checks All passedgenerate_summary
INFOAI summary generated successfully
generate_pdf
INFOPDF report generated: https://smesolutions.uk/artifacts/artifacts/100378b0-e6bb-435a-802e-9fc00c290704/report.pdf
Other Checks
2 checksscreenshot_initial
INFOExecution error: failed to upload to S3: operation error S3: PutObject, https response error StatusCode: 413, RequestID: , HostID: , error while deserializing xml error response : XML syntax error on line 6: element <hr> closed by </body>
screenshot_after_reject
Execution error: failed to upload to S3: operation error S3: PutObject, https response error StatusCode: 413, RequestID: , HostID: , error while deserializing xml error response : XML syntax error on line 6: element <hr> closed by </body>
Full Compliance Report
Loading PDF viewer...
Share this report
Wear the badge.
Live preview
Drop one of these snippets into your site footer, About page, or README. The badge auto-links back to this report so visitors can verify the result.