Waivern Cookie Consent Analyser
Server Details
Audits websites for cookie consent compliance across major privacy frameworks. Point it at any URL and get a structured PASS/FAIL checklist with regulatory citations and fix recommendations — no browser, no manual inspection required.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.4/5 across 5 of 5 tools scored.
Each tool has a distinct purpose: starting a scan, listing history, checking status, retrieving full report, and getting failing checks only. No overlap.
All tool names follow a consistent verb_noun pattern with snake_case (e.g., scan_url, list_my_scans, get_scan_status).
Five tools are well-scoped for a scanning service, covering the essential actions without excess or shortage.
The set covers the full scan lifecycle (start, poll, retrieve results) and history. Missing a cancel/delete scan tool, but not critical for typical use.
Available Tools
5 toolsget_failing_checksARead-onlyIdempotentInspect
Return only the FAIL and PARTIAL checks from a completed scan.
This is the most useful tool for an agent writing a compliance summary or remediation plan — it omits all the passing checks and focuses entirely on what needs to be fixed, with actionable recommendations for each issue.
| Name | Required | Description | Default |
|---|---|---|---|
| run_id | Yes | The 8-character run_id returned by scan_url. |
Output Schema
| Name | Required | Description |
|---|---|---|
| result | Yes |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint, idempotentHint, and destructiveHint. The description adds behavioral context: the tool returns 'actionable recommendations for each issue', which informs about output content. No contradictions with annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences: the first directly states the action and scope, the second provides usage context. No wasted words, front-loaded with the most critical information.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's simplicity (one parameter, annotations present, output schema exists), the description provides complete context: what it does, when to use it, and what the output contains. No gaps.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema coverage is 100% for the single required parameter 'run_id'. The description does not add any additional meaning beyond what the schema already provides. Baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description states exactly what the tool does: 'Return only the FAIL and PARTIAL checks from a completed scan.' It specifies the verb (return), resource (checks), and filtering criterion (FAIL and PARTIAL). It also distinguishes from siblings like get_scan_report which presumably returns all checks.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly recommends use for 'an agent writing a compliance summary or remediation plan' and explains it 'omits all the passing checks and focuses entirely on what needs to be fixed'. While it doesn't explicitly state when not to use it, the context is clear enough.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_scan_reportARead-onlyIdempotentInspect
Retrieve the compliance report for a completed scan.
Always call get_scan_status first to confirm done=True. For a focused
view of what needs fixing, prefer get_failing_checks instead.| Name | Required | Description | Default |
|---|---|---|---|
| run_id | Yes | The 8-character run_id returned by scan_url. | |
| summary_only | No | If True, return only the headline score and per-check PASS/FAIL list without verbose detail. Useful for a quick overview or when token budget is limited. Default false (full report). |
Output Schema
| Name | Required | Description |
|---|---|---|
| url | Yes | Scanned URL. |
| mode | Yes | Compliance framework used. |
| score | No | Overall compliance score 0–100 (summary mode). |
| checks | No | Per-check PASS/FAIL list (summary mode). |
| report | No | Complete report object including full checklist, score, metadata, and AI narrative (full mode). |
| run_id | Yes | 8-character scan identifier. |
| started_at | Yes | ISO 8601 timestamp when the scan started. |
| score_label | No | Score band e.g. 'Good', 'Needs Work', 'Critical' (summary mode). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint=true, idempotentHint=true, destructiveHint=false. Description adds context about needing completion status, but no contradictions. Strong alignment between description and annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Three concise sentences: purpose, precondition, alternative. No fluff, every sentence adds value.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the presence of output schema, annotations, and 100% schema coverage, the description completes all necessary context: what it does, when to use it (and when not), and a required precondition.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with clear descriptions. The description does not add new parameter semantics beyond what schema already provides. Baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clear verb+resource: 'Retrieve the compliance report for a completed scan.' It distinguishes from sibling tools by naming get_failing_checks as an alternative.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicit prerequisite: 'Always call get_scan_status first to confirm done=True.' Also states when to prefer an alternative tool: 'For a focused view of what needs fixing, prefer get_failing_checks instead.'
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_scan_statusARead-onlyIdempotentInspect
Check whether a scan is still running.
Poll this every 10–15 seconds after calling scan_url. When done=True,
call get_scan_report or get_failing_checks to retrieve results.| Name | Required | Description | Default |
|---|---|---|---|
| run_id | Yes | The 8-character run_id returned by scan_url. |
Output Schema
| Name | Required | Description |
|---|---|---|
| done | Yes | True when the scan has finished (success or failure). |
| note | No | Human-readable note when the run is not found. |
| failed | No | True if the scan failed or was not found (present when done). |
| cancelled | No | True if the scan was cancelled (present when done). |
| c3_available | No | True if a C3 HTML detail report is available (present when done successfully). |
| current_step | No | Most recent progress message (present while running). |
| elapsed_seconds | No | Seconds elapsed since scan started (present while running). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate readOnlyHint=true and idempotentHint=true. The description adds valuable behavioral context: polling behavior, expected delay, and transition to result retrieval tools. No contradictions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, no filler. First sentence states purpose, second provides usage workflow. Extremely efficient.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the annotations and output schema (present but not shown), the description fully equips the agent to understand the tool's role, polling behavior, and next steps. Complete for the tool's complexity.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has 100% coverage describing run_id and its format. The description does not add parameter semantics beyond the schema, which is sufficient. Baseline of 3 applies.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states 'Check whether a scan is still running' with a specific verb and resource. It also distinguishes from siblings by indicating when to use get_scan_report or get_failing_checks after completion.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly provides polling interval ('every 10–15 seconds') and conditions for switching to other tools ('When done=True, call get_scan_report or get_failing_checks'). This gives clear guidance on when to use this tool versus alternatives.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
list_my_scansARead-onlyIdempotentInspect
List your recent scans (or recent public scans if anonymous).
Returns scans ordered most-recent first. Use the run_id from any row
to retrieve the full report with get_scan_report or get_failing_checks.| Name | Required | Description | Default |
|---|---|---|---|
| limit | No | Maximum number of scans to return. Must be between 1 and 100. Default 20. |
Output Schema
| Name | Required | Description |
|---|---|---|
| result | Yes |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Adds ordering (most-recent first) and scope (user-specific or public) beyond annotations that indicate read-only and idempotent. Could mention if only completed scans are returned.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two concise sentences front-loaded with purpose and usage hints. No unnecessary words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Provides enough context for a simple list tool with one parameter. Output schema likely covers return fields, so description suffices.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema covers limit parameter fully (range, default). Description adds no extra meaning, so baseline 3 applies.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clearly states the tool lists recent scans, distinguishes from sibling tools (get_scan_report, etc.) by focusing on listing vs. retrieving reports. Includes condition for anonymous users.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Provides guidance to use run_id from results with get_scan_report or get_failing_checks, but lacks explicit when-not-to-use or alternative scenarios.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
scan_urlAInspect
Start a cookie consent compliance scan on the given URL.
The scan runs asynchronously in the background. This tool returns a
run_id immediately — the actual scan takes 60–120 seconds. Use
get_scan_status(run_id) to poll for completion, then call
get_scan_report(run_id) or get_failing_checks(run_id).| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | The website URL to scan, e.g. 'https://example.com'. HTTP is accepted and upgraded to HTTPS automatically. | |
| mode | No | Compliance framework to audit against: 'gdpr' (GDPR/ePrivacy, default), 'ccpa' (US/CCPA), or 'gcm' (Google Consent Mode v2). | gdpr |
| region | No | Geographic location of the probe browser: 'eu' (European IP, default) or 'us' (US IP via proxy). Use 'eu' unless you specifically need a US perspective. | eu |
| ai_enhanced | No | Enable Claude AI narrative analysis layered on top of the automated checklist. Produces richer recommendations but takes longer and consumes Claude API credits. Default false. |
Output Schema
| Name | Required | Description |
|---|---|---|
| url | Yes | The normalised URL being scanned. |
| mode | Yes | Compliance framework in use: 'gdpr', 'ccpa', or 'gcm'. |
| note | Yes | Reminder to poll get_scan_status every 10–15 s. |
| region | Yes | Probe region: 'eu' or 'us'. |
| run_id | Yes | 8-character identifier for this scan run. Pass to get_scan_status / get_scan_report. |
| status | Yes | Always 'started'. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate non-read-only, non-idempotent, non-destructive. The description adds the key behavioral details: async execution, approximate duration (60-120s), and the immediate return of a run_id. This provides useful context beyond annotations, though it could mention error handling or validation.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is four sentences and front-loads the purpose. Every sentence adds value: purpose, async behavior, follow-up instructions. No wasted words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the output schema exists, the description doesn't need to detail return values. It covers core functionality, async behavior, and next steps. It could mention accessibility requirements (public URL) or failure handling, but overall it's quite complete.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, so the schema already documents all parameters well. The description does not add much parameter-specific information; it focuses on workflow. Baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states it starts a cookie consent compliance scan on a given URL. It uses a specific verb ('start') and resource ('compliance scan'). It distinguishes itself from sibling tools by noting that it returns a run_id and that follow-up tools like get_scan_status should be used.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly explains the asynchronous nature: 'runs asynchronously in the background... returns a run_id immediately — the actual scan takes 60–120 seconds.' It then directs the agent to use get_scan_status to poll, then get_scan_report or get_failing_checks. This is excellent guidance for when to use this tool and what to do next.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!