Cookie Consent Compliance Scanner
Server Details
Cookie consent scanner: GDPR, CCPA, GCMv2. PASS/FAIL compliance checklists with fix recommendations.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.4/5 across 5 of 5 tools scored.
Each tool has a clearly distinct purpose: starting a scan, checking status, listing scans, and retrieving reports (full or only failing checks). No two tools overlap in functionality.
All tool names follow the verb_noun pattern in snake_case (e.g., scan_url, get_scan_status, list_my_scans). The pattern is consistent and predictable.
With only 5 tools, the server is well-scoped for its purpose of scanning URLs for cookie consent compliance. Each tool earns its place without redundancy or bloat.
The toolset covers the typical lifecycle: start scan, poll for completion, retrieve results (full or filtered), and list past scans. Minor gaps like a cancel or delete function are absent but not critical for core usage.
Available Tools
5 toolsget_failing_checksARead-onlyIdempotentInspect
Return only the FAIL and PARTIAL checks from a completed scan.
This is the most useful tool for an agent writing a compliance summary or remediation plan — it omits all the passing checks and focuses entirely on what needs to be fixed, with actionable recommendations for each issue.
| Name | Required | Description | Default |
|---|---|---|---|
| run_id | Yes | The 8-character run_id returned by scan_url. |
Output Schema
| Name | Required | Description |
|---|---|---|
| result | Yes |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint, idempotentHint, and destructiveHint. The description adds that the tool supplies actionable recommendations and focuses on fixable issues, providing behavioral context beyond the annotations without contradiction.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two sentences, front-loading the core functionality. Every sentence adds value, and there is no redundancy or filler.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's simplicity (single param, output schema present, annotations provided), the description is sufficiently complete. It connects the tool to its typical use case and differentiates it from siblings. Minor lack of explicit 'completed scan' constraint is acceptable.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 100% schema description coverage for the single parameter run_id, the description adds no further information about the parameter itself. Baseline 3 is appropriate as the description does not enhance parameter understanding beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool returns only FAIL and PARTIAL checks, contrasting with sibling get_scan_report that likely returns all checks. It uses specific verb 'Return' and identifies the resource as checks from a completed scan, effectively differentiating the tool's purpose.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly recommends the tool for writing compliance summaries or remediation plans, providing clear context. While it doesn't list when not to use or name alternatives, it strongly implies when to use it, leaving little ambiguity.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_scan_reportARead-onlyIdempotentInspect
Retrieve the compliance report for a completed scan.
Always call get_scan_status first to confirm done=True. For a focused
view of what needs fixing, prefer get_failing_checks instead.
| Name | Required | Description | Default |
|---|---|---|---|
| run_id | Yes | The 8-character run_id returned by scan_url. | |
| summary_only | No | If True, return only the headline score and per-check PASS/FAIL list without verbose detail. Useful for a quick overview or when token budget is limited. Default false (full report). |
Output Schema
| Name | Required | Description |
|---|---|---|
| url | Yes | Scanned URL. |
| mode | Yes | Compliance framework used. |
| score | No | Overall compliance score 0–100 (summary mode). |
| checks | No | Per-check PASS/FAIL list (summary mode). |
| report | No | Complete report object including full checklist, score, metadata, and AI narrative (full mode). |
| run_id | Yes | 8-character scan identifier. |
| started_at | Yes | ISO 8601 timestamp when the scan started. |
| score_label | No | Score band e.g. 'Good', 'Needs Work', 'Critical' (summary mode). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint=true, idempotentHint=true, and destructiveHint=false, so the tool's safety is clear. The description adds context that the report is for a completed scan and explains the behavior of the 'summary_only' parameter, which is valuable beyond the annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences with no wasted words. The description is front-loaded with the primary action and immediately provides usage context and alternatives.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
The output schema exists, so return values are not needed. The description covers the precondition (scan completed), usage context, and alternative tool. No gaps remain for an agent to misinterpret.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100% with good field descriptions. The description adds value by explaining that 'summary_only' is useful 'for a quick overview or when token budget is limited', which goes beyond the schema's definition.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states 'Retrieve the compliance report for a completed scan' with a specific verb and resource. It distinguishes from the sibling tool 'get_failing_checks' by directing users to that tool for a focused view.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly instructs to call 'get_scan_status' first to confirm completion, and suggests 'get_failing_checks' as an alternative for a targeted view. This provides clear when-to-use and when-not-to-use guidance.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_scan_statusARead-onlyIdempotentInspect
Check whether a scan is still running.
Poll this every 10–15 seconds after calling scan_url. When done=True,
call get_scan_report or get_failing_checks to retrieve results.
| Name | Required | Description | Default |
|---|---|---|---|
| run_id | Yes | The 8-character run_id returned by scan_url. |
Output Schema
| Name | Required | Description |
|---|---|---|
| done | Yes | True when the scan has finished (success or failure). |
| note | No | Human-readable note when the run is not found. |
| failed | No | True if the scan failed or was not found (present when done). |
| cancelled | No | True if the scan was cancelled (present when done). |
| c3_available | No | True if a C3 HTML detail report is available (present when done successfully). |
| current_step | No | Most recent progress message (present while running). |
| elapsed_seconds | No | Seconds elapsed since scan started (present while running). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations declare readOnlyHint, idempotentHint, destructiveHint. The description adds polling behavior and completion trigger, enriching the agent's understanding beyond annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences with no extraneous information; purpose and usage are front-loaded for quick comprehension.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given output schema exists and annotations cover safety, the description covers all essential usage aspects: polling interval, completion condition, and next steps.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema with 100% coverage describes run_id as '8-character run_id returned by scan_url'. The description reinforces this by mentioning polling after scan_url, providing workflow context.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states 'Check whether a scan is still running' and distinguishes from siblings by specifying when to call sibling tools (get_scan_report, get_failing_checks) after completion.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Provides explicit polling interval (every 10-15 seconds after scan_url) and conditions for using alternatives (when done=True, call get_scan_report or get_failing_checks).
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
list_my_scansARead-onlyIdempotentInspect
List your recent scans (or recent public scans if anonymous).
Returns scans ordered most-recent first. Use the run_id from any row
to retrieve the full report with get_scan_report or get_failing_checks.
| Name | Required | Description | Default |
|---|---|---|---|
| limit | No | Maximum number of scans to return. Must be between 1 and 100. Default 20. |
Output Schema
| Name | Required | Description |
|---|---|---|
| result | Yes |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate readOnly and idempotent. Description adds ordering (most-recent first) and differentiates between user scans and public scans for anonymous users. No contradiction; adds valuable context beyond annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, front-loaded with purpose, then usage. No redundant information. Efficiently communicates key aspects.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Output schema exists (context signal). Description covers ordering, user/anonymous distinction, and next steps (use run_id for reports). Fully sufficient for a list tool with good annotations.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% (limit parameter fully described). Description does not add additional meaning to the input parameter beyond what schema provides. Mention of run_id is output-related.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Description clearly states verb 'List' and resource 'scans', with qualifier for anonymous users ('recent public scans if anonymous'). Distinguishes from siblings like get_scan_report and get_failing_checks by focusing on listing vs. retrieving details.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Provides clear context: return ordering and instructions to use run_id for report retrieval. Implicitly suggests not to use this tool if detailed report is needed. Lacks explicit when-not-to-use but offers actionable guidance.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
scan_urlAInspect
Start a cookie consent compliance scan on the given URL.
The scan runs asynchronously in the background. This tool returns a
run_id immediately — the actual scan takes 60–120 seconds. Use
get_scan_status(run_id) to poll for completion, then call
get_scan_report(run_id) or get_failing_checks(run_id).
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | The website URL to scan, e.g. 'https://example.com'. HTTP is accepted and upgraded to HTTPS automatically. | |
| mode | No | Compliance framework to audit against: 'gdpr' (GDPR/ePrivacy, default), 'ccpa' (US/CCPA), or 'gcm' (Google Consent Mode v2). | gdpr |
| region | No | Geographic location of the probe browser: 'eu' (European IP, default) or 'us' (US IP via proxy). Use 'eu' unless you specifically need a US perspective. | eu |
| ai_enhanced | No | Enable Claude AI narrative analysis layered on top of the automated checklist. Produces richer recommendations but takes longer and consumes Claude API credits. Default false. |
Output Schema
| Name | Required | Description |
|---|---|---|
| url | Yes | The normalised URL being scanned. |
| mode | Yes | Compliance framework in use: 'gdpr', 'ccpa', or 'gcm'. |
| note | Yes | Reminder to poll get_scan_status every 10–15 s. |
| region | Yes | Probe region: 'eu' or 'us'. |
| run_id | Yes | 8-character identifier for this scan run. Pass to get_scan_status / get_scan_report. |
| status | Yes | Always 'started'. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations provide readOnlyHint=false and destructiveHint=false, which aligns with the description stating it starts an async scan. The description adds behavioral details (async, 60-120s duration, returns run_id) beyond annotations, aiding correct invocation.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two succinct sentences: first sentence states purpose, second explains async behavior and subsequent tools. No waste, front-loaded, and each sentence adds value.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the output schema exists (so return values are covered), the description completes the workflow picture by referencing sibling tools and explaining the async process. It could mention potential errors but overall is sufficient for the complexity.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%, so the schema already documents all parameters thoroughly. The description adds minimal extra meaning (e.g., HTTP upgrade for URL) but does not significantly enhance understanding beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the action 'Start a cookie consent compliance scan' with a specific verb and resource. It distinguishes from sibling tools (get_scan_status, etc.) by explaining the async workflow and referencing the other tools for polling and results.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Provides explicit guidance on the async nature and recommends polling with get_scan_status, then retrieving results. It does not mention when not to use or alternatives, but the workflow instructions are clear and practical.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!