Compliance Score
pro/v1/score/complianceCalculates a composite compliance score (0-100) from 12 weighted components: cookie consent mechanism (16%), privacy policy presence and quality (15%), GDPR compliance signals (14%), terms of service (8%), CCPA/CPRA compliance (8%), security disclosure via security.txt (8%), contact/DPO information (8%), accessibility statement (6%), technical accessibility (5%), children's data protection (4%), cookie technical compliance (4%), and multi-state US privacy (4%). Returns a letter grade (A+ to F), detailed breakdown with per-component findings, and actionable recommendations for improving compliance posture across GDPR, CCPA, ePrivacy Directive, and accessibility requirements.
What It Does
Fetches the domain's main page and up to 5 sub-pages (privacy policy, terms, accessibility statement, contact, CCPA opt-out) plus /.well-known/security.txt. Detects consent management platforms (OneTrust, CookieBot, Quantcast, etc.), IAB TCF v2 API signals, and granular consent options. Analyzes privacy policy content for GDPR terms (data rights, legal basis, DPO, consent withdrawal, transfer mechanisms) and CCPA terms (California disclosures, right to know/delete). Parses security.txt per RFC 9116 for required fields. Detects accessibility statement with WCAG level references. Checks contact pages for physical address, email, and impressum compliance. Also evaluates technical accessibility via automated audit, children's data protection (COPPA, age gates), cookie security attributes, and multi-state US privacy signals (GPC, universal opt-out, AI disclosure).
Why It's Useful
Global privacy regulations (GDPR, CCPA/CPRA, ePrivacy Directive) require specific disclosures, consent mechanisms, and contact information. A single compliance score lets you audit your own domains, track improvements over time, and demonstrate compliance readiness to stakeholders. Component breakdowns identify exactly which compliance areas need attention.
Use Cases
Self-Audit Before Launch
Run a compliance score check on your own domain before launching to new markets (EU, California). Identify missing privacy policy sections, absent cookie consent, or missing security.txt before regulatory exposure increases.
Catch compliance gaps before regulators or users flag them — avoid fines and reputational damage.
Continuous Compliance Monitoring
Schedule periodic compliance score checks via domain monitoring subscriptions. Get alerted when score drops — for example, when a CMS update removes the cookie consent banner or a deploy breaks the privacy policy page.
Detect compliance regressions immediately rather than during the next manual audit.
Vendor Privacy Assessment
Score vendor and partner domains for compliance signals as part of due diligence. A vendor without a privacy policy, cookie consent, or security.txt may pose data handling risks to your organization.
Quantify vendor compliance posture with a single metric for risk assessments and procurement decisions.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to calculate compliance score for (e.g., example.com)Example: edgedns.dev |
Response Fields
| Field | Type | Description |
|---|---|---|
domain | string | The scored domain |
score | number | Composite compliance score 0-100 (weighted sum of 12 components) |
grade | string | Letter grade: A+ (95-100), A (85-94), B (70-84), C (50-69), D (30-49), F (0-29) |
gradeDescription | string | Human-readable grade description (e.g., "Good - adequate with room for improvement") |
breakdown | object | Per-component scores with score, max, and details for each of the 12 compliance factors |
breakdown.cookieConsent | object | Cookie consent mechanism: CMP detection, IAB TCF, granular options, reject-all (max 16 pts) |
breakdown.privacyPolicy | object | Privacy policy presence, word count, GDPR/CCPA terms, contact info (max 15 pts) |
breakdown.gdpr | object | GDPR signals: data rights, legal basis, DPO, consent withdrawal, transfer mechanism (max 14 pts) |
breakdown.termsOfService | object | Terms of service presence and document quality (max 8 pts) |
breakdown.ccpa | object | CCPA/CPRA: Do Not Sell link, opt-out, California disclosures (max 8 pts) |
breakdown.securityDisclosure | object | security.txt per RFC 9116: Contact, Expires, Policy, PGP signing (max 8 pts) |
breakdown.contactInfo | object | Contact page, physical address, email, impressum (max 8 pts) |
breakdown.accessibilityStatement | object | Accessibility statement with WCAG level and contact info (max 6 pts) |
breakdown.technicalAccessibility | object | Technical accessibility from automated WCAG audit score (max 5 pts) |
breakdown.childrenProtection | object | Children's data protection: COPPA notice, age gate, parental consent (max 4 pts) |
breakdown.cookieTechnical | object | Cookie security: Secure flag, SameSite, third-party count, cookie wall penalty (max 4 pts) |
breakdown.multiStatePrivacy | object | Multi-state US privacy: GPC support, universal opt-out, state references, AI disclosure (max 4 pts) |
recommendations | array | Prioritized list of actionable compliance improvements |
componentCount | number | Number of compliance components evaluated (12) |
partialFailure | boolean | Whether any page fetches failed (score may be incomplete) |
confidence | object | Result confidence indicator: level (high/medium/low) and limitations list |
discoveryMetadata | object | URL discovery debugging metadata: urlsDiscovered (per-type), cmsDetected (platform or null), sitemapFound (boolean) |
Code Examples
curl "https://api.edgedns.dev/v1/score/compliance" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "domain=edgedns.dev"const response = await fetch(
'https://api.edgedns.dev/v1/score/compliance?domain=edgedns.dev',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/score/compliance',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'domain': 'edgedns.dev'
}
)
data = response.json()
print(data)Read the full Compliance Score guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.
Try This Endpoint
Test the Compliance Score endpoint live in the playground.