https://www.setandsetting-retreat.com
Compliance
· 23 checks — WCAG, consent & privacy, language, viewport, cookie inventory, and legal pages rolled into one auditable list.SCORE
73
GRADE
C
FIX
2
REVIEW
6
PASS
12
INFO
3
Checks
2312 PASS 6 REVIEW 2 FIX
FLanguage & i18nActionMissing <html lang>FIX
Language & i18n
ActionMissing <html lang>
Missing <html lang>
Warning::
<html lang> attribute is missing
The lang attribute on <html> is required for screen readers and WCAG 3.1.1 compliance.
Info::
No Content-Language HTTP header
Info::
Language signals are consistent
Page Language ——Content-Language Header ——Consistent Yes
The lang attribute on <html> is required for screen readers and WCAG 3.1.1 compliance.
Why this matters
Without a lang attribute, screen readers mispronounce every word on the page.
Learn more ▾ ▴
An HTML element without lang="..." causes screen readers to fall back to the user's default voice — a French page read in English sounds like nonsense. Setting lang on the <html> element is a one-character fix that lets every assistive tool pronounce content correctly.
Source: W3C WCAG 2.1
DGDPR Article 13 DisclosuresAction4 / 8 Art. 13 categories matched in homepage bodyFIX
GDPR Article 13 Disclosures
Action4 / 8 Art. 13 categories matched in homepage body
4 / 8 Art. 13 categories matched in homepage body
Warning::
GDPR Article 13 disclosure coverage: 4 / 8 categories
Scanned the homepage body text AND the linked /privacy page for GDPR Article 13 disclosures. Matched 4 of 8 categories: Data retention period, International data transfers, Legal basis for processing, Right to lodge a complaint with a supervisory authority. Missing: Data Protection Officer contact (where applicable), Data subject rights (access, erasure, rectification, etc.), Identity / contact details of the data controller, Recipients of personal data. Note: only the FIRST same-origin privacy-policy link is followed; deeper sub-pages (e.g. /legal/data-subject-rights) are not fetched.
Got: 4/8
BCookie Consent & Privacyprivacy policy foundREVIEW
Cookie Consent & Privacy
privacy policy found
privacy policy found
Info::
Privacy policy link found
Got: https://www.setandsetting-retreat.com/legal/datenschutz
Info::
Terms of service link found
Info::
No cookie consent banner detected
Critical::
1 non-essential cookie(s) set without consent banner
Unrecognized (treated as non-essential): _cfuvid
Info::
This is an automated check, not legal advice
BeaverCheck detects technical indicators of consent management. This does not constitute a legal compliance assessment. Consult a privacy professional for GDPR/CCPA compliance.
Consent Banner Not detected Privacy Policy https://www.setandsetting-retreat.com/legal/datenschutz Terms of Service https://www.setandsetting-retreat.com/legal/datenschutz
Pre-consent Cookies
_cfuvid Functional
This is an automated check, not legal advice. Consult a privacy professional for GDPR/CCPA compliance.
Unrecognized (treated as non-essential): _cfuvid
Why this matters
Setting tracking cookies without a consent banner is the single most-fined GDPR violation in EU enforcement actions.
Learn more ▾ ▴
GDPR + ePrivacy require opt-in BEFORE setting non-essential cookies. Loading Google Analytics, Facebook Pixel, or any third-party tracker on page load -- without a consent mechanism -- is the highest-frequency fine pattern in EU enforcement. Add a Consent Management Platform (Cookiebot, OneTrust, Klaro) that blocks tracker scripts until consent.
Source: GDPR + ePrivacy Directive / EU DPA enforcement
BeaverCheck detects technical indicators of consent management. This does not constitute a legal compliance assessment. Consult a privacy professional for GDPR/CCPA compliance.
Why this matters
Disclaimer: legal-page checks identify presence/absence; consult counsel for legal sufficiency.
BAccessibility StatementNo accessibility statement detectedREVIEW
Accessibility Statement
No accessibility statement detected
No accessibility statement detected
Warning::
No accessibility statement detected
Sites are increasingly expected to publish an accessibility statement. Required by EU Web Accessibility Directive 2016/2102 for public-sector bodies; recommended best practice elsewhere. Common URLs: /accessibility, /accessibility-statement, /a11y.
BThird-Party Trackers6 trackers detectedREVIEW
Third-Party Trackers
6 trackers detected
6 trackers detected
Info::
6 third-party trackers detected
Found 3 analytics, 0 advertising, 1 marketing, 1 tag manager, 1 session-replay, 0 heatmap trackers.
Got: 6 trackers
Warning::
1 session-replay tool(s) detected (Hotjar)
Session-replay tools record what users type, click, and scroll. Under GDPR these are high-risk processing requiring explicit consent and (per UK ICO and French CNIL guidance) often a Data Protection Impact Assessment. Mask sensitive form fields and gate firing on user consent.
CLegal Page EcosystemAction2 of 7 expected legal pages detectedREVIEW
Legal Page Ecosystem
Action2 of 7 expected legal pages detected
2 of 7 expected legal pages detected
Info::
Privacy Policy detected
Found at /legal/datenschutz.
Got: /legal/datenschutz
Info::
Terms of Service detected
Found at /legal/datenschutz.
Got: /legal/datenschutz
Info::
Cookie Policy not detected
No link matching common Cookie Policy URL patterns or link text was found. Most websites are expected to have a Cookie Policy, especially those collecting user data.
Info::
Accessibility Statement not detected
No link matching common Accessibility Statement URL patterns or link text was found. Most websites are expected to have a Accessibility Statement, especially those collecting user data.
Info::
DMCA / Copyright Notice not detected
No link matching common DMCA / Copyright Notice URL patterns or link text was found. Most websites are expected to have a DMCA / Copyright Notice, especially those collecting user data.
Info::
Refund / Returns Policy not detected
No link matching common Refund / Returns Policy URL patterns or link text was found. Most websites are expected to have a Refund / Returns Policy, especially those collecting user data.
Info::
Acceptable Use Policy not detected
No link matching common Acceptable Use Policy URL patterns or link text was found. Most websites are expected to have a Acceptable Use Policy, especially those collecting user data.
Privacy Policy/legal/datenschutz
Terms of Service/legal/datenschutz
Cookie PolicyNot found
Accessibility StatementNot found
DMCA / Copyright NoticeNot found
Refund / Returns PolicyNot found
Acceptable Use PolicyNot found
2 of 7 common legal pages detected
CCompliance BadgesAction0 compliance badge(s) detectedREVIEW
Compliance Badges
Action0 compliance badge(s) detected
0 compliance badge(s) detected
Info::
No compliance badges detected
No recognized compliance certification badges or seals were found. This is common — many sites do not display compliance badges.
SOC 2
ISO 27001
PCI DSS
GDPR Certified
HIPAA Compliant
Better Business Bureau
TRUSTe / TrustArc
Privacy Shield
McAfee SECURE / TrustedSite
Norton Secured
Badge detection is based on image alt text, link URLs, and page content. Detection does not verify that certifications are current or valid.
A+WCAG ComplianceNo testable criteriaPASS
WCAG Compliance
No testable criteria
No testable criteria
Level A
Level AA
0
Passed
0
Failed
0
Partial
0
Manual review
0
Not tested
Key accessibility barriers
Links with unclear purpose
6 link(s) have empty or generic text
Screen reader users navigating by link list
Form controls without labels
Assistive technology cannot identify 5 input(s)
Screen reader and voice-control users
Automated testing covers ~30–40% of WCAG criteria. Manual review is recommended for full conformance.
Full WCAG 2.1 AA compliance checklist — paste into a client deliverable or ticket
A+Consent UX DepthNo consent-UX depth issues detectedPASS
Consent UX Depth
No consent-UX depth issues detected
No consent-UX depth issues detected
Info::
No consent-UX depth issues detected
A+Tracker Inventory5 known tracker(s) detectedPASS
Tracker Inventory
5 known tracker(s) detected
5 known tracker(s) detected
Info::
5 known tracker(s) detected
Inventory of trackers loaded by the page (matched against a curated SDK URL registry):
tag-manager: Google Tag Manager | analytics: Google Analytics (UA), Google Analytics 4 | marketing: Meta Pixel | session-replay: Hotjar
Each entry maps a script URL pattern to a known vendor SDK. This is purely informational -- consent posture / pre-consent firing is graded by the consent analyzer.
A+Hreflang ConfigurationNo hreflang tags on this pagePASS
Hreflang Configuration
No hreflang tags on this page
No hreflang tags on this page
Info::
No hreflang tags found (single-language site)
A+Internationalization ExtrasNo additional i18n signals detectedPASS
Internationalization Extras
No additional i18n signals detected
No additional i18n signals detected
Info::
No additional i18n signals detected
A+Readability & TypographyFont sizes and tap targets checkedPASS
Readability & Typography
Font sizes and tap targets checked
Font sizes and tap targets checked
A+Viewport ConfigurationViewport properly configuredPASS
Viewport Configuration
Viewport properly configured
Viewport properly configured
Info::
Viewport meta tag is present
Info::
width=device-width is set
Info::
User zooming is allowed
Viewport Configuration Good
Content
width=device-width, initial-scale=1
width=device-width
Responsive layout enabled
initial-scale=1
Correct initial zoom level
User zooming allowed
Accessibility-friendly — users can zoom
A+Tracking Pixel InventoryNo tracking pixels detectedPASS
Tracking Pixel Inventory
No tracking pixels detected
No tracking pixels detected
Info::
No tracking pixels detected
A+Browser FingerprintingNo browser-fingerprinting libraries detectedPASS
Browser Fingerprinting
No browser-fingerprinting libraries detected
No browser-fingerprinting libraries detected
Info::
No browser-fingerprinting libraries detected
A+Beacon Tracking (sendBeacon)No navigator.sendBeacon usage detected in inline scriptsPASS
Beacon Tracking (sendBeacon)
No navigator.sendBeacon usage detected in inline scripts
No navigator.sendBeacon usage detected in inline scripts
Info::
No navigator.sendBeacon usage detected in inline scripts
A+Copyright Notice© 2026 SET & SETTINGPASS
Copyright Notice
© 2026 SET & SETTING
© 2026 SET & SETTING
Info::
Copyright notice is up to date
Copyright notice is up to date: © 2026 SET & SETTING
Got: © 2026 SET & SETTING
Info::
Copyright holder: SET & SETTING
Copyright Notice ✓ Up to Date
© 2026 SET & SETTING
Year 2026 Entity SET & SETTING
Regulatory Indicators1 regulatory indicator(s) detectedINFO
Regulatory Indicators
1 regulatory indicator(s) detected
1 regulatory indicator(s) detected
Info::
This is a technical scan, not a legal assessment
BeaverCheck detects technical indicators that may suggest regulatory relevance. This is not a compliance audit and should not be relied upon for legal decisions. Consult qualified legal counsel for compliance assessments.
Info::
GDPR indicators detected (strong confidence)
Indicators suggesting GDPR may be relevant: European TLD detected: .de; Privacy policy page found. EU General Data Protection Regulation — governs collection and processing of personal data of EU residents.
Got: 2 indicators: European TLD detected: .de, Privacy policy page found
This is a technical scan, not a legal assessment.
BeaverCheck detects technical indicators that may suggest regulatory relevance. This should not be relied upon for legal decisions. Consult qualified legal counsel.
GDPR Strong
EU General Data Protection Regulation — governs collection and processing of personal data of EU residents.
Indicators detected
- European TLD detected: .de
- Privacy policy page found
Third-Party Data Sharing7 third-party service(s) detectedINFO
Third-Party Data Sharing
7 third-party service(s) detected
7 third-party service(s) detected
Info::
Data inventory for transparency purposes
This inventory identifies third-party services that receive data from your site visitors. Under regulations like GDPR (Article 30), maintaining records of data processing activities is commonly considered a best practice. This automated scan provides a starting point — it may not capture all data flows.
Info::
7 third-party services across 7 categories
7 third-party services detected across 7 categories: Analytics (1), Tag Management (1), Advertising (1), Session Recording (1), Marketing (1), CDN (1), Security (1). Each of these services receives some user data from your site visitors.
Info::
Google Analytics (Analytics)
Detected via script URL. Typically collects: Page views, User behavior, Demographics, Device info, IP address. Privacy policy: https://policies.google.com/privacy. Data Processing Agreement available.
Got: Category: Analytics | Data types: Page views, User behavior, Demographics, Device info, IP address
Info::
Google Tag Manager (Tag Management)
Detected via script URL. Typically collects: Orchestrates other tracking scripts, Page views. Privacy policy: https://policies.google.com/privacy. Data Processing Agreement available.
Got: Category: Tag Management | Data types: Orchestrates other tracking scripts, Page views
Info::
Facebook Pixel (Advertising)
Detected via script URL. Typically collects: Page views, Conversions, User behavior, Ad targeting. Privacy policy: https://www.facebook.com/privacy/policy. Data Processing Agreement available.
Got: Category: Advertising | Data types: Page views, Conversions, User behavior, Ad targeting
Info::
Hotjar (Session Recording)
Detected via script URL. Typically collects: Session recordings, Heatmaps, Click patterns, Form interactions. Privacy policy: https://www.hotjar.com/privacy/. Data Processing Agreement available.
Got: Category: Session Recording | Data types: Session recordings, Heatmaps, Click patterns, Form interactions
Info::
HubSpot (Marketing)
Detected via script URL. Typically collects: Lead tracking, Form submissions, Page views, Email tracking. Privacy policy: https://legal.hubspot.com/privacy-policy. Data Processing Agreement available.
Got: Category: Marketing | Data types: Lead tracking, Form submissions, Page views, Email tracking
Info::
Cloudflare (CDN)
Detected via script URL. Typically collects: IP address (transient), Request metadata. Privacy policy: https://www.cloudflare.com/privacypolicy/. Data Processing Agreement available.
Got: Category: CDN | Data types: IP address (transient), Request metadata
Info::
reCAPTCHA (Security)
Detected via script URL. Typically collects: Browser behavior, Device info, IP address. Privacy policy: https://policies.google.com/privacy. Data Processing Agreement available.
Got: Category: Security | Data types: Browser behavior, Device info, IP address
Analytics (1)
Tag Management (1)
Advertising (1)
Session Recording (1)
Marketing (1)
CDN (1)
Security (1)
Google Analytics Analytics
Detected by: script URL
Data typically collected:
Page viewsUser behaviorDemographicsDevice infoIP address
Privacy policy → DPA available ✓
Google Tag Manager Tag Management
Detected by: script URL
Data typically collected:
Orchestrates other tracking scriptsPage views
Privacy policy → DPA available ✓
Facebook Pixel Advertising
Detected by: script URL
Data typically collected:
Page viewsConversionsUser behaviorAd targeting
Privacy policy → DPA available ✓
Hotjar Session Recording
Detected by: script URL
Data typically collected:
Session recordingsHeatmapsClick patternsForm interactions
Privacy policy → DPA available ✓
HubSpot Marketing
Detected by: script URL
Data typically collected:
Lead trackingForm submissionsPage viewsEmail tracking
Privacy policy → DPA available ✓
Cloudflare CDN
Detected by: script URL
Data typically collected:
IP address (transient)Request metadata
Privacy policy → DPA available ✓
reCAPTCHA Security
Detected by: script URL
Data typically collected:
Browser behaviorDevice infoIP address
Privacy policy → DPA available ✓
This inventory identifies services receiving visitor data.
Under regulations like GDPR Article 30, maintaining records of data processing is commonly considered a best practice. This scan provides a starting point.
Readability Scores2057 words, Flesch-Kincaid grade 13.3INFO
Readability Scores
2057 words, Flesch-Kincaid grade 13.3
Readability Analysis (Flesch-Kincaid)
Grade Level
13.3
Grade 13 (college+)
Reading Ease
28
Very Difficult
Words
2057
Sentences
130
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.