Free CNDP audit in 30 seconds —
CNDP, security, GDPR
Three independent scores in under a minute. No signup, no mandatory email.Analysis grounded in Law 09-08, decree 2-09-165 and Mozilla / OWASP standards.
What the tool checks
Eight dimensions audited in 30 seconds
Our automated audit systematically combines legal and technical angles. A site can have a perfect policy and a Mozilla F score: for us, that is not compliant.
Presence of mandatory notices
Legal notice, privacy policy, cookies policy, security.txt. Detection of missing, empty or GDPR-copy-pasted pages that are not adapted to Law 09-08.Compliance with Law 09-08
Verification of the key principles of Law 09-08 and decree 2-09-165: stated purposes, informed rights, references to the CNDP, mention of the receipt if available, tracking cookies detected.HTTP header security
Content-Security-Policy, HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy. Comparison with Mozilla Observatory scoring.TLS and HTTPS
HTTP → HTTPS redirection, valid certificate, TLS version, cipher suites. Detection of configurations that mix HTTP and HTTPS or still expose TLS 1.0/1.1.Cookies and trackers
Inventory of cookies set on landing on the home page, before any consent. Detection of Google, Meta, LinkedIn, TikTok trackers and other third-party scripts loaded by default.GDPR compliance
For sites exposed to European visitors: alignment with the GDPR (prior information, legal basis, retention, rights). Useful for exports, e-commerce, EU partnerships.Email anti-spoofing
SPF, DKIM and DMARC checks on the domain. A domain without DMARC means anyone can send email on your behalf, which is a security issue even before the CNDP question.Indicative remediation plan
For each detected issue: relevant legal article, risk level, and order of magnitude for remediation effort. The full report (on request) details each point.
How it works
Five steps, about a minute
- 1
Submit the URL
Enter the public URL of your site (for example your-site.ma). No account required, no mandatory email at this stage.
- 2
Non-intrusive crawl
Our robot visits the home page and the detected legal pages (legal notice, privacy policy, cookies). No intrusion, no aggressive scan.
- 3
Legal and technical cross-checking
Observed content is compared with the requirements of Law 09-08, decree 2-09-165, the GDPR, and Mozilla Observatory / OWASP ASVS L1 standards.
- 4
Three scores and summary
Immediate display of three independent scores (CNDP, security, GDPR), the number of detected issues by severity, and an executive summary.
- 5
Detailed report (optional)
If you want the article-by-article detail and the costed remediation plan, you can leave us an email. No automated commercial follow-up.
Frequently asked questions
About the free audit
Is the audit really free?
Yes. The immediate score and summary are free, with no mandatory email and no signup. The detailed report is also free; it is sent to you by email on request. We only charge for in-depth manual audits, engagements and roll-out support.
Is my site exposed or audited “privately”?
The audit is strictly private. The report contains no personal information. We never publish a site's score by name nor use the results for cross-commercial purposes. It is a non-negotiable house rule.
How many pages do you analyse?
The crawl covers the home page and the legal pages automatically detected (legal notice, privacy policy, cookies, contact). A maximum of three pages to respect your infrastructure. A manual audit covers the full scope you define.
How reliable is this audit?
It is an indicative automated audit. It accurately detects technical issues (headers, TLS, cookies) and missing notices. It cannot replace a manual audit on topics requiring internal access (records of processing, processor contracts, HR setup, video surveillance). Our report states this explicitly.
Am I taking any risk by using this tool?
No risk for your site: the audit is non-intrusive, equivalent to a human visitor browsing your public pages. No CNDP risk: we never share your score or findings with a third party. The only risk is discovering that your site needs an update.
What to do after the audit?
Three options. (1) You remediate in-house or with your current provider. Our report is detailed enough for that. (2) You request an in-depth manual audit to cover topics not visible from outside. (3) You start a 90-day compliance roll-out engagement.
The automated audit is a starting point, not an end
For topics not visible from outside — records, processors, HR, international transfers, video surveillance — an in-depth manual audit is essential. On quote, delivered in 3 to 6 weeks.