Skip to main content
Free Tools

Tracker & cookie scanner

Find out which tracking scripts your site runs and whether your consent setup matches - with an instant compliance-risk flag. No email gate.

No signup or emailInstant resultHTML-level scan

Instant, no signup. We scan your page's HTML for tracking scripts and consent setup.

Quick answer: A tracker scanner inspects a web page for the third-party scripts that collect visitor data - analytics, advertising pixels, and session-recording tools - and checks whether a consent banner is present. This free tool does that at the HTML level and flags a compliance risk when consent-requiring trackers run without a detected consent banner.

What this tool can and can't see

This is an HTML-level scan. It detects tracking scripts and consent-banner code embedded in your page markup and counts third-party script domains. It does not render the page in a real browser, so it can't record the exact cookies set at runtime or scripts injected later by a tag manager. For a full runtime cookie audit, pair this with a browser-based scanner. We're upfront about scope so you can trust the result.

Common trackers and what they collect

TrackerCategoryConsent needed?
Google Analytics 4AnalyticsYes (EU/UK)
Google Tag ManagerTag managerDepends on tags
Meta (Facebook) PixelAdvertisingYes
Hotjar / ClaritySession recordingYes
Plausible / FathomPrivacy-friendly analyticsOften no

How to audit your trackers (step by step)

  1. Scan your URL above to list the tracking scripts and any consent-banner code in your markup.
  2. Identify consent-requiring trackers - analytics, advertising pixels, and session recorders that need opt-in in the EU/UK.
  3. Add or fix a consent banner (CMP) that blocks non-essential trackers until the visitor opts in.
  4. Gate trackers behind consent - load them only after consent (e.g. Google Consent Mode) instead of on page load.
  5. Disclose and re-scan - list the trackers in your privacy and cookie policies, then re-scan to confirm the gap is closed.

Why tracker and cookie compliance matters

Cookie and tracker compliance has teeth. Regulators across the EU have issued substantial fines for loading analytics and advertising cookies before consent, and "reject all" must be as easy as "accept all." Beyond fines, there's a trust cost: visitors increasingly notice (and resent) sites that drop a dozen trackers on arrival. And there's a performance cost - every third-party script adds weight and latency that hurts Core Web Vitals and conversions. Auditing what you actually run is the first step to fixing all three.

There's also a data-quality angle: if your consent setup is misconfigured, you may be collecting analytics you legally can't use, or - just as common - blocking analytics you're allowed to collect, leaving you flying blind. Knowing exactly which trackers fire, and when, is the foundation of a setup that's both compliant and useful.

GDPR vs CCPA: a quick guide

AspectGDPR / ePrivacy (EU/UK)CCPA / CPRA (California)
Consent modelOpt-in (block until consent)Opt-out (allow with a way to opt out)
Banner required?Yes, before non-essential cookiesA "Do Not Sell/Share" link/control
Applies toAnyone serving EU/UK visitorsQualifying businesses with CA consumers
Key riskTrackers firing before opt-inNo opt-out mechanism

This is general information, not legal advice. Confirm your obligations with a qualified professional for your jurisdiction.

How to fix a consent gap

If the scan flags consent-requiring trackers with no detected banner, the fix is a consent management platform (CMP) configured to block by default. Route your trackers through it (or through Google Tag Manager with Consent Mode) so nothing non-essential fires until the visitor opts in, offer an equally prominent "reject all", and document every tracker in your cookie policy. Test it by reloading with cookies cleared and confirming no analytics or pixel requests go out before you click accept.

Frequently asked questions

What does this scanner detect?
Known tracking scripts (GA4, GTM, Meta Pixel, LinkedIn, TikTok, Hotjar, Clarity, HubSpot, and more), consent-banner code, and third-party script domains - then flags consent gaps.
Does it capture actual cookies?
No - that needs a headless browser. This is an HTML-level scan of scripts and consent code. Pair with a browser-based scanner for a full runtime audit.
Do I need a consent banner?
If you serve EU/UK users with analytics or ad trackers, GDPR/ePrivacy generally require prior consent. CCPA/CPRA adds opt-out duties for California.
Is Google Analytics GDPR-compliant?
It can be, with consent-gated loading, Consent Mode, and disclosure in your policies. Loading GA before consent in the EU is a common complaint source.
Is this scanner free?
Yes - free, no signup, instant result. No email gate.
Launch Faster

Ready to ship your next product?

Tell us what you're building. Senior engineers will scope, plan, and start delivering your product with production-ready architecture - fast.

Talk to real engineers
Clear scope in one call
No obligation