Tracker & cookie scanner
Find out which tracking scripts your site runs and whether your consent setup matches - with an instant compliance-risk flag. No email gate.
Instant, no signup. We scan your page's HTML for tracking scripts and consent setup.
Quick answer: A tracker scanner inspects a web page for the third-party scripts that collect visitor data - analytics, advertising pixels, and session-recording tools - and checks whether a consent banner is present. This free tool does that at the HTML level and flags a compliance risk when consent-requiring trackers run without a detected consent banner.
What this tool can and can't see
This is an HTML-level scan. It detects tracking scripts and consent-banner code embedded in your page markup and counts third-party script domains. It does not render the page in a real browser, so it can't record the exact cookies set at runtime or scripts injected later by a tag manager. For a full runtime cookie audit, pair this with a browser-based scanner. We're upfront about scope so you can trust the result.
Common trackers and what they collect
| Tracker | Category | Consent needed? |
|---|---|---|
| Google Analytics 4 | Analytics | Yes (EU/UK) |
| Google Tag Manager | Tag manager | Depends on tags |
| Meta (Facebook) Pixel | Advertising | Yes |
| Hotjar / Clarity | Session recording | Yes |
| Plausible / Fathom | Privacy-friendly analytics | Often no |
How to audit your trackers (step by step)
- Scan your URL above to list the tracking scripts and any consent-banner code in your markup.
- Identify consent-requiring trackers - analytics, advertising pixels, and session recorders that need opt-in in the EU/UK.
- Add or fix a consent banner (CMP) that blocks non-essential trackers until the visitor opts in.
- Gate trackers behind consent - load them only after consent (e.g. Google Consent Mode) instead of on page load.
- Disclose and re-scan - list the trackers in your privacy and cookie policies, then re-scan to confirm the gap is closed.
Why tracker and cookie compliance matters
Cookie and tracker compliance has teeth. Regulators across the EU have issued substantial fines for loading analytics and advertising cookies before consent, and "reject all" must be as easy as "accept all." Beyond fines, there's a trust cost: visitors increasingly notice (and resent) sites that drop a dozen trackers on arrival. And there's a performance cost - every third-party script adds weight and latency that hurts Core Web Vitals and conversions. Auditing what you actually run is the first step to fixing all three.
There's also a data-quality angle: if your consent setup is misconfigured, you may be collecting analytics you legally can't use, or - just as common - blocking analytics you're allowed to collect, leaving you flying blind. Knowing exactly which trackers fire, and when, is the foundation of a setup that's both compliant and useful.
GDPR vs CCPA: a quick guide
| Aspect | GDPR / ePrivacy (EU/UK) | CCPA / CPRA (California) |
|---|---|---|
| Consent model | Opt-in (block until consent) | Opt-out (allow with a way to opt out) |
| Banner required? | Yes, before non-essential cookies | A "Do Not Sell/Share" link/control |
| Applies to | Anyone serving EU/UK visitors | Qualifying businesses with CA consumers |
| Key risk | Trackers firing before opt-in | No opt-out mechanism |
This is general information, not legal advice. Confirm your obligations with a qualified professional for your jurisdiction.
How to fix a consent gap
If the scan flags consent-requiring trackers with no detected banner, the fix is a consent management platform (CMP) configured to block by default. Route your trackers through it (or through Google Tag Manager with Consent Mode) so nothing non-essential fires until the visitor opts in, offer an equally prominent "reject all", and document every tracker in your cookie policy. Test it by reloading with cookies cleared and confirming no analytics or pixel requests go out before you click accept.
Frequently asked questions
- What does this scanner detect?
- Known tracking scripts (GA4, GTM, Meta Pixel, LinkedIn, TikTok, Hotjar, Clarity, HubSpot, and more), consent-banner code, and third-party script domains - then flags consent gaps.
- Does it capture actual cookies?
- No - that needs a headless browser. This is an HTML-level scan of scripts and consent code. Pair with a browser-based scanner for a full runtime audit.
- Do I need a consent banner?
- If you serve EU/UK users with analytics or ad trackers, GDPR/ePrivacy generally require prior consent. CCPA/CPRA adds opt-out duties for California.
- Is Google Analytics GDPR-compliant?
- It can be, with consent-gated loading, Consent Mode, and disclosure in your policies. Loading GA before consent in the EU is a common complaint source.
- Is this scanner free?
- Yes - free, no signup, instant result. No email gate.
Related free tools
Keep going with these tools
Website Security Scanner
Is your website safe?
SSL & Security Headers Checker
See if your site is properly hardened
Website Tech Stack Checker
What is this site built with?
SERP Snippet Preview
See your page in Google before you publish
DNS Lookup & Checker
Check any domain's DNS records instantly
Domain Age & WHOIS Checker
How old is any domain?
Want a team to handle it for you? We design and build fast, SEO-ready websites that convert. Explore AI web development.
Related guides
Go deeper with our guides
Practical, up-to-date guides on the strategy, costs, and execution behind this tool.
Website Maintenance Checklist 2026: Keep Your Site Secure and Fast
Monthly, quarterly, and annual tasks to keep your small business site secure, fast, and converting.
Technical SEO Checklist for Small Business Websites in 2026
Fix the technical SEO issues holding your site back: crawlability, indexation, site speed, and schema markup.
Ready to ship your next product?
Tell us what you're building. Senior engineers will scope, plan, and start delivering your product with production-ready architecture - fast.
