Does your site load trackers before visitors consent?

This tool performs static analysis of your page's HTML source code. It detects tracking scripts, cookies, and consent mechanisms by pattern matching against a database of 60+ known trackers and 17 consent management platforms.

Static analysis catches the vast majority of real-world tracking implementations because most trackers are loaded via <script> tags or inline code that's visible in the HTML source. The evidence is deterministic and reproducible: if a tracker script exists in your HTML without consent gating, it will fire every time the page loads.

This tool does not execute JavaScript. Trackers loaded purely through custom dynamic script injection (not via GTM or standard script tags) may not be detected. For sites using complex custom loaders, results may be incomplete. When in doubt, supplement this scan with a manual check using your browser's DevTools Network tab.

Yes, under the ePrivacy Directive Article 5(3), setting non-essential cookies or accessing a user's device for tracking requires prior consent. Analytics cookies do not qualify for the "strictly necessary" exemption. Multiple EU data protection authorities (Austria, France, Italy) have issued formal orders against websites loading Google Analytics without valid consent.

Consent Mode v2 in "advanced" mode still sends cookieless pings to Google including the visitor's IP address and page URL, even when consent is denied. No data protection authority has ruled on this yet, which is why we flag it as a warning rather than a violation. The legal status is genuinely contested.

Loading GTM transmits the visitor's IP address to Google servers regardless of which tags fire inside the container. In August 2025, a German court (VG Hannover) ruled that this requires consent under German telecom privacy law (TTDSG). In other EU countries, this is a warning rather than a clear violation.

Having a cookie banner is not the same as properly gating your scripts behind it. Many sites install a consent banner but leave their tracking scripts hardcoded in the HTML, meaning the trackers fire immediately on page load regardless of what the visitor clicks. To fix this, your scripts need to be deferred (e.g., with type="text/plain") and only activated after consent is granted through your CMP. See our full guide: Do I Need a Cookie Banner on My Website?

This tool analyzes your HTML source statically. It does not detect trackers that are loaded exclusively through custom JavaScript bundles with no static script tags. It also does not execute JavaScript, so it cannot observe runtime cookie behavior. For most websites, static analysis catches 90%+ of tracking implementations. If your site uses a custom dynamic loader, supplement this check with your browser's DevTools.

Yes, completely free. No signup, no email required. We built this tool because we believe every website owner should be able to check their compliance without paying for an enterprise audit. Clickport is a cookieless analytics platform that does not require a consent banner. This checker is our way of showing what that difference looks like in practice.