Discover external trackers, advertising pixels, analytics libraries, and consent gaps in seconds. Protect your visitors and stay compliant.
Initialising scan…
A third-party scanner is a security and compliance tool that analyses any web page's source code to identify every external script, tracker pixel, and third-party dependency loading from outside the primary domain. Modern websites routinely embed dozens of external JavaScript files — from analytics platforms like Google Analytics and Mixpanel, to advertising pixels such as Meta Pixel and TikTok Pixel, CRM widgets like Intercom, and A/B testing libraries like Optimizely. While each of these serves a legitimate business purpose, collectively they represent a significant website vulnerability surface. A single compromised CDN or malicious vendor update can expose your visitors to data theft, session hijacking, or credential phishing — a class of attack known as a supply-chain attack.
Our third-party detector goes beyond simply listing script sources. It classifies each resource by category — Analytics, Advertising, Tag Manager, CDN, Payment, Consent Management — and assigns a risk level based on whether the script is loaded asynchronously, whether it carries a Subresource Integrity (SRI) hash, and whether it operates in a category that requires prior user consent under GDPR and ePrivacy regulations. Tracking scripts that fire before consent create a compliance gap that can result in fines from data protection authorities.
To use the tool, simply enter any public URL and click Scan Now. The scanner fetches the page, parses all <script> tags, resolves relative paths, and cross-references each host against a curated vendor database of over 60 known third-party providers. Results are displayed in a colour-coded table filterable by category and risk level. You also receive a compliance score that reflects the presence of a Consent Management Platform (CMP), Content Security Policy (CSP) headers, and the ratio of high-risk to low-risk third-party dependencies.
Common use cases include privacy audits ahead of a GDPR/CCPA review, pre-launch security checks for e-commerce stores, tag governance reviews to identify zombie tags still firing after a vendor contract ends, and performance audits to detect render-blocking scripts that slow Core Web Vitals. Security teams also use the external JavaScript checker to verify that third-party assets carry valid SRI hashes and to detect unauthorised scripts injected by browser extensions or ad networks. Export results as JSON or CSV to include in compliance reports or share with your development team.
Everything you need to audit external scripts, track consent compliance, and reduce third-party risk.
Detects every <script src>, preloaded JS, and inline tracker snippet on the page in a single scan.
Auto-identifies 60+ known vendors — Google Analytics, Meta Pixel, Stripe, Hotjar, OneTrust and more — grouped by category.
Each script receives a risk rating (High / Medium / Low) based on category, async loading, and SRI integrity attributes.
Identifies trackers that require prior user consent and checks whether a Consent Management Platform (CMP) is present.
Detects Content Security Policy meta tags to assess whether your site actively blocks unauthorised script injection.
A 0–100 heuristic score summarising your site's overall third-party risk and consent-readiness at a glance.
Download full scan results as CSV or JSON for use in compliance reports, security audits, or developer handoffs.
Flags every third-party script missing async or defer that could be blocking your page's rendering.
A four-step process from URL input to actionable compliance report.
Type or paste any public website address into the scanner. The tool auto-adds HTTPS if omitted and validates the URL before scanning.
Our server fetches the live HTML of the page — following redirects, resolving the final URL, and capturing the rendered source for analysis.
Every <script> tag, preloaded JS resource, and inline tracker snippet is extracted, resolved to an absolute URL, and cross-referenced against the vendor database.
Scripts are classified by vendor, category, and risk level. Consent gaps, missing CSP headers, and render-blocking issues are surfaced in the compliance score.
A third-party scanner analyses any web page to identify all external JavaScript files, tracking pixels, analytics libraries, and ad networks loaded from outside the primary domain. It helps you understand your site's external dependencies and their associated privacy and security risks.
External scripts execute in your visitors' browsers with the same privileges as your own code. If a vendor's CDN is compromised or a script is updated with malicious content, attackers can steal credentials, inject malware, or redirect users — a supply-chain attack. Without SRI hashes, there is no verification that the script hasn't been tampered with.
A consent compliance gap occurs when analytics, advertising, or marketing trackers load and collect data before a visitor has accepted your cookie policy. Under GDPR and ePrivacy Directive, this is unlawful and can result in regulatory fines. A CMP must intercept these scripts until consent is granted.
The score starts at 100 and deducts points for: absence of a CMP when consent-requiring trackers are present (−30), each high-risk tracker (up to −40), render-blocking third-party scripts missing async/defer (up to −15), and absence of a Content Security Policy (−10). The result is a 0–100 heuristic, not a legal compliance certification.
This tool analyses the raw HTML returned by the server, including inline script blocks. Scripts loaded dynamically by JavaScript after the page renders (e.g. via tag managers post-consent) may not all be captured. For full dynamic analysis, use a browser-based auditing tool alongside this scanner.
SRI is a browser security feature that allows you to embed a cryptographic hash of a remote script in your HTML. If the fetched file doesn't match the hash, the browser refuses to execute it — preventing supply-chain attacks. This scanner checks whether external scripts carry valid integrity attributes.
SEOWebChecker.com offers 100+ free online tools for SEO, security, development, and performance testing.