SitePrivacyScore
Now scanning 200+ compliance signals

Instantly Detect Privacy Risks on Your Website

Trusted by developers & security teams

Identify trackers, cookie risks, missing security headers, and compliance gaps. No signup required.

No signup • Free during early access • Results in ~30 seconds

Live Scan Feed

Recent Website Scans

What Does SitePrivacyScore Scan?

Our automated scanner examines your website across six critical privacy and compliance dimensions.

Trackers & Pixels

Detect analytics scripts, advertising trackers, and hidden third-party pixels running in the background.

Security Headers

Check for CSP, HSTS, Referrer-Policy, Permissions-Policy, and X-Frame-Options.

Cookie & Storage Tracking

Identify tracking cookies, long-lived identifiers, and non-essential storage on the user's device.

Consent & GDPR Signals

Detect missing consent banners, absent privacy policies, and compliance configuration gaps.

Consent Banner Validation

Test whether trackers or cookies appear before consent and whether your banner looks technically credible.

Privacy Policy Analysis

Check whether your privacy policy is present and whether the visible site behavior appears to match it.

CCPA / CPRA Signals

Review California privacy policy, opt-out, and tracking disclosures that matter to users and buyers.

Data Transfer Risk

Map visible external vendors and identify likely cross-border processors that raise review and procurement questions.

Session Replay Detection

Check whether Hotjar, Clarity, FullStory, LogRocket, or other replay tooling is visible on first load.

How the Website Privacy Scan Works

Get results in under 30 seconds.

1

Enter Website URL

We analyze public signals and browser-level privacy indicators across the live page.

2

Detect Privacy & Compliance Risks

Our scanner checks trackers, cookies, security headers, and compliance signals in real-time.

3

Get a Full Audit Report

Download an executive-ready report with exact fixes, risk ratings, and prioritized remediation steps.

Why Website Privacy Compliance Matters

Enterprise Vendor Reviews

Procurement and InfoSec teams now routinely scan vendor websites for tracking scripts, missing security headers, and consent violations before signing contracts. A single failed check can delay or block a six-figure deal.

Privacy Regulations

The GDPR, CCPA/CPRA, and ePrivacy Directive impose strict obligations on every website that collects personal data, including IP addresses. Fines for non-compliance can reach €20 million or 4% of global revenue.

Hidden Tracker Risks

Marketing teams frequently add third-party pixels, analytics scripts, and session-replay tools without security review. These scripts can leak PII, create cross-site profiles of your users, and introduce supply-chain attack vectors.

Run Free Privacy Checks

Run individual checks on your website for free, no signup required.

Security Headers Checker

Check CSP, HSTS, X-Frame-Options, and other critical security headers.

Open Tool

Tracker Detector

Detect third-party tracking scripts, ad pixels, and session replay tools.

Open Tool

Cookie Scanner

Identify tracking cookies, their duration, and classification.

Open Tool

GDPR Quick Check

Check consent banner, privacy policy, and cookie compliance signals.

Open Tool
Explore all free tools

Used to Review Website Privacy Risks

Track hidden analytics and advertising trackers
Identify missing security headers
Detect possible personal data exposure
Prepare websites for vendor security reviews

10,000+ scans performed

Frequently Asked Questions

What is a website privacy scan?
A website privacy scan automatically analyzes a live webpage to identify hidden tracking scripts, missing security headers, non-compliant cookie policies, and other privacy risks that could expose your organization to regulatory fines or lost enterprise deals.
How do I detect trackers on my website?
Our scanner loads your page in a real browser environment and monitors all outbound network requests, JavaScript execution, and DOM mutations to identify third-party tracking scripts, advertising pixels, and session replay tools, even if they are obfuscated or loaded dynamically.
What are security headers and why do they matter?
Security headers are HTTP response directives (like CSP, HSTS, X-Frame-Options, and Referrer-Policy) that instruct the browser to enable built-in protections against cross-site scripting, clickjacking, and data sniffing. Missing headers are a common finding in vendor security reviews.
Does this tool check GDPR compliance?
Yes. We check for the presence of a cookie consent banner, a linked privacy policy, proper consent-gating of non-essential scripts, and whether trackers fire before user consent, all critical requirements under the GDPR and ePrivacy Directive.
Do I need a privacy policy on my website?
Virtually every jurisdiction (GDPR, CCPA/CPRA, LGPD, PIPEDA) requires a publicly accessible privacy policy if you collect any personal data, including IP addresses via analytics scripts. Not having one is the single most common compliance failure.
How often should websites run privacy scans?
Best practice is to scan after every deployment and at least monthly. Marketing teams frequently add new tracking pixels and widgets that introduce compliance regressions without the security team's knowledge.
What is included in the full audit report?
The report includes a complete tracker breakdown, cookie classification, regulatory impact summary, step-by-step remediation guide with developer-friendly exact fixes, a prioritized critical fixes list, and a downloadable executive summary PDF. All of this is free during early access.
Can I use this for vendor security reviews?
Absolutely. Many procurement and InfoSec teams use SitePrivacyScore reports to evaluate third-party vendor websites before signing contracts, ensuring they meet organizational privacy and security standards.

Learn Website Privacy & Compliance

Understand the risks, regulations, and best practices behind modern web privacy.

How to Check Pre-Consent Tracking

Technical guide to finding trackers and cookies that fire before user opt-in.

Read guide

Cookie Consent Audit Checklist

A practical workflow for reviewing banner quality, blocker logic, and privacy disclosures.

Read guide

How to Audit a Privacy Policy

Check whether a site policy still matches the cookies, trackers, and vendors visible today.

Read guide

Why Policies and Site Behavior Mismatch

Understand how privacy policies drift out of sync with the live site and how to prevent it.

Read guide
Browse all guides

Enjoying the free privacy scanner?

SitePrivacyScore is free during early access. If you find it useful, you can support development.

Buy a Coffee($3)🚀Support Development($19)🔥Sponsor a Feature($49)❤️Custom Amount
Coming Soon

What We're Building Next

We're actively improving SitePrivacyScore. Here's what's on our roadmap.

Dashboard

A central hub to manage all your scans and reports.

Saved Reports

Persistent, searchable report storage.

Scan History

Track changes over time with historical scan data.

Shareable Reports

Generate public links to share audits with stakeholders.

Team Collaboration

Invite teammates and assign remediation tasks.

More Compliance Checks

Deeper GDPR, CCPA, and ePrivacy coverage.

Scheduled Re-Scans

Automated recurring scans with change alerts.

Stronger Tracker Detection

Runtime behavioral analysis with our Chrome extension.

Better Cookie Analysis

Classify cookies by purpose, duration, and legal basis.

Public Scan Pages

Branded, public-facing privacy audit pages for your domain.

Export Improvements

CSV, JSON, and branded PDF report exports.

Developer Integrations

CI/CD hooks and API access for automated auditing.