Skip to content
Vectel

Cookie scanner

Enter a URL and see which cookies, trackers and consent banner a visitor gets on first paint. Grouped into essential, analytics and marketing. No JS execution, just the initial HTML response.

Useful for a GDPR check, a second opinion on a vendor implementation, or preparing your processor register. We fetch the page server-side, parse the response, and categorise known trackers. Nothing is stored.

All tools
Free, no signup

We fetch one page via an SSRF-safe fetch and inspect Set-Cookie headers, inline cookie writes and known trackers. We do not store anything.

Server-side scan. We do not retain the URL, IP, or report. The result only appears on your own screen.

What we report

  • Cookies from the Set-Cookie response header, with domain
  • Cookies set in inline JS via document.cookie
  • External scripts in the initial HTML, grouped by category
  • Inline tracking calls: gtag, fbq, _paq, mixpanel, posthog, plausible, hotjar, clarity
  • Whether a consent banner is detectable in the initial HTML

How it works

  • We fetch one page (max 8s, 2 MB) via an SSRF-safe fetch
  • We inspect Set-Cookie response headers and inline document.cookie writes
  • We group into essential, analytics, marketing and unknown
  • We look for known consent banners (Cookiebot, OneTrust, CookieYes, Iubenda, Borlabs, Didomi, tarteaucitron, Usercentrics, Klaro)
  • Capped at 10 scans per hour per IP, 5 per hour per target domain
  • No JS execution, so cookies set only after consent or interaction are not covered

Want a GDPR-correct setup?

We set up GDPR-correct cookie handling for SMBs: consent banner, consent mode, IP anonymisation, processor agreements. Want a hand?

Book a call