Skip to content
Vectel

Cookie scanner

Enter a URL and see which cookies, trackers and consent banner a visitor gets on first paint. Grouped into essential, analytics and marketing. No JS execution, just the initial HTML response.

All tools
Free, no signup

We fetch one page via an SSRF-safe fetch and inspect Set-Cookie headers, inline cookie writes and known trackers. We do not store anything.

Server-side scan. We do not retain the URL, IP, or report. The result only appears on your own screen.

What we report

  • Cookies from the Set-Cookie response header, with domain
  • Cookies set in inline JS via document.cookie
  • External scripts in the initial HTML, grouped by category
  • Inline tracking calls: gtag, fbq, _paq, mixpanel, posthog, plausible, hotjar, clarity
  • Whether a consent banner is detectable in the initial HTML

How it works

  • We fetch one page (max 8s, 2 MB) via an SSRF-safe fetch
  • We inspect Set-Cookie response headers and inline document.cookie writes
  • We group into essential, analytics, marketing and unknown
  • We look for known consent banners (Cookiebot, OneTrust, CookieYes, Iubenda, Borlabs, Didomi, tarteaucitron, Usercentrics, Klaro)
  • Capped at 10 scans per hour per IP, 5 per hour per target domain
  • No JS execution, so cookies set only after consent or interaction are not covered

Want a GDPR-correct setup?

We set up GDPR-correct cookie handling for SMBs: consent banner, consent mode, IP anonymisation, processor agreements. Want a hand?

Book a call