Website Privacy Report Card
Enter any URL to scan for trackers, third-party scripts, and security headers. Get an instant privacy grade from A+ to F.
Why Website Privacy Matters
Every tracker on your site is a potential liability. Privacy regulations like GDPR and CCPA impose real fines, and visitors increasingly expect transparency about how their data is used.
Legal Compliance
GDPR fines can reach 4% of annual revenue. CCPA grants consumers the right to know what data is collected. Every undisclosed tracker is a compliance risk.
Visitor Trust
Browsers now block third-party cookies by default. Privacy-conscious users install blockers. Sites with fewer trackers load faster and convert better.
Security Posture
Each third-party script is an attack surface. Missing security headers leave visitors vulnerable to XSS, clickjacking, and man-in-the-middle attacks.
Common Trackers and What They Do
These are the most common third-party tracking scripts found on websites today. Understanding what each one collects helps you make informed decisions about your site.
| Tracker | What It Collects |
|---|---|
| Google Analytics | Tracks page views, user behavior, demographics, and conversion funnels across your browsing session. |
| Google Tag Manager | A container that loads and manages other tracking scripts dynamically. Often a gateway for dozens of hidden trackers. |
| Facebook/Meta Pixel | Tracks your activity across the web to build an ad profile. Reports conversions back to Meta for ad targeting. |
| Hotjar | Records your mouse movements, clicks, and scrolling behavior. Creates heatmaps and full session replays. |
| Microsoft Clarity | Similar to Hotjar. Records user sessions and generates heatmaps. Owned by Microsoft. |
| FullStory | Records entire user sessions including form inputs, mouse movements, and page interactions in detail. |
| HubSpot | Tracks page views and builds a profile of your visits. Used for lead scoring and email marketing automation. |
| Intercom | Chat widget that also tracks pages you visit, how long you stay, and links that data to your identity. |
| TikTok Pixel | Tracks website conversions and sends data back to TikTok for ad targeting and audience building. |
| LinkedIn Insight | Tracks website visits for LinkedIn ad targeting. Associates visits with your LinkedIn profile. |
How to Improve Your Privacy Score
Most privacy issues can be fixed in a few hours. Here are the highest-impact changes.
Audit third-party scripts
Remove any tracker you are not actively using for business decisions. If you are not checking Hotjar recordings, remove it.
Add security headers
Configure Content-Security-Policy, HSTS, X-Frame-Options, and X-Content-Type-Options on your web server or CDN.
Enforce HTTPS everywhere
Get a free SSL certificate from Let's Encrypt and redirect all HTTP traffic to HTTPS.
Implement cookie consent
If you operate in the EU or California, a cookie consent banner is legally required before loading non-essential trackers.
Use a tag manager responsibly
Google Tag Manager makes it easy to add scripts — and easy to forget what is running. Audit your GTM container quarterly.
Switch to privacy-respecting analytics
Consider Plausible, Fathom, or Umami as privacy-friendly alternatives to Google Analytics.
Frequently Asked Questions
How does the privacy checker work?
We fetch the publicly visible HTML of any URL and analyze it for known tracker scripts, third-party domains, cookie-setting code, and security headers. No login or access to your site admin is needed.
Is this scan comprehensive?
This scan covers the initial page load HTML. Some trackers load dynamically via JavaScript after the page renders, which a static scan cannot detect. For a full audit including dynamic trackers, contact us for a professional assessment.
What is a good privacy score?
A score of 85+ (grade A) means the site uses HTTPS, has security headers in place, and loads minimal third-party trackers. Most well-maintained business sites score in the B range (70-84).
Why do security headers matter?
Security headers like Content-Security-Policy and HSTS protect visitors from cross-site scripting, clickjacking, and man-in-the-middle attacks. Missing headers leave visitors vulnerable even if your site content is clean.
Can you help improve my website's privacy score?
Yes. Our website management service includes security hardening, tracker auditing, and privacy optimization. We configure proper security headers, audit third-party scripts, and implement cookie consent where required.
Want Us to Fix Your Website's Privacy?
We manage websites starting at $299/mo. That includes security hardening, tracker auditing, performance optimization, and ongoing monitoring.
View Management Plans