Skip to content
Features Pricing Free Cookie Scanner Consent Mode Checker Script Audit TCF String Decoder Cookie Database GDPR Scanner Compliance Blog
Start Free → Login

Free Tool - No Account Required

Free Third-Party
Script Audit

Discover every external script loading on your website. See which trackers fire before consent and find compliance gaps.

3 of 3 free scans remaining today

Scans all network requests, classifies third-party domains, and checks for pre-consent trackers.

Comprehensive Script Analysis

What Our Script Audit Checks

Every third-party domain loading on your page - identified, classified, and checked for compliance issues.

Scripts

External Scripts

Identifies every third-party domain loading on your page, from analytics to advertising pixels to social embeds.

Pre-Consent

Pre-Consent Load

Checks if analytics and marketing scripts fire without waiting for user consent - a common GDPR violation.

Cookies

Cookie Detection

Detects which third-party domains set cookies before consent, including cookie names and origin.

Categories

Categorisation

Classifies each script as analytics, marketing, functional, or unknown using a database of 60+ known services.

Requests

Request Count

Shows how many network requests each domain makes during page load, helping you identify heavy trackers.

Timing

Timing

Records when each domain first loads relative to page start, so you can see which scripts fire earliest.

Frequently Asked Questions

What is a third-party script?
A third-party script is JavaScript code loaded from a domain different to your website. Common examples include Google Analytics (google-analytics.com), Meta Pixel (connect.facebook.net), and chat widgets. These scripts can track visitors, set cookies, and collect data - often requiring user consent under privacy regulations.
Why do third-party scripts matter for GDPR compliance?
Under GDPR and ePrivacy, non-essential third-party scripts (analytics, marketing, social media) must not load or set cookies until the user gives explicit consent. If your site loads Google Analytics or Facebook Pixel before a visitor interacts with your consent banner, you may be in violation of GDPR.
What does "loads before consent" mean?
This audit loads your page without interacting with any cookie consent banner. Any analytics or marketing scripts that fire in this state are loading "before consent" - meaning they execute and potentially set tracking cookies before the visitor has a chance to accept or reject cookies.
How do I block scripts until consent?
You can block third-party scripts using a Consent Management Platform (CMP) like Kukie.io. The CMP prevents scripts from loading until the user grants consent for the relevant category. Kukie.io's Script Centre provides automatic script blocking and unblocking based on user consent choices.
What are "unknown" third-party domains?
Domains our classifier doesn't recognise. These could be legitimate services (your CDN, hosting provider, A/B testing tools) or unexpected trackers. Review unknown domains manually - if they collect personal data or set tracking cookies, they likely need consent.
How often should I audit my scripts?
Whenever you add new integrations, update plugins, or change marketing tools. Third-party scripts can also add their own sub-requests over time. We recommend auditing monthly. With a Kukie.io account, cookie and script scans can be scheduled automatically.

Block Third-Party Scripts Until Consent Is Given

Kukie.io's Script Centre lets you control exactly which scripts load and when, with automatic consent-based script blocking.

Get Started Free → Learn About Script Centre

Listed On

Kukie on Trustpilot Kukie on G2 Kukie on SaaSHub Kukie on AlternativeTo