Skip to content
Free Tool - No Account Required

Free Third-Party Script Audit

Discover every external script loading on your website. See which trackers fire before consent and find compliance gaps.

3 of 3 free scans remaining today

Scans all network requests, classifies third-party domains, and checks for pre-consent trackers.

Comprehensive Script Analysis

What Our Script Audit Checks

Every third-party domain loading on your page - identified, classified, and checked for compliance issues.

External Scripts

Identifies every third-party domain loading on your page, from analytics to advertising pixels to social embeds.

Pre-Consent Load

Checks if analytics and marketing scripts fire without waiting for user consent - a common GDPR violation.

Cookie Detection

Detects which third-party domains set cookies before consent, including cookie names and origin.

Categorisation

Classifies each script as analytics, marketing, functional, or unknown using a database of 60+ known services.

Request Count

Shows how many network requests each domain makes during page load, helping you identify heavy trackers.

Timing

Records when each domain first loads relative to page start, so you can see which scripts fire earliest.

Third-Party Script FAQ

What is a third-party script?
A third-party script is JavaScript code loaded from a domain different to your website. Common examples include Google Analytics (google-analytics.com), Meta Pixel (connect.facebook.net), and chat widgets. These scripts can track visitors, set cookies, and collect data - often requiring user consent under privacy regulations.
Why do third-party scripts matter for GDPR compliance?
Under GDPR and ePrivacy, non-essential third-party scripts (analytics, marketing, social media) must not load or set cookies until the user gives explicit consent. If your site loads Google Analytics or Facebook Pixel before a visitor interacts with your consent banner, you may be in violation of GDPR.
What does "loads before consent" mean?
This audit loads your page without interacting with any cookie consent banner. Any analytics or marketing scripts that fire in this state are loading "before consent" - meaning they execute and potentially set tracking cookies before the visitor has a chance to accept or reject cookies.
How do I block scripts until consent?
You can block third-party scripts using a Consent Management Platform (CMP) like Kukie.io. The CMP prevents scripts from loading until the user grants consent for the relevant category. Kukie.io's Script Centre provides automatic script blocking and unblocking based on user consent choices.
What are "unknown" third-party domains?
Domains our classifier doesn't recognise. These could be legitimate services (your CDN, hosting provider, A/B testing tools) or unexpected trackers. Review unknown domains manually - if they collect personal data or set tracking cookies, they likely need consent.
How often should I audit my scripts?
Whenever you add new integrations, update plugins, or change marketing tools. Third-party scripts can also add their own sub-requests over time. We recommend auditing monthly. With a Kukie.io account, cookie and script scans can be scheduled automatically.

Block Third-Party Scripts Until Consent Is Given

Kukie.io's Script Centre lets you control exactly which scripts load and when, with automatic consent-based script blocking.

Get Started Free → Learn About Script Centre