Free tool
What does your website pass on about its visitors?
Privacy Check scans your homepage and shows trackers, cookies and security headers. With a clear flag on data that goes to companies under US law.
Four things we check
Trackers and pixels
Google Analytics, Meta pixel, TikTok, Hotjar and 20+ other known trackers. We flag the ones that send data to companies under US law.
Cookies before consent
Cookies the site server sets on the very first page load, before the visitor has answered any banner.
Security headers
CSP, HSTS, X-Frame-Options and three more. The basics that protect visitors from script injection and clickjacking.
Third-party hosts
Every external domain the page loads resources from. Each one is a party that sees the visitor IP address.
Why we built this
We build Spårlös, cookie-free web analytics hosted in the EU. Every week we talk to site owners who do not know which third parties their own site loads. This tool answers that in ten seconds. The report is free and shareable, whether or not you become a customer.
See what Spårlös does insteadFrequently asked questions
What does the scan do, technically?+
We fetch the site homepage once, like a normal browser but without running JavaScript, and analyze the HTML and response headers. We look for known tracker scripts, cookies set by the server, and security headers. Nothing from the site content is stored beyond the analysis result.
Is the report a legal assessment?+
No. The report is a technical observation of what the site loads and sends. It does not say whether your use is legal or illegal, that depends on your consent solution, contracts and operations. Use it as input, ideally together with a lawyer.
Why are not all trackers caught?+
The scan does not run JavaScript, so trackers loaded dynamically after consent or via tag managers may be missed. That also means a finding carries weight: everything we find is already loaded in the first response, before any consent.
Can I scan any site?+
Yes, any public website. The report is based on information any visitor can see in the browser developer tools. We only scan the homepage, and at most a few times per hour per domain.
My site got a low grade. What do I do?+
The report lists each finding with an explanation. The most common quick win: replace cookie-based analytics with a cookie-free alternative, which removes both the tracker findings and the need for a banner. Security headers are usually a one-hour fix for your developer.
Scan first. Switch later, if you want.
If the scan finds cookie-based analytics on your site: Spårlös gives you the numbers without cookies, banners or US transfers. All analytics free up to 50,000 pageviews per month.