Skip to content
StackPatrol
The full tour

Everything in a StackPatrol report

A clean, shareable map of your third-party stack — built for technical teams and the DPOs they answer to. Free to start, no signup.

Free for everyone

The map, on every scan

No account, no credit card. Paste a URL and get a full vendor report in under a minute.

See what loads before consent

The single most decision-relevant signal for a DPO: which advertising, analytics and tracking vendors fire on the very first page load — before the visitor ever answers the cookie banner. First-party services are separated out so the headline count reflects only third-party trackers. A plain-language finding, not a legal verdict.

18 third-party trackers loaded before consent
18 before consent8 non-EU

Detect third-party scripts as they load

Trackers, analytics, tag managers, fonts, CDNs and embeds. A headless browser loads your actual pages and records every outbound request.

Google AnalyticsCloudflareMeta PixelHotjarSegmentStripe

Map vendors by region

US, EU, EEA, UK or Unknown for every vendor found.

US-owned8
EU-based4
Unknown2

Discover EU alternatives

Curated European replacements for the most common US tools. Fewer transfer-mechanism questions to answer.

Consent Assurance · paid

Does the banner actually work?

The findings a visitor can't Google on their own site: what the policy forgot, and whether Reject all is respected. Free scans show the disclosure-gap count; the full findings come with a paid plan.

Consent Assurance

Find the vendors your policy forgot

StackPatrol reads your own cookie policy, privacy policy and DPA, then compares what those documents name against what the page actually loads. Vendors observed loading but missing from every policy are flagged as a possible disclosure gap — the one finding a visitor can’t Google, on their own site. A technical observation, not a legal verdict.

3 vendors not found in any policy document
Hotjar, Segment and Intercom load on the site but aren’t named in the cookie or privacy policy we read.
Consent Assurance

See whether your cookie banner actually works

StackPatrol clicks “Reject all” on a clean visit, then watches the network. If advertising or analytics vendors keep firing after the rejection, the banner isn’t doing its job — and we name every vendor that ignored it. A technical observation of real network activity, not a legal ruling.

2 trackers kept firing after “Reject all”
Google Analytics and Google Ad Manager kept sending requests even after the consent banner’s reject button was clicked.

On paid plans we re-check this every week — and log a timestamped event the moment a banner stops respecting “Reject all”, plus dated proof of exactly when you fixed it.

Paid reports & registers

Evidence you can hand over

The provenance, register and infrastructure detail a DPO needs to document a finding — not just a score.

Paid

See exactly where each tracker loads

For every vendor, the report shows which page it fired on and whether it ran before or after consent — the evidence a DPO needs to document a finding, not just a score.

Found on
Meta Pixel (US)
example.com/health/psychological-support
before consent14:32:07
Paid

Get a processor & transfer register

A first draft of your Art. 30 records: every external recipient we observed, grouped by whether data leaves the EEA and whether it fired before or after consent. An exposure matrix shows the shape at a glance, and you can export the full recipient list to CSV for your compliance stack. A fact-based overview to help you prioritise — not a GDPR risk rating.

Within EEA
7
Adequacy mechanism
7
No adequacy / unknown
10
Paid

Check hosting, email & DNS jurisdiction

A site can run its trackers from the EU yet still host itself, its email or its DNS on a US-owned provider. StackPatrol resolves your origin hosting, email (MX) and authoritative DNS (NS) providers, classifies each by ownership region, and flags EU–US Data Privacy Framework certification for US vendors — the sovereignty signals a vendor list alone misses.

Hosting
Amazon AWS US
Email (MX)
Google Workspace US
DNS (NS)
Cloudflare US
Pro & Agency monitoring

Know the day it changes

Turn a one-off scan into a standing watch: weekly re-checks, a durable timeline and email alerts.

Pro & Agency

Know the moment your stack changes

StackPatrol re-scans your sites every week and keeps a durable history: when each vendor first appeared, when it went away, and every score change in between. If a new vendor sneaks in (a rogue analytics tag, an unplanned pixel, a new CDN) you get an email alert the same day, and a first-seen date you can point to at the next audit. Export the full timeline to CSV or JSON.

Sample alert
+ New vendor detected: Intercom (US)
First seen 11 Jul 2026 · Found on example.com · Weekly re-scan · View timeline →
Pro & Agency

Watch your privacy & cookie policies for changes

Each monitored scan also finds and fingerprints your privacy policy, cookie policy, DPA and terms — even when they live on a parent-company domain. We track the date each page says it was last updated and detect when the content actually changes. The most useful signal: when your vendor stack shifts but the privacy policy stays frozen, the alert flags a possible documentation gap.

Policy may be out of date
2 new vendors since last scan, but the privacy policy hasn’t changed since 14 Mar 2025.

See it on your own site

Every free scan includes what loads before consent, the vendors your policy forgot and a region-classified vendor map. Upgrade any time for monitoring and reports.