Everything in a StackPatrol report
A clean, shareable map of your third-party stack — built for technical teams and the DPOs they answer to. Free to start, no signup.
The map, on every scan
No account, no credit card. Paste a URL and get a full vendor report in under a minute.
See what loads before consent
The single most decision-relevant signal for a DPO: which advertising, analytics and tracking vendors fire on the very first page load — before the visitor ever answers the cookie banner. First-party services are separated out so the headline count reflects only third-party trackers. A plain-language finding, not a legal verdict.
Detect third-party scripts as they load
Trackers, analytics, tag managers, fonts, CDNs and embeds. A headless browser loads your actual pages and records every outbound request.
Map vendors by region
US, EU, EEA, UK or Unknown for every vendor found.
Discover EU alternatives
Curated European replacements for the most common US tools. Fewer transfer-mechanism questions to answer.
Does the banner actually work?
The findings a visitor can't Google on their own site: what the policy forgot, and whether Reject all is respected. Free scans show the disclosure-gap count; the full findings come with a paid plan.
Find the vendors your policy forgot
StackPatrol reads your own cookie policy, privacy policy and DPA, then compares what those documents name against what the page actually loads. Vendors observed loading but missing from every policy are flagged as a possible disclosure gap — the one finding a visitor can’t Google, on their own site. A technical observation, not a legal verdict.
See whether your cookie banner actually works
StackPatrol clicks “Reject all” on a clean visit, then watches the network. If advertising or analytics vendors keep firing after the rejection, the banner isn’t doing its job — and we name every vendor that ignored it. A technical observation of real network activity, not a legal ruling.
On paid plans we re-check this every week — and log a timestamped event the moment a banner stops respecting “Reject all”, plus dated proof of exactly when you fixed it.
Evidence you can hand over
The provenance, register and infrastructure detail a DPO needs to document a finding — not just a score.
See exactly where each tracker loads
For every vendor, the report shows which page it fired on and whether it ran before or after consent — the evidence a DPO needs to document a finding, not just a score.
Get a processor & transfer register
A first draft of your Art. 30 records: every external recipient we observed, grouped by whether data leaves the EEA and whether it fired before or after consent. An exposure matrix shows the shape at a glance, and you can export the full recipient list to CSV for your compliance stack. A fact-based overview to help you prioritise — not a GDPR risk rating.
Check hosting, email & DNS jurisdiction
A site can run its trackers from the EU yet still host itself, its email or its DNS on a US-owned provider. StackPatrol resolves your origin hosting, email (MX) and authoritative DNS (NS) providers, classifies each by ownership region, and flags EU–US Data Privacy Framework certification for US vendors — the sovereignty signals a vendor list alone misses.
Know the day it changes
Turn a one-off scan into a standing watch: weekly re-checks, a durable timeline and email alerts.
Know the moment your stack changes
StackPatrol re-scans your sites every week and keeps a durable history: when each vendor first appeared, when it went away, and every score change in between. If a new vendor sneaks in (a rogue analytics tag, an unplanned pixel, a new CDN) you get an email alert the same day, and a first-seen date you can point to at the next audit. Export the full timeline to CSV or JSON.
Watch your privacy & cookie policies for changes
Each monitored scan also finds and fingerprints your privacy policy, cookie policy, DPA and terms — even when they live on a parent-company domain. We track the date each page says it was last updated and detect when the content actually changes. The most useful signal: when your vendor stack shifts but the privacy policy stays frozen, the alert flags a possible documentation gap.
See it on your own site
Every free scan includes what loads before consent, the vendors your policy forgot and a region-classified vendor map. Upgrade any time for monitoring and reports.