About Tracker

Tracker is an open-source website privacy scanner that detects tracking technologies, cookies, fingerprinting, and assesses GDPR compliance. Each scan produces a privacy score and detailed findings powered by AI analysis.

Risk Levels

Every finding is classified into one of four risk levels based on its privacy impact:

High

Serious privacy violations with significant GDPR implications. Examples include invasive advertising trackers (Facebook Pixel, Google Ads, DoubleClick), session recording tools (Hotjar), and advanced fingerprinting techniques (Canvas, WebGL, AudioContext). Each high-risk finding deducts 15 points from the privacy score.

Medium

Moderate privacy concerns that warrant attention. Examples include widely-used analytics services (Google Analytics), tag managers (Google Tag Manager), and less invasive fingerprinting (font enumeration, navigator properties). Each medium-risk finding deducts 8 points.

Low

Minor privacy concerns with limited impact. Includes smaller analytics services and basic tracking techniques like screen resolution detection. Each low-risk finding deducts 3 points.

Info

Informational findings with no direct privacy impact. These are noted for transparency but do not affect the privacy score.

Privacy Score

The privacy score is calculated on a 0–100 scale (100 = best). Starting from 100, points are deducted for each finding based on its risk level. Bonuses are awarded for good practices:

Consent banner present and working: +10 points
No pre-consent tracking detected: +10 points
No fingerprinting detected: +5 points

Privacy Grades

Excellent privacy practices

Good, with minor concerns

Moderate issues that should be addressed

Significant privacy concerns

Serious privacy violations

Detection Modules

Six specialised modules run in parallel during each scan:

Script Analysis — Matches loaded scripts against our tracker database of known tracking domains and services.

Cookie Audit — Analyses cookie properties including lifetime, scope, and purpose to identify tracking cookies.

Network Requests — Classifies third-party network requests and identifies data exfiltration to tracking services.

Fingerprint Detection — Detects browser fingerprinting techniques such as Canvas, WebGL, AudioContext, font enumeration, and screen property access.

Consent Banner — Checks whether a consent mechanism is present and whether tracking occurs before user consent is given.

Tag Manager — Deep-scans tag manager containers (e.g. Google Tag Manager) for hidden or dynamically-loaded trackers.

AI-Powered Analysis

After the detection modules run, findings are reviewed by Claude AI which can re-assess risk levels based on GDPR context, add legal references (e.g. GDPR Art. 7, Schrems II), and provide an executive summary with prioritised remediation actions.