Offer privacy-aware website audits to your clients in 5 minutes.
Scan a client site for third-party scripts, trackers, CDNs and non-European vendors. Get a shareable report you can use in client conversations, then upsell weekly monitoring and remediation.
Why agencies run this audit
Most clients have no idea what their own website is loading. The tag manager has been touched by three agencies, four interns and a marketing consultant. StackPatrol finds the mess in seconds.
“What's loading on the site?”
“I think we have Google Analytics. Maybe Hotjar?”
“Did you remove Facebook Pixel?”
“We removed it last year. I think.”
“How many vendors total?”
“Three? Maybe five? Actually… I'm not sure.”
Three minutes with a network tab usually finds twelve more vendors. StackPatrol does the same thing in fifteen seconds and produces a shareable report you can drop into a proposal.
The 6-point checklist
Run a StackPatrol scan, open the report, and walk the client through these six items.
What third-party domains is the front page contacting?
Look for the unfiltered request list. Anything you can't instantly identify is a candidate for removal.
Which vendors are US-owned?
For European clients, US-owned vendors trigger Schrems II obligations: a transfer impact assessment, supplementary measures, often a cookie-banner update.
Which vendors are unmatched?
Usually a small regional tool, a CDN nobody documented, or a leftover from a campaign that ended years ago. Each one is a question to ask.
Are there duplicate vendors?
It is common to find two analytics tools, two tag managers, two consent platforms. Each duplicate costs money and slows the page.
Are there European alternatives worth proposing?
For each US vendor StackPatrol surfaces, check the suggested European alternative. Many clients will switch if you do the evaluation work for them.
What does the cookie banner actually disclose?
Compare the vendor list in the banner against the scan report. If the banner is shorter than the scan, the privacy policy is wrong.
Common findings
Patterns we see on most European sites.
Google Tag Manager loading a US chatbot, which loads a Cloudflare worker, which writes a cookie set by a US fraud-detection vendor. The dependency tree is the story.
"EU-region" Google Analytics that still phones home to google-analytics.com on first request.
Old Facebook Pixel from a 2021 campaign, still firing, still sending hashed emails.
Three font providers when one would do: Google Fonts + Adobe Fonts + a self-hosted leftover.
How to price your audit
Agencies typically charge for analysis and recommendations, not for the scan. A common structure:
Run a scan, share the report, highlight one or two findings.
Walk the checklist with the client, write a remediation plan, recommend specific replacements.
Implement replacements, update the cookie banner, write the privacy policy, set up monitoring.
Frequently asked questions
Can I use StackPatrol scans in client deliverables?
Yes. Reports are shareable via a public URL (/r/<id>) and PDF audit reports are available for €79 each. The Agency plan (€149/month) includes white-label PDF reports you can hand directly to clients. Attribution is appreciated but not required.
Can I monitor client sites over time?
Yes. Pro (€39/month) lets you add up to 5 sites for weekly monitoring. Agency Starter (€89/month) covers 10 sites, Agency (€149/month) covers 30, and Agency Pro (€299/month) covers 100. StackPatrol re-scans each site every week and emails you when new vendors appear or existing ones disappear. Perfect for keeping client-site audits current after implementation.
Does StackPatrol find vendors that only appear on internal pages?
The free scan covers the front page plus one additional internal page to catch vendors that only load deeper in the site. The one-time PDF report (€79) crawls up to 20 pages. With a Pro or Agency subscription you can run unlimited scans and build up a full scan history across all your client sites.
Is this enough for a Schrems II / Transfer Impact Assessment?
No. StackPatrol gives you a fast, accurate inventory of front-end vendors and their ownership region. The boring discovery step, done. The legal analysis (lawful basis, SCCs, supplementary measures) is your job.
How does this compare to BuiltWith or Wappalyzer?
Those are sales-intelligence tools. They tell you which technologies a site uses so you can pitch products to it. StackPatrol is a privacy and digital-sovereignty tool: it classifies vendors by ownership region, explains the jurisdictional risk, and suggests European alternatives.
Try it on a client site now.
Free, no signup, results in under thirty seconds.