SitePrivacyScore
Free lightweight tool, no login required

Free Third-Party Requests Analyzer

Discover exactly which external domains a webpage connects to when it loads. Identify hidden dependencies, third-party analytics, ad networks, and external assets.

Why Analyze External Domain Requests?

Modern websites rarely host everything themselves. They pull in fonts from Google, scripts from Cloudflare, analytics from tracking platforms, and videos from YouTube. Every time an external resource is loaded, the visitor's IP address and browser data are shared with that third party.

Under privacy laws like the GDPR, you must disclose these third-party data processors to your users. Furthermore, relying on too many external domains increases the risk of supply chain attacks and slows down your page load times.

Related Tools and Guides

Tracker Detector, Scan for Ad & Analytics ScriptsCSP Generator, Restrict External ConnectionsRead Guide: Third-Party Requests

Analyze all network activity automatically

This scanner checks the raw HTML for external links. A full SitePrivacyScore audit runs a headless browser, capturing dynamically injected requests and secret tracking pixels that a simple code scan misses.

Run Full Privacy AuditBrowse All Free Tools

For deeper runtime checks, run the full privacy audit →

Frequently Asked Questions

What counts as a third-party request?+
Any network request your website makes to a domain other than the one currently in the user's address bar. For example, if your site is 'example.com' and you load an image from 'cdn.other.com', that is a third-party request.
Are third-party requests bad?+
Not inherently. Using a Content Delivery Network (CDN) for fast script loading is a common best practice. However, loading untrusted scripts, unnecessary tracking pixels, or dozens of disparate ad networks is bad for both privacy and performance.
Why is an IP address considered personal data?+
Under the GDPR, dynamic IP addresses are classified as personally identifiable information (PII) because they can be combined with other data (by ISPs or large ad networks) to identify an individual. When you load a third-party resource, you share the user's IP with that third party.
What is a Supply Chain Attack?+
A supply chain attack occurs when a hacker compromises a third-party service you trust. If your site loads a JavaScript file directly from a compromised external server, the hacker's code runs directly on your users' browsers, allowing them to steal passwords or credit cards.
How can I block unwanted third-party requests?+
The most effective way is to implement a strict Content Security Policy (CSP). A CSP allows you to explicitly whitelist approved domains (e.g., 'only allow scripts from cdn.example.com') and the browser will automatically block all other external requests.