Website tracking exposure scan

Businesses are getting $5,000-per-violation demand letters over website trackers.

Plaintiff firms are sending thousands of CIPA demand letters over pixels, chat widgets, and session recording tools running without consent — with no revenue threshold to qualify as a target. Enter your URL and see, in about ten seconds, what an automated scan finds on your homepage.

82% of 208 sites we scanned last month showed at least one tracking-consent issue · No signup required

Ad & analytics pixels

Meta, TikTok, Google, Bing and other pixels firing before any consent choice.

CIPA — wiretap theory

Session recording

Clarity, Hotjar, FullStory and similar tools capturing visitor sessions.

CIPA — recording theory

Chat & transcript widgets

Third-party chat tools that can share conversation data off-site.

CIPA — transcript sharing

Consent controls

Whether a cookie banner exists, and whether declining actually stops tracking.

CCPA/CPRA §1798.135

"Do Not Sell" link

The specific opt-out link CCPA requires in your footer or privacy page.

CCPA/CPRA §1798.135
What you get

A plain-English report, not a legal opinion.

Every finding is something the scan actually observed — a specific script, a specific cookie, a specific missing link. We never tell you that you're "violating the law." We tell you what a plaintiff's technical expert would also find if they looked.

  • A letter grade (A–F) you can act on immediately
  • The exact vendors and scripts detected
  • A shareable report link for your team or counsel
D
example-shop.com
Scanned just now
No decline/reject control foundMedium

The cookie banner (or lack of one) gives visitors no way to opt out of tracking.

3 tracker requests fired before consentHigh

clarity.ms, googletagmanager.com, connect.facebook.net — all loaded on page arrival.

Tracker cookies set despite opt-out signalCritical

_fbp, _ga, MUID were set even though the Global Privacy Control signal was sent.

01

Scan

Enter your URL. We fetch your homepage and check it against 60+ known tracking, chat, and analytics vendors — no install, no signup.

02

See your exposure

Get a letter grade and a plain-English breakdown of exactly what's running on your site and why it matters.

03

Fix & monitor

Follow the fix guidance yourself, or ask us to quote the work — then let weekly monitoring make sure it stays fixed.

Pricing

Sites re-break constantly — a theme update, a new marketing app, an agency edit to GTM. Staying off the demand-letter target list is an ongoing job, not a one-time fix.

Monitoring
$49/month
  • Full report with every finding unlocked
  • Weekly automatic re-scans, up to 3 sites
  • Alert email the moment a new tracker appears
  • Embeddable "Scanned by CIPAScan" trust badge
  • Full scan history — a dated remediation record
  • Access to request a custom-quoted done-for-you fix
Founding member — first 20
$499 one-time
  • Everything in Monitoring, for life
  • No recurring charge, ever
  • Locked in before the price rises
20 of 20 founding spots remaining

CIPAScan performs automated technical scans and reports what it observes. It is not a law firm and does not provide legal advice or determine legal compliance.

Questions

Is a scan result legal advice? +

No. CIPAScan reports technical observations — which scripts loaded, which cookies were set, whether specific links exist. Whether any of that creates legal exposure is a judgment call for your attorney, not something an automated scan can determine.

What is CIPA, briefly? +

The California Invasion of Privacy Act is a decades-old wiretapping law now being applied to website trackers. It allows a private citizen to sue for $5,000 per violation with no need to prove actual harm, and — unlike CCPA — it has no company size or revenue threshold, so it can apply to any business with a website.

What happens after I pay? +

You'll get an email with a magic sign-in link — no password to set. From your dashboard you can add up to 3 sites, see full reports, and get your embeddable trust badge. Weekly scans start automatically.

Can you fix it for me? +

Yes — paying subscribers can request a custom-quoted, done-for-you fix on any finding. We don't automate changes to your site; a person reviews it and quotes the work.

Do you store data about my visitors? +

No. We scan your public homepage the way any visitor's browser would and store only the scan results. We don't collect anything about the people who visit your site.