GuidesSupport
Marketing Tools

Web Scanner

Documentation on using the Web Scanner to monitor third-party scripts and maintain privacy compliance on your website.

Web Scanner

Our Web Scanner allows you to monitor third-party scripts present on your website with weekly automated scans. This tool is especially useful for identifying scripts that may affect your site's privacy posture or compliance with privacy regulations.

How It Works

When you add a URL to the Web Scanner, it:

  • Performs an initial scan of the homepage and a few additional linked pages to get started.
  • Scans pages from multiple sources every Monday morning:
    • Links discovered during crawling
    • URLs found in any discovered sitemaps
  • Detects third-party scripts on each page it visits.
  • Scans script and stylesheet content for privacy-sensitive keywords such as ad platform identifiers, tracker brands, and data collection patterns (see Privacy Keyword Detection below).
  • Analyzes Content Security Policy (CSP) headers from each hostname to identify gaps in your site's security configuration (see CSP Analysis below).
  • Collects cookies and localStorage identifiers set by third-party scripts and services on your website.
  • Crawls within domain scope: It follows a hierarchical domain rule:
    • If you configure example.com, it will crawl example.com, app.example.com, blog.example.com, etc.
    • If you configure app.example.com, it will only crawl app.example.com and its subdomains, NOT example.com
    • It will not follow links to completely different domains outside your organization's control.

What to Expect

  • Scans run weekly, beginning early Monday morning.
  • Pages are discovered through crawling links found on each page.
  • Only publicly accessible pages on your domain will be scanned.
  • Scan data is retained for 90 days. If you need access to older data, contact our team.

Managing Scan Results

The Web Scanner provides tools to help you manage and organize your scan results effectively.

Suppressing Alerts

You can suppress alerts for specific items that you've reviewed and determined are not issues or are already being addressed. When you suppress an alert:

  • The item will no longer appear in your active alerts list
  • Suppressed items are still tracked in your scan history
  • You can view and manage suppressed items if needed

This feature is useful for reducing noise in your alerts and focusing on items that require attention.

Adding Notes to Items

You can add notes to any scanned item to provide context, track decisions, or collaborate with your team. Notes can be used to:

  • Document why an item was suppressed or approved
  • Add context about remediation plans or timelines
  • Share information with team members reviewing the scan results
  • Track the status of items that are being addressed

Notes are persistent and will remain associated with the item across future scans.

Scanner Configuration

Excluding Pages from Scans

You can configure the scanner to exclude certain pages or URL patterns from being scanned. This is useful for:

  • Staging or development environments that shouldn't be monitored
  • Admin or internal pages that require authentication
  • Pages with sensitive content that shouldn't be included in scans
  • Temporary or test pages that aren't part of your production site

When you exclude pages, the scanner will skip them during weekly scans, reducing unnecessary alerts and focusing on the pages that matter most for your privacy compliance monitoring.

Privacy Keyword Detection

The Web Scanner automatically inspects the content of third-party JavaScript and CSS files loaded on your pages. It flags resources that contain privacy-sensitive patterns, giving you visibility into what data third-party scripts may be collecting or processing.

Detected keywords are grouped into the following categories:

  • Ad platform identifiers: Click IDs and tracking parameters used by advertising platforms.
  • Tracker brands: References to well-known analytics and tracking services.
  • Cookie and storage patterns: Known tracking cookie names and storage keys commonly used for cross-site identification.
  • Data collection APIs: Browser APIs used to send or store data.
  • PHI-related terms: Keywords that may indicate protected health information handling.

When a third-party resource contains one or more of these keywords, a Privacy Data badge appears on its row in the Resources tab. Expanding the row reveals the specific keywords that were found.

This feature helps you quickly identify which third-party scripts warrant closer review from a privacy and compliance perspective.

CSP Analysis

The Web Scanner captures and analyzes the Content Security Policy (CSP) headers returned by each hostname it visits. CSP headers tell browsers which domains are allowed to load scripts, stylesheets, images, and other resources on your pages.

The CSP tab in the scan results shows:

  • Per-hostname CSP status: Whether each hostname returns a CSP header or not. Missing CSP headers are flagged so you know which parts of your site lack this layer of protection.
  • Parsed directives: A breakdown of each CSP directive (e.g., script-src, connect-src, default-src) and the domains it permits.
  • Domains not in CSP: Third-party domains detected during the scan that are not covered by any CSP directive. These represent gaps where your CSP could be tightened to match actual usage.
  • Allowed domains: The full list of domains permitted by your CSP, extracted from all relevant directives.

This analysis helps you identify mismatches between your CSP configuration and the third-party resources actually loading on your site, making it easier to maintain a CSP that accurately reflects your intended integrations.

Limitations & Recommendations

  • While our scanner makes a best effort to detect all third-party scripts, we recommend you verify results with your IT team for full visibility.
  • The scanner is intended for general monitoring. It should not be relied on as a full security audit or compliance certification.
  • Make sure that the pages you want scanned are easily discoverable from your homepage.
  • Need to scan more pages? You can configure the maximum number of pages to crawl in your monitor settings.
  • Use page exclusions to focus scans on production pages and reduce noise from staging or internal pages.
  • Suppress alerts and add notes to organize your scan results and track remediation efforts effectively.

Questions?

If you have questions about scan coverage, third-party scripts, or how to interpret results, please reach out to our support team. We're happy to help.

Note: Information gathered from the Web Scanner is generally accurate, but not guaranteed to be exhaustive. Always verify coverage manually if precision is required.

How is this guide?

Video Player

Previous Page

Maps

Next Page

On this page

Web Scanner
How It Works
What to Expect
Managing Scan Results
Suppressing Alerts
Adding Notes to Items
Scanner Configuration
Excluding Pages from Scans
Privacy Keyword Detection
CSP Analysis
Limitations & Recommendations
Questions?