Privacy Inspector
The DataGrail Privacy Inspector is a companion tool for your organization to review the trackers running on your website that may be selling or sharing information with third parties. We designed the inspector to be a fast and easy way to verify your site's successful implementation of DataGrail Consent.
Available in The Chrome Web Store!
Installation
The DataGrail Privacy Inspector is a Chrome Extension that can be downloaded via the Chrome Web Store.
Once installed, you can access the Extension by clicking the icon:
Exploring Detected Trackers
The Privacy Inspector lists the third‑party trackers on your site that match DataGrail’s models for vendors that typically handle personal data and should be governed by DataGrail Consent.
Once Consent is correctly configured and a user has opted out of non‑essential tracking, any tracker still shown should be essential to your site’s core functionality.
Trackers Defined
A tracker is any network request your site makes to an external vendor we classify as one that may access personal data (e.g. browser details, page behavior, navigation history).
Trackers are grouped by subdomain. A single subdomain can generate multiple requests, and some requests may transmit personal information.
Most trackers identified belong to marketing, analytics, or personalization tools. These are usually non‑essential and should disappear after an opt‑out (accept essentials only) choice is applied.
Why some still appear after opt‑out:
-
Essential infrastructure: The service is required for core operation (example: a CDN serving images or scripts). It may make external requests without using personal data for non‑essential purposes.
-
Mixed or privacy‑aware services: The vendor provides both essential and non‑essential features. You pass the consent signal so the vendor suppresses non‑essential processing while still running essential functions (example: Shopify core commerce plus its Privacy API).
Tracker Request Types
Each tracker may have multiple request types associated with it, but the privacy inspector marks trackers with a Script type to make it easy to identify the source code to manage the script with DataGrail Consent.
Tracker type definitions:
- Script/
JS: These are requests that are made as a result of the execution of JavaScript code on your site. - Ping/
XMLHTTPRequest (XHR): These are requests deliver or receive information from another service. - iFrame/
Sub_Frame: These are requests that originate from an iFrame or embedded document (HTML or similar) within your site. Image: These are requests that occur as a result of loading an image. Requests of this type were included to cover the use of tracking pixel technologies.- Stylesheet/
CSS: These are requests that retrieve stylesheets or design files that make the site look or feel a certain way.
DataGrail Consent can be configured to manage the execution of all of these requests based on a data subject's consent preference.
Reveal Script Origin Code
If a tracker is a script/js type, you will see an icon to the right of a tracker item's vendor name. Clicking on these trackers will additionally reveal the source code for the script.
If a tracker appears on this list and it shouldn't have, developers can use this feature as a shortcut to supporting the configuration of this service with DataGrail Consent.
Exporting Detected Trackers
You can use the copy list button to copy the visible Detected Trackers on the list to your clipboard to paste and send to members of your team.
Example output from a media site:
33Across, Inc. (33across.com)
AcuityAds (acuityplatform.com)
Adobe Inc. (demdex.net)
Amazon Technologies, Inc. (amazon-adsystem.com)
Amazon Technologies, Inc. (amazon.com)
Amobee, Inc (turn.com)
ANIVIEW LTD (aniview.com)
...
Twitter, Inc. (t.co)
Twitter, Inc. (twitter.com)
Vdopia Inc. (chocolateplatform.com)
Verizon Media (yahoo.com)
Verizon Media (yimg.com)
The output is a (truncated) alphabetized list of the trackers by vendor name, which the specific tracker domain in parenthesis.
Trackers are delineated by domain, which means the same vendor may execute multiple types of network requests.
Confirming Consent Choices
After DataGrail Consent is configured and deployed, it's important to validate policy assignment, banner layouts, script blocking, and residual cookies. For a concise end-to-end checklist of these steps, follow our Consent Testing Guide.
Check Out Our Consent Testing Guide!
Opt Out Requests
The Privacy Inspector can send an opt-out request directly using the Global Privacy Control (GPC) signal, which can expedite submitting an opt-out request without having to use the banner notice on your page.
DataGrail Consent treats the presence of GPC settings as "accept essentials only" or "opt-out" of tracking, which means you can achieve the same result as making a manual selection via the banner notice as indicated in Step 2 in the above workflow.
When you toggle GPC on or off, your browser will refresh to ensure that setting is captured and passed to the site and picked up by DataGrail Consent.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.