Advertising stack detected

What this check does

Scans the loaded page for known advertising and conversion-tracking pixels:

• Google AdSense (adsbygoogle.js, pagead2.googlesyndication.com)
• Google Ads conversion / remarketing tag (googleads.g.doubleclick.net)
• Facebook / Meta Pixel (connect.facebook.net/.../fbevents.js)
• TikTok Pixel (analytics.tiktok.com)
• LinkedIn Insight (snap.licdn.com/li.lms-analytics)
• Twitter / X Pixel, Pinterest Tag, Reddit Pixel, Microsoft Advertising UET

Reports which ones are present. Informational — there’s no “pass” or “fail” because whether you want them is a business decision.

Why it matters

Advertising pixels are the most invasive trackers on the web. Each one knows what page the visitor is on, where they came from, what device they’re using, and (with first-party cookies) which previous visits this matches. The GDPR, ePrivacy Directive, and California CCPA all require explicit consent before loading any of them — and enforcement actions in 2024–2025 made that real, with seven-figure fines for sites loading Meta Pixel before the consent banner was accepted.

Knowing what’s installed is also the first step to auditing whether you actually need it. Most sites load 3–5 pixels they no longer run campaigns on.

How to fix it

If you’re going to use ad pixels, do it right:

1. Gate every pixel behind consent.

<!-- consent banner sets window.__consent on accept -->
<script>
window.addEventListener("consent:granted", () => {
  // Meta Pixel
  !function(f,b,e,v,n,t,s){…}(window,document,'script','https://connect.facebook.net/en_US/fbevents.js');
  fbq('init', 'PIXEL_ID');
  fbq('track', 'PageView');
});
</script>

Use Google’s Consent Mode v2 for AdSense / Google Ads — it lets the tags load in a “no consent” state that still pings home but doesn’t drop cookies.

2. Audit what’s actually shipping.

# count network requests to known ad networks
npx puppeteer --headless --url=https://yoursite.com --capture-network | grep -E "(doubleclick|facebook|tiktok|linkedin|reddit|pinterest)"

Or open DevTools → Network tab, reload, filter by “Type: Other” and look for the tracker domains.

3. Remove pixels for dead campaigns.

A LinkedIn Insight tag that was installed for a 2023 campaign is still firing on every page load — invading privacy, costing bandwidth, occasionally breaking on third-party JS errors. Audit annually.

4. Use first-party server-side tagging when possible.

Google Tag Manager Server-Side, Facebook Conversions API, and TikTok Events API let the conversion event fire from your server, not the visitor’s browser. Better for accuracy (no ad-blocker drop-off), much better for privacy (no client-side fingerprinting), and a clean consent gate.

5. Match this with the tracker count and privacy policy checks.

Every pixel you load must be listed in your privacy policy, and the total tracker count is itself a quality signal — 12 trackers on a brochure site is a red flag for both regulators and savvy visitors.

Frequently asked questions

Is this rule scoring me down?

No. We don’t fail pages for having ad pixels — many businesses legitimately need them. The rule just detects what’s installed. The downstream rules (cookie consent banner, privacy policy, cookie attributes) check whether you’re loading them legally.

What about Google Analytics (GA4)?

GA4 is detected by a different rule — analytics installed. Analytics and advertising overlap (GA4 can feed Google Ads remarketing), but the legal treatment is similar: consent is required in most jurisdictions before loading.

My pixel fires on the cookie-banner page. Bug or by design?

Bug. The pixel should only load after consent is granted — not during the banner display. Common cause: the GTM container is in the <head> with the pixel tag firing on “All pages” instead of “Consent: granted.” Fix the trigger.