Third-Party JavaScript
Stats as of 2026-05-27 17:24 UTC — last scan: 2026-05-26
21 scan batches run
17,880 of 82,714 available pages scanned (21.6% coverage) 16,412 of 17,880 scanned pages were reachable (91.8%) 8,004 reachable pages loaded at least one third-party script (48.8% of reachable) 10,793 known third-party service loads identified 24 unique known services across 16 categories
Third-Party JavaScript by Country
| Country | Scanned | Available | Reachable | URLs with 3rd-Party JS | Known Service Loads | JS URLs /100 Reachable | Known Loads /100 Reachable | Last Scan |
|---|---|---|---|---|---|---|---|---|
| Austria | 821 | 821 | 778 | 265 | 44 | 34.1 | 5.7 | 2026-05-23 |
| Belgium | 1,309 | 1,309 | 1,218 | 629 | 722 | 51.6 | 59.3 | 2026-05-24 |
| Bulgaria | 291 | 291 | 263 | 104 | 120 | 39.5 | 45.6 | 2026-05-23 |
| Croatia | 233 | 233 | 230 | 120 | 168 | 52.2 | 73.0 | 2026-05-24 |
| Czechia | 843 | 843 | 799 | 474 | 811 | 59.3 | 101.5 | 2026-05-24 |
| Denmark | 1,521 | 1,521 | 1,496 | 805 | 2,108 | 53.8 | 140.9 | 2026-05-25 |
| Estonia | 396 | 396 | 379 | 211 | 197 | 55.7 | 52.0 | 2026-05-24 |
| Finland | 180 | 180 | 170 | 45 | 25 | 26.5 | 14.7 | 2026-05-25 |
| France | 1,526 | 10,007 | 1,421 | 638 | 422 | 44.9 | 29.7 | 2026-05-23 |
| Germany | 1,576 | 6,555 | 1,541 | 469 | 511 | 30.4 | 33.2 | 2026-05-24 |
| Greece | 1,477 | 1,748 | 1,371 | 662 | 923 | 48.3 | 67.3 | 2026-05-24 |
| Hungary | 390 | 390 | 281 | 126 | 195 | 44.8 | 69.4 | 2026-05-25 |
| Iceland | 139 | 139 | 135 | 72 | 45 | 53.3 | 33.3 | 2026-05-26 |
| Ireland | 522 | 522 | 485 | 274 | 753 | 56.5 | 155.3 | 2026-05-25 |
| Italy | 1,030 | 5,338 | 937 | 344 | 319 | 36.7 | 34.0 | 2026-05-25 |
| Latvia | 802 | 802 | 754 | 517 | 620 | 68.6 | 82.2 | 2026-05-26 |
| Lithuania | 120 | 120 | 110 | 54 | 95 | 49.1 | 86.4 | 2026-05-26 |
| Luxembourg | 571 | 571 | 394 | 273 | 161 | 69.3 | 40.9 | 2026-05-26 |
| Poland | 1,439 | 14,938 | 1,330 | 671 | 978 | 50.5 | 73.5 | 2026-05-25 |
| Portugal | 1,360 | 3,503 | 1,149 | 674 | 1,093 | 58.7 | 95.1 | 2026-05-26 |
| Spain | 1,334 | 6,069 | 1,171 | 577 | 483 | 49.3 | 41.2 | 2026-05-26 |
Hover or focus any non-zero country-table count to preview matching pages. Activate the number to keep the preview open and download a CSV for that country and metric from Download machine-readable third-party tools data (JSON).
Top Third-Party Services
| # | Service | Loads |
|---|---|---|
| 1 | jsDelivr CDN | 2,329 |
| 2 | cdnjs (Cloudflare CDN) | 2,313 |
| 3 | Google Analytics (GA4) | 1,345 |
| 4 | Google reCAPTCHA | 814 |
| 5 | unpkg CDN | 813 |
| 6 | Google Tag Manager | 669 |
| 7 | Google Hosted Libraries | 524 |
| 8 | jQuery | 521 |
| 9 | CookieInformation | 410 |
| 10 | Cookiebot | 365 |
| 11 | Font Awesome | 231 |
| 12 | Bootstrap | 160 |
| 13 | OneTrust | 93 |
| 14 | Facebook Pixel | 66 |
| 15 | Adobe Dynamic Tag Management / Launch | 32 |
| 16 | Cloudflare Turnstile / Challenge | 31 |
| 17 | Sentry | 19 |
| 18 | Matomo Cloud | 14 |
| 19 | Google Analytics (Universal) | 14 |
| 20 | Zendesk | 11 |
Top Services by Page Prevalence
| # | Service | Reachable Pages | Prevalence of Reachable Pages |
|---|---|---|---|
| 1 | jsDelivr CDN | 1,331 | 113.7% |
| 2 | Google Analytics (GA4) | 1,321 | 112.8% |
| 3 | cdnjs (Cloudflare CDN) | 993 | 84.8% |
| 4 | Google reCAPTCHA | 798 | 68.1% |
| 5 | Google Tag Manager | 648 | 55.3% |
| 6 | unpkg CDN | 595 | 50.8% |
| 7 | Google Hosted Libraries | 473 | 40.4% |
| 8 | jQuery | 449 | 38.3% |
| 9 | CookieInformation | 410 | 35.0% |
| 10 | Cookiebot | 356 | 30.4% |
| 11 | Font Awesome | 177 | 15.1% |
| 12 | Bootstrap | 159 | 13.6% |
| 13 | OneTrust | 78 | 6.7% |
| 14 | Facebook Pixel | 64 | 5.5% |
| 15 | Adobe Dynamic Tag Management / Launch | 29 | 2.5% |
| 16 | Cloudflare Turnstile / Challenge | 28 | 2.4% |
| 17 | Sentry | 19 | 1.6% |
| 18 | Google Analytics (Universal) | 14 | 1.2% |
| 19 | Matomo Cloud | 14 | 1.2% |
| 20 | Zendesk | 11 | 0.9% |
Top Service Categories
| # | Category | Loads |
|---|---|---|
| 1 | CDN | 5,979 |
| 2 | Analytics | 1,473 |
| 3 | JavaScript Library | 1,045 |
| 4 | Cookie Consent | 878 |
| 5 | Security | 845 |
| 6 | CAPTCHA | 814 |
| 7 | Tag Manager | 701 |
| 8 | Icon Library | 231 |
| 9 | UI Framework | 160 |
| 10 | Advertising | 66 |
| 11 | Error Tracking | 19 |
| 12 | Customer Support | 11 |
| 13 | Chat | 11 |
| 14 | Payments | 4 |
| 15 | CRM | 3 |
Category Balance
Infrastructure-heavy categories (CDNs, core libraries, and UI assets):
| # | Infrastructure Category | Loads |
|---|---|---|
| 1 | CDN | 5,979 |
| 2 | JavaScript Library | 1,045 |
| 3 | Icon Library | 231 |
| 4 | UI Framework | 160 |
Policy-relevant categories (tracking, consent, support, and security tooling):
| # | Policy-Relevant Category | Loads |
|---|---|---|
| 1 | Analytics | 1,473 |
| 2 | Cookie Consent | 878 |
| 3 | Security | 845 |
| 4 | CAPTCHA | 814 |
| 5 | Tag Manager | 701 |
| 6 | Advertising | 66 |
| 7 | Error Tracking | 19 |
| 8 | Customer Support | 11 |
| 9 | Chat | 11 |
| 10 | Payments | 4 |
| 11 | CRM | 3 |
| 12 | Marketing | 3 |
Unknown Third-Party Hosts (Review Queue)
| # | Host | Loads | Reachable Pages |
|---|---|---|---|
| 1 | cdn.ent.auvergnerhonealpes.fr |
2,473 | 260 |
| 2 | ajax.aspnetcdn.com |
581 | 299 |
| 3 | cdn.ecollege.haute-garonne.fr |
465 | 44 |
| 4 | customer.cludo.com |
304 | 232 |
| 5 | cookie-notice.plzen.eu |
275 | 145 |
| 6 | translate.google.com |
255 | 255 |
| 7 | cdn.datatables.net |
254 | 85 |
| 8 | maps.googleapis.com |
250 | 249 |
| 9 | cm-ob.pt |
249 | 17 |
| 10 | dreambroker.com |
245 | 245 |
| 11 | cdn.herning.dk |
238 | 24 |
| 12 | maps.google.com |
187 | 187 |
| 13 | static.addtoany.com |
182 | 176 |
| 14 | cdn.public.lu |
181 | 164 |
| 15 | prod.widgets.burgerprofiel.vlaanderen.be |
177 | 57 |
These hosts were seen as third-party script sources but did not match a known service signature. Review this queue regularly and promote stable, policy-relevant hosts into the signature list.
📥 Machine-readable results: Download machine-readable third-party tools data (JSON)
Overview
This scan identifies third-party JavaScript loaded by government websites, including analytics tags, tag managers, cookie-consent tools, CDNs, customer support widgets, and other externally hosted scripts.
The goal is to make the external dependencies used across European government sites easier to inspect. This helps answer questions like:
- Which analytics or advertising vendors appear most often?
- How common are third-party CDNs and consent managers?
- Which countries lean more heavily on externally hosted web tooling?
The scanner looks at every <script src="..."> on a page, excludes
same-origin scripts, and then tries to match known services such as Google Tag
Manager, Google Analytics, Matomo Cloud, OneTrust, Cookiebot, Cloudflare,
Microsoft Clarity, HubSpot, and more.
Why This Matters
Third-party JavaScript can affect:
- Privacy: analytics, advertising, and tracking integrations may send data to external services.
- Security: externally hosted libraries and widgets increase supply-chain risk.
- Resilience: a page may depend on third-party infrastructure outside the control of the public authority.
- Performance: extra scripts often increase page weight and network cost.
This page gives an EU-wide view of those dependencies.
Usage
Scan a single country
python3 -m src.cli.scan_third_party_js --country ICELAND --rate-limit 1.0
Scan all countries
python3 -m src.cli.scan_third_party_js --all --rate-limit 1.0
Scan all countries with a runtime cap
python3 -m src.cli.scan_third_party_js --all --max-runtime 110 --rate-limit 1.0
Command-line options
| Option | Default | Description |
|---|---|---|
--country CODE |
— | Country code to scan (for example FRANCE or ICELAND) |
--all |
— | Scan all countries in the TOON directory |
--toon-dir PATH |
data/toon-seeds/countries |
Directory with .toon seed files |
--rate-limit N |
1.0 |
Maximum HTTP requests per second |
--max-runtime N |
0 (no limit) |
Maximum runtime in minutes for graceful CI stops |
GitHub Actions
The Scan Third-Party JavaScript workflow
(.github/workflows/scan-third-party-js.yml) runs automatically every 6 hours
and can also be triggered manually from the Actions tab.
Artifacts uploaded after each run:
| Artifact | Contents |
|---|---|
3pjs-scan-<run_number> |
data/metadata.db, scan output log, annotated *_3pjs.toon files |
validation-metadata |
data/metadata.db shared with the other scanners |
Output
Annotated TOON file
Each page entry in the output *_3pjs.toon file gains a third_party_js
field:
{
"url": "https://example.gov/",
"third_party_js": [
{
"src": "https://www.googletagmanager.com/gtm.js?id=GTM-XXXX",
"host": "www.googletagmanager.com",
"service_name": "Google Tag Manager",
"version": "GTM-XXXX",
"categories": ["Tag Manager"]
}
]
}
If scanning failed for a URL, a third_party_js_error field is added instead.
Database table
Results are stored in the url_third_party_js_results table:
| Column | Type | Description |
|---|---|---|
url |
TEXT | Page URL |
country_code |
TEXT | Country identifier |
scan_id |
TEXT | Unique scan run ID |
is_reachable |
INTEGER | 1 = page fetched successfully |
scripts |
TEXT | JSON array of third-party script records |
error_message |
TEXT | Error message if the page fetch failed |
scanned_at |
TEXT | ISO-8601 timestamp |