Cookie Sync Visualizer
Fetch a page and list likely cookie-sync or ID-match partners based on sync-like endpoints found in HTML resources. This is a useful first pass for privacy, identity, and header bidding investigations when you need to see which third-party domains look involved in sync behavior.
List likely sync partners from a page before digging into full network traces.
What you can do here
- Audit a page before a privacy review.
- Investigate identity-related bidder behavior.
- Explain which external domains appear involved in sync activity.
Before you start
- Provide a public page URL.
About Cookie Sync Visualizer
The Cookie Sync Visualizer looks through fetched page resources for sync-like URL patterns such as `match`, `sync`, `setuid`, and related identity endpoints.
Use it as a quick privacy or header bidding debugging pass when you need to identify which external domains appear to participate in sync behavior.
Best uses for Cookie Sync Visualizer
- Audit a page before a privacy review.
- Investigate identity-related bidder behavior.
- Explain which external domains appear involved in sync activity.
How to use Cookie Sync Visualizer
- Enter a page URL.
- Scan the page for sync-like resource patterns.
- Review detected hosts and sample URLs.
What to paste in
- Provide a public page URL.
What you should see
- Detected hosts, sync patterns, and sample resource URLs.
Example checks
These are simple checks you can run when you want a real sample and a clear result to compare against.
Provide a public page URL.
Why run it: Audit a page before a privacy review.
What to look for: Detected hosts, sync patterns, and sample resource URLs.
Cookie Syncs, Identity Paths, and Privacy Reviews
Why cookie sync visibility still matters
Even as browsers restrict third-party cookies and privacy frameworks reshape identity workflows, sync-like behavior remains relevant in ad tech. Many integrations still rely on some combination of ID matching, sync endpoints, user-match calls, or identity surfaces that resemble historic cookie sync flows. Understanding which partners appear to be involved is valuable for both performance and privacy reviews.
The difficulty is that sync behavior is often distributed across markup, scripts, and external resources. Without a focused inspection pass, teams may not notice how many third-party domains appear to expose sync-like endpoints on a page. That lack of visibility creates problems for privacy reviews, consent debugging, and bidder-readiness investigations. You cannot reason about third-party dependencies you have not even identified.
A visualizer helps by scanning for likely sync patterns in a lightweight way. It does not claim to prove a specific ID transfer happened. Instead, it shows which hosts and URLs look like sync surfaces so teams know where to focus deeper inspection. That is the right level of ambition for an initial debugging tool.
How sync visibility supports header bidding and privacy work
Header bidding workflows often include identity and sync-related behavior that affects how bidders perform over time. A page with many sync surfaces may not be broken, but it may be more complex and more dependent on privacy-signal readiness than teams realize. Knowing which domains appear involved helps explain why certain bidders behave differently across browsers, regions, or consent states.
From a privacy perspective, the same visibility is useful during audits. Reviewers can inspect which third-party hosts appear to participate in sync-like flows and compare that picture against declared partners, CMP behavior, and cookie policy expectations. This is especially important for organizations trying to reduce surprise third-party behavior and keep consent-aware delivery understandable.
Because sync behavior is not always obvious from business documentation, a technical first-pass tool creates a much stronger foundation for those conversations. It turns a theoretical privacy concern into a list of concrete domains and example URLs.
Limits and practical value
It is important to treat sync visualization as directional evidence rather than definitive proof. A URL pattern like `setuid` or `match` strongly suggests sync intent, but the actual data flow may still depend on runtime conditions, consent state, or script execution that static inspection cannot fully reproduce. The tool is useful because it narrows the field quickly, not because it solves every identity question by itself.
That practical framing makes the output more valuable. Teams can use the result to decide which domains to inspect further in devtools, which partners to question during a privacy review, or which parts of the page architecture look heavier than expected. It becomes a guide for deeper debugging rather than an overconfident final verdict.
Over time, that kind of visibility helps teams maintain healthier ad-tech stacks. The more often they can identify likely sync participants early, the less often privacy and performance surprises emerge late in the launch or audit cycle.
Troubleshooting
What to look for
- Detected hosts, sync patterns, and sample resource URLs.
Common issues
- A sync-like pattern does not guarantee an actual cookie match took place.
- Scripted runtime behavior may not appear in the fetched markup.
Best practices
- Include the full URL (with https://) for best results.
- If a fetch fails, confirm the endpoint is publicly reachable.
- Some hosts block automated requests; try a different URL if needed.
Related tools
More tools in the privacy / tcf category.
- TCF String Decoder - Decode IAB TCF v2 consent strings into human-readable metadata, purposes, and vendor consent arrays. Paste a TC string from a CMP or euconsent-v2 cookie, and instantly see what it contains for QA, troubleshooting, and compliance checks. Everything runs client-side for privacy.
- Cookie Inspector - Parse and analyze Set-Cookie headers or page cookie dumps to surface security, scope, and privacy issues with remediation guidance. Useful for privacy, security, and ad ops teams to quickly understand cookie risks and fixes.
- US Privacy String Decoder - Decode IAB US Privacy strings into readable notice, opt-out, and LSPA flags for CCPA and US state privacy debugging.
- Consent Cookie Inspector - Parse cookie strings for common consent and privacy signals such as euconsent-v2, addtl_consent, US Privacy, and GPP cookies so teams can see which consent artifacts are actually present.
Related reading
More specific pages for the exact jobs this tool supports.
Find Likely Cookie Sync Partners on a Page
Use sync-pattern detection to focus privacy and identity reviews faster.
Spot Cookie Sync Partners After a CMP Rollout
A post-rollout identity workflow for sync discovery.
Inspect Cookie Sync Load on Pages With Many Bidders
A niche sync-discovery page for bidder-heavy templates.
Compare Cookie Sync Hosts Between Two Page Templates
A comparative long-tail page for template-level sync differences.
Spot Sync Hosts on Consent-Denied Pages
A consent-state workflow for sync host discovery.
Review Cookie Sync Hosts After an Identity Partner Launch
A rollout-review workflow for identity-related sync host changes.
Decode TCF Consent for Vendor Audits
A consent-focused workflow for understanding who is allowed to do what in a TCF string.
Audit Cookie Attributes for Ad-Tech Workflows
A workflow for making Set-Cookie data understandable before it causes auth, sync, or compliance issues.
Frequently asked questions
Is it free to use?
Yes. Core tools are free and accessible without signup.
Does it upload my data?
This tool makes server-side fetches to the URLs you provide so results can be rendered. We do not store the fetched content beyond the request.
What if I spot a bug?
Please reach out via the Contact page with a reproduction example.
Does it capture runtime network traffic?
No. It inspects fetched page markup and resource URLs, not live browser execution.
Can it prove a partner actually synced an ID?
No. It identifies likely sync surfaces so you know where to look next.
Why is this useful for Prebid debugging?
Identity and sync surfaces often explain bidder readiness, privacy dependencies, or unexpected partner involvement.