ZenovayTools

Session Replay Auditor

Detect session replay and heatmap tools on your site. Check GDPR compliance, privacy policy disclosure, and consent gating.

How to Use Session Replay Auditor

  1. 1Enter your website URL.
  2. 2The tool detects session replay, heatmap, and fingerprinting tools.
  3. 3Review each tool's compliance status and consent requirements.
  4. 4Follow the fix priorities to ensure GDPR compliance.
Zenovay

Track your website performance

Real-time analytics, session replay, heatmaps, and AI insights. 2-minute setup, privacy-first.

Try Zenovay Analytics — Free

Related Tools

GA4 Health CheckerAudit your Google Analytics 4 setup for duplicate tracking, consent mode issues, deprecated UA scripts, and data layer problems.
Analytics AdvisorCompare 14+ analytics platforms on pricing, privacy compliance, features, and GDPR readiness. Find the right tool for your needs.
Privacy Policy AuditorDetect third-party scripts on your site and check if each one is properly disclosed in your privacy policy. Get a compliance score.
Privacy Law CheckerAnalyze your website to determine which privacy laws (GDPR, CCPA, LGPD, PIPEDA, APPI) apply based on audience signals.

Frequently Asked Questions

What does the Session Replay Auditor check?
It scans your page for session replay, heatmap, and browser fingerprinting tools. For each tool found, it assesses the privacy risk level, checks if the tool is disclosed in your privacy policy, and verifies whether a consent gate is present.
What are the risk levels?
High risk means the tool records detailed user interactions (keystrokes, mouse movements, full DOM). Medium risk means it collects session data but with some limitations. Low risk means minimal data collection with privacy-preserving defaults.
What is CNIL high risk?
The French data protection authority (CNIL) considers session replay tools that record user interactions in detail as high-risk processing requiring a Data Protection Impact Assessment (DPIA). Tools flagged as CNIL high risk need extra compliance measures.
How are the grades calculated?
Grade A means no replay/fingerprint tools detected. Grade B means one medium-risk tool. Grade C means two or more medium-risk tools. Grade D means one high-risk tool. Grade F means two or more high-risk tools.
What does "consent gated" mean?
A tool is consent-gated if its script appears after the consent management platform script in the page HTML. This is a heuristic indicator that the tool may be loaded only after consent is granted, but it is not definitive.
Does this tool check my privacy policy?
Yes. It attempts to find and fetch your privacy policy page, then checks if each detected tool is mentioned by name. Disclosing session replay tools in your privacy policy is a GDPR requirement.
Can session replay tools be GDPR compliant?
Yes, but they require explicit user consent before activation, disclosure in the privacy policy, a Data Protection Impact Assessment for high-risk tools, and proper data processing agreements with the tool vendor.