Web Font Analyzer
Detects Google Fonts, Adobe Typekit, Bunny Fonts, and self-hosted @font-face. Flags GDPR risk of Google Fonts CDN (German court ruling). Checks font-display and preload hints. Grade A-F.
How to Use Web Font Analyzer
- 1Enter your website URL to analyze fonts.
- 2The tool fetches the HTML and CSS to find all font references.
- 3Google Fonts, Adobe Typekit, Bunny Fonts, and self-hosted fonts are detected.
- 4GDPR risk assessment and recommendations for self-hosting are provided.
Zenovay
Track your website performance
Real-time analytics, session replay, heatmaps, and AI insights. 2-minute setup, privacy-first.
Related Tools
GA4 Health CheckerAudit your Google Analytics 4 setup for duplicate tracking, consent mode issues, deprecated UA scripts, and data layer problems.
Analytics AdvisorCompare 14+ analytics platforms on pricing, privacy compliance, features, and GDPR readiness. Find the right tool for your needs.
Privacy Policy AuditorDetect third-party scripts on your site and check if each one is properly disclosed in your privacy policy. Get a compliance score.
Privacy Law CheckerAnalyze your website to determine which privacy laws (GDPR, CCPA, LGPD, PIPEDA, APPI) apply based on audience signals.
Frequently Asked Questions
Why are Google Fonts a GDPR compliance risk?▾
When you include Google Fonts from Google's CDN (fonts.googleapis.com), the user's browser sends a request to Google's servers — revealing their IP address. In January 2022, the Munich Regional Court (LG München I) ruled that a website's use of Google Fonts without explicit consent violated GDPR (DSGVO), awarding €100 damages to the plaintiff. The ruling established that IP addresses are personal data under GDPR, and transferring them to a US company (Google) without consent violates Article 44 GDPR. To fix this: self-host your fonts or use a GDPR-compliant alternative like Bunny Fonts.
How do I self-host Google Fonts?▾
Use google-webfonts-helper (available as a web tool) to download the font files (WOFF2 format recommended) and the CSS. Upload the font files to your server, add the CSS @font-face declarations, and remove the Google Fonts <link> tags. Always add font-display: swap to prevent Flash of Invisible Text. Alternatively, use Bunny Fonts (fonts.bunny.net) which provides a drop-in replacement API for Google Fonts — same font families, same API URL format, but with EU-based infrastructure and no IP logging.
What is font-display: swap and why does it matter for Core Web Vitals?▾
font-display: swap tells the browser to immediately render text using a fallback system font, then swap to the custom font once it loads. Without it, the browser may hide text entirely while the font loads (Flash of Invisible Text / FOIT), causing your Largest Contentful Paint (LCP) score to be delayed and your Core Web Vitals to suffer. Add font-display: swap to all @font-face declarations and to Google Fonts URLs by appending &display=swap to the URL.
What are font preload hints and should I use them?▾
Font preloads (<link rel="preload" as="font" href="..." crossorigin>) tell the browser to fetch critical font files before it parses the rest of the HTML. This reduces the chance of layout shift (CLS) and invisible text. Use preloads for your above-the-fold fonts only — preloading every font increases bandwidth. Pair preloads with <link rel="preconnect"> to the font CDN domain to establish the connection early. For self-hosted fonts, preloading the WOFF2 file is most effective.
Is Adobe Fonts (Typekit) GDPR compliant?▾
Adobe Fonts sends user data to Adobe's servers when fonts are loaded. It's medium-risk rather than high-risk because Adobe has an EU-US Data Privacy Framework certification and offers a Data Processing Agreement (DPA). However, you still need to disclose Adobe Fonts in your privacy policy and potentially add it to your cookie consent. Adobe provides EU-region font serving, but the legal status of US data transfers under post-Schrems II law is still contested. For maximum compliance, self-hosting remains the safest option.