How to Tell If a Website Uses Plausible Analytics
Plausible is a privacy-first, cookieless analytics tool. Detect it via the plausible.io/js/script.js library, the data-domain attribute, the window.plausible function and /api/event beacons.
Plausible is the best-known of the new wave of privacy-first, cookieless analytics tools — a deliberate, lightweight alternative to Google Analytics. If you want to know whether a site runs it, the fastest answer is to open the Network tab and look for a small script from plausible.io/js/script.js carrying a data-domain attribute, plus a POST to /api/event. This guide covers every reliable signal, the privacy-by-design mechanics that shape them, and what the find tells you about the team.
What is Plausible Analytics?
Plausible is an open-source, privacy-focused web analytics product built explicitly as an alternative to Google Analytics. Its three defining traits are that it is cookieless (it uses no persistent identifiers and therefore needs no cookie banner for analytics), lightweight (the script is under a kilobyte, versus tens of kilobytes for GA), and independent (it is a small, bootstrapped European company, not an advertising platform). It reports the essentials — visitors, page views, sources, top pages, countries, devices — in a single clean dashboard rather than the sprawling interface of GA4.
Because adopting Plausible is a conscious rejection of the free, ubiquitous default, its presence is genuinely informative. You find it most often on the sites of indie makers, developer tools, open-source projects, privacy-focused brands, agencies and EU businesses that want simple, compliant measurement without the weight and data-sharing implications of Google Analytics. It is part of a broader movement that includes Fathom and Simple Analytics, and its open-source nature means it is frequently self-hosted by technical teams.
How Plausible loads and sends data
The mechanics are refreshingly simple, which is part of the point. A Plausible install adds a single script tag — <script defer data-domain="example.com" src="https://plausible.io/js/script.js"></script> — where the data-domain attribute names the site (or sites) the events belong to. There are variant script names for optional features, such as script.outbound-links.js, script.hash.js or script.tagged-events.js, which is a useful tell about what the team is tracking.
When a page loads, the script sends a single POST to plausible.io/api/event containing the event name (pageview), the URL, the referrer and the domain — but no cookie, no fingerprint and no persistent ID. For custom events, the script exposes a global window.plausible(eventName) function. Crucially, no cookies are set at all, so the combination of an /api/event beacon with a complete absence of tracking cookies is itself a strong Plausible signature. Self-hosted installs simply move the script and endpoint onto a first-party domain.
How to tell if a website uses Plausible
1. View the page source. Search for plausible. The giveaway is a script tag from plausible.io/js/script.js (or a self-hosted path) with a data-domain attribute. Variant script names hint at enabled features.
2. Check the Network tab. Filter for plausible or /api/event. You will see the small script.js download and a POST to plausible.io/api/event (or a first-party /api/event on self-hosted installs). The tiny payload and absence of an identifier are characteristic.
3. Use the console. Type plausible and press Enter. A Plausible-enabled page returns the window.plausible function used for custom events. Running plausible.q may show a queued-events array on deferred installs.
4. Inspect cookies — and note their absence. Open the Application panel. A genuine Plausible site sets no analytics cookies. An /api/event beacon with zero tracking cookies is a distinctive, deliberate pattern.
5. Read the data-domain value. It names the property the analytics belong to, which confirms the install and identifies the account scope.
What the Plausible signals look like
<script defer data-domain="example.com" src="https://plausible.io/js/script.js"></script>
POST https://plausible.io/api/event {"n":"pageview","u":"https://example.com/pricing","d":"example.com","r":null}
window.plausible = function() { ... }
(no analytics cookies set)
The pairing of the script.js with a data-domain attribute and the /api/event POST — with no cookies — is conclusive.
Plausible versus similar tools — avoiding false positives
The privacy-analytics space has close cousins, so match the exact fingerprint. Plausible uses plausible.io/js/script.js, a data-domain attribute and /api/event; Fathom uses cdn.usefathom.com/script.js and a data-site attribute; Simple Analytics uses scripts.simpleanalyticscdn.com and /simple.png or /events; Microsoft Clarity and the rest are not cookieless. The shared theme is "lightweight and cookieless", but the script host and the data attribute differ for each. Self-hosting can move Plausible onto a first-party domain, so if you see /api/event with a data-domain-style attribute on a custom host and no cookies, treat it as a self-hosted Plausible (or a fork like the community edition).
How reliable is each Plausible signal?
The /api/event POST is definitive — it is the page view being recorded. The script.js with a data-domain attribute is equally strong and bonus-rich because it names the property. The window.plausible function is reliable confirmation. The "no cookies" observation is corroborating rather than conclusive on its own (other cookieless tools exist), so pair it with the script or beacon. A static script reference without the /api/event call firing is the weakest signal. In practice, the script-plus-beacon combination settles it instantly.
What a Plausible install reveals about a company
Choosing Plausible is a values signal as much as a technical one. It tells you the team deliberately prioritised visitor privacy, regulatory simplicity and page speed over the free reach of Google Analytics — and was willing to pay for a small, independent European vendor (or self-host) to get it. That profile correlates strongly with developer-led companies, open-source projects, privacy and security brands, indie SaaS, and EU organisations wary of transatlantic data transfer. If you sell privacy tooling, consent management, GDPR consulting, or developer products, a Plausible install marks a culturally aligned buyer. It also frequently coincides with a fast, modern, privacy-respecting stack — static-site generators, edge hosting, privacy-friendly fonts and maps — so it is worth checking what else the site runs.
Plausible in a privacy-first stack
Plausible rarely appears in isolation; it tends to anchor a coherent privacy-and-performance philosophy. You will often find it alongside a static site generator or a modern framework (Astro, Hugo, Next.js), edge hosting (Cloudflare, Vercel, Netlify), self-hosted or privacy-respecting fonts (Bunny Fonts, self-hosted), and a deliberate absence of advertising pixels and heavy third-party scripts. Because it is cookieless, sites using only Plausible for analytics may legitimately run without a cookie consent banner for analytics purposes — itself a recognisable pattern. For an auditor, record whether the install is hosted (plausible.io) or self-hosted, which feature variant of the script is loaded, and whether the surrounding stack matches the privacy-first profile; together these tell you not just which tool the company uses but how it thinks.
A quick Plausible confirmation walkthrough
Open the site with developer tools on the Network panel. Filter for plausible and reload: you want the plausible.io/js/script.js (or first-party) load and the POST to /api/event. Hover over the script in the Elements panel and read its data-domain attribute to confirm the property. Switch to the Console and type plausible to confirm the global function. Finally, open the Application panel and verify that no analytics cookies are present — the cookieless pattern is part of the proof. Four quick signals, and you have confirmed Plausible, learned whether it is self-hosted, and identified the tracked domain.
A quick Plausible detection checklist
- Filter the Network tab for
/api/event; the POST with a tiny payload is conclusive. - Search the source for a
plausible.io/js/script.jstag with adata-domainattribute. - Type
plausiblein the console to confirm the global function. - Confirm the absence of analytics cookies — the cookieless pattern is a signature.
- Note variant script names (outbound-links, tagged-events) to see what is tracked.
- For self-hosted installs, look for
/api/eventand the data-domain pattern on a first-party host.
Why detecting Plausible matters across teams
For sales and prospecting, a Plausible install is a precise targeting signal. Privacy-tooling vendors, consent-management platforms, GDPR consultants and ethical-marketing agencies all find an ideal customer in a team that has already paid for cookieless analytics — the buyer has self-identified as privacy-motivated, so outreach can skip the education step and speak directly to shared values. Developer-tools companies benefit too, because Plausible adopters skew technical and open-source-friendly, which is exactly the audience for APIs, SDKs and infrastructure products.
For agencies and consultants, finding Plausible on a prospect's site reframes the conversation. Rather than proposing a Google Analytics setup, you can lead with privacy-respecting measurement, server-side tracking, or help interpreting Plausible's deliberately simple dashboard. It also tells you the client values page speed and clean markup, so a pitch built around performance, Core Web Vitals and lean third-party usage will resonate far more than one built around heavyweight martech.
For competitive and market research, the spread of Plausible across a sector is a useful barometer of how seriously that industry takes privacy. A competitor running Plausible is signalling a brand position; knowing that helps you decide whether to match it or to differentiate on a richer-data story. And for anyone planning a migration or doing technical diligence, spotting Plausible tells you the incoming data is event-light and cookieless, which simplifies consent but means historical depth and advanced segmentation may be limited — important context for setting expectations and scoping any move to or from a heavier platform.
Detecting Plausible at scale
Checking one page is a quick console call. To find every privacy-first site across a list — for prospecting privacy-aligned buyers or market research — automate it. StackOptic detects Plausible (hosted and self-hosted) and thousands of other technologies from a real browser. See how to find out what analytics a website uses and the Plausible profile for more.
Frequently asked questions
What is the fastest way to detect Plausible?
Open the Network tab, reload and filter for 'plausible'. You will see a small script load from plausible.io/js/script.js and a POST to plausible.io/api/event recording the page view. The script tag also carries a data-domain attribute naming the site, which together are definitive.
Does Plausible set cookies?
No. Plausible is deliberately cookieless and does not use any persistent identifiers, which is central to its privacy and GDPR positioning. That means you will not find tracking cookies; instead, confirm it through the script.js library, the data-domain attribute and the /api/event beacon.
What is the data-domain attribute?
Plausible's script tag includes a data-domain attribute, for example data-domain="example.com", which tells Plausible which site the events belong to. Finding a script from plausible.io with a data-domain attribute is one of the cleanest confirmations that a site uses Plausible.
How do I detect a self-hosted Plausible install?
Plausible is open source and can be self-hosted, in which case the script and /api/event endpoint live on the site's own domain (for example analytics.example.com/js/script.js) rather than plausible.io. Look for the same data-domain attribute and the /api/event POST on a first-party host, plus the window.plausible function.
What does using Plausible say about a company?
Plausible is a privacy-first, cookieless, lightweight alternative to Google Analytics, so its presence signals a team that deliberately prioritised visitor privacy, GDPR simplicity and page speed over Google's free ubiquity. It is common among indie makers, developer tools, privacy-focused brands and EU businesses.
Analyse any website with StackOptic
Get the full technology stack, performance, security and SEO report in seconds — free.
Analyse a websiteRelated articles
How to Tell If a Website Uses Heap
Heap (Heap Analytics) autocaptures product events. Detect it via the cdn.heapanalytics.com script, the global heap object, heapanalytics.com beacons and _hp2 cookies.
How to Tell If a Website Uses Foundation
Foundation (by Zurb) is a responsive front-end framework. Detect it via its grid classes (row/columns, grid-x/cell), data-* component attributes and the foundation.css/js files.
How to Tell If a Website Uses Crisp
Crisp is a developer-friendly, affordable live-chat and messaging tool. Detect it via the client.crisp.chat/l.js script, the window.$crisp object and the CRISP_WEBSITE_ID value.