--- title: "See what a site really tracks — before you click Accept" url: "https://consenttheater.org/extension" description: "Free, open-source browser extension for Chrome and Firefox. See trackers, cookies and pre-consent data flows before you click Accept. No telemetry, no accounts, nothing leaves your browser." --- Browser extension # See what a site really tracks — before you click Accept A free, open-source sidebar for Chrome and Firefox that shows, in plain language, which trackers a site loads, which cookies it drops, and whether any of it happens _before_ you've agreed to a cookie banner. [ Install for Chrome / Edge / Brave / Arc ](https://chromewebstore.google.com/detail/consenttheater/polanfackgaekglhmgdknmojihbngjkc)[ Install for Firefox / Zen ](https://addons.mozilla.org/en-US/firefox/addon/consenttheater/)[ On GitHub Build the latest dev version yourself ](https://github.com/ConsentTheater/extension) Manual install Install the latest dev build from GitHub Releases (v0.4.0) Chrome / Edge / Brave / Arc 1. Download [consenttheater-chrome-v0.4.0.zip](https://github.com/ConsentTheater/extension/releases/download/v0.4.0/consenttheater-chrome-v0.4.0.zip) and unzip it somewhere you'll remember. 2. Open `chrome://extensions/`. 3. Turn on **Developer mode** (top-right toggle). 4. Click **Load unpacked** and pick the unzipped folder. Firefox / Zen 1. Download [consenttheater-firefox-v0.4.0.zip](https://github.com/ConsentTheater/extension/releases/download/v0.4.0/consenttheater-firefox-v0.4.0.zip) and unzip it. 2. Open `about:debugging#/runtime/this-firefox`. 3. Click **Load Temporary Add-on…** and pick the `manifest.json` from the unzipped folder. Firefox clears temporary add-ons on restart — reload after each browser restart, or just install the signed build from [Firefox Add-ons](https://addons.mozilla.org/en-US/firefox/addon/consenttheater/) instead. All builds and changelogs: [GitHub Releases](https://github.com/ConsentTheater/extension/releases). What's new ## Version 0.4.0 — Playbill 0.4.0 data refresh A data-quality release. No new extension features — the work happened in `@consenttheater/playbill`, the tracker knowledge base bundled with the extension, which moves from 0.3.0 to 0.4.0. * **Bigger catalogue.** Settings now reports **4,028 cookies / 6,085 domains / 2,992 companies** (10,113 unique signatures after category-merge) — the size of the in-memory tracker map the matcher actually consults on every scan. * **Fewer cross-file collisions.** Continued data-quality work narrowed remaining `COMPANY MISMATCH` cases: cookie collisions down to 91 (from 109 in 0.3.0), domain collisions down to 300 (from 344). Broader coverage across advertising, analytics and marketing categories. * **Same matching API.** No extension-side code changes — `loadPlaybill`, `matchCookie`, `matchDomain` and `Playbill.stats` keep the same surface. Settings picks up the new totals automatically as soon as the package is rebuilt. * **Dependency refresh.** Patch / minor bumps for Tailwind, Vite, ESLint, typescript-eslint, addons-linter, postcss and `@types/chrome` — none with runtime impact on the shipped extension. Full release notes: [CHANGELOG.md](https://github.com/ConsentTheater/extension/blob/main/CHANGELOG.md) on GitHub. Privacy by design ## Nothing leaves your browser. Really. * ✅ No server, no accounts, no cloud sync, no telemetry. * ✅ Zero outbound requests to ConsentTheater or any third party during normal use. * ✅ The extension only looks at the tab where you opened the sidebar — other tabs and your regular browsing are never touched. * ✅ The tracker catalogue is bundled at build time — no runtime fetch, no update ping. * ✅ Scan results live only in the sidebar's memory and are cleared the moment you leave the tab or close the sidebar. Read the full, plain-language [extension privacy policy](https://github.com/ConsentTheater/extension/blob/main/PRIVACY.md) — including exactly why each browser permission is needed. ## What it does ### One-click clean-slate scan Wipes cookies, localStorage, sessionStorage, IndexedDB, cache and service workers for the origin, then reloads. Every scan starts from a true first visit. ### Catches pre-consent tracking The most common GDPR problem is trackers that fire before you accept. ConsentTheater watches from the first byte and flags everything that sneaks in early. ### Understands the banner Finds Accept / Reject / Manage buttons across the top frame, shadow DOM and iframes, then times the scan around your click — so "before you agreed" really means before you agreed. ### Live third-party inspector Always-on view of every cookie, every storage key, and every third-party host the current page contacts, bucketed by tracker company and consent burden. ### Observations, not verdicts We don't grade your site. Each finding is a factual observation — a request, a cookie, a banner shape — tagged with its consent burden under GDPR. Whether the site is compliant overall is a question for a DPA or your DPO. ### PDF & HAR export One click saves a print-ready PDF report or a HAR 1.2 network trace of the entire scan. The HAR opens in DevTools, Charles or HTTPToolkit and carries Playbill classifications inline. ### Shareable report Copy a clean text summary, hand it to a friend, a support team, or (if you go that far) a regulator. ## Screenshots ![Welcome screen in light mode explaining what ConsentTheater does before the first scan](/_astro/screenshot-light-welcome.CCgIh6hp_1wSdWx.webp) Light — welcome & consent ![Welcome screen in dark mode explaining what ConsentTheater does before the first scan](/_astro/screenshot-dark-welcome.DOXC0sV5_1xMKSH.webp) Dark — welcome & consent ![Live scan in light mode — banner shape, pre-consent tracker list grouped by company](/_astro/screenshot-light-scan.DnBnJn4-_1XHxWV.webp) Light — live scan ![Live scan in dark mode — banner shape, pre-consent tracker list grouped by company](/_astro/screenshot-dark-scan.BxImI_3L_Z1BwMY7.webp) Dark — live scan ## Why does it ask for so many permissions? A privacy auditor has to be able to see what a website is doing — so a few browser permissions are unavoidable. Every single one is narrowly scoped and only used for the scan you explicitly trigger. cookies, browsingData To read the origin's cookies and wipe them before the scan, so we measure what a real first visitor sees. webRequest, webNavigation To catch every third-party request during the scan, especially the ones that happen before you touch the banner. content script A static content script registered in the manifest detects the consent banner and resolves your Accept / Reject click. No dynamic script injection — the `scripting` permission was removed in v0.2.0. storage To remember your UI preferences (theme, language, high-contrast). Nothing else is stored. Required so the above APIs work on whichever site you choose to scan. Your normal browsing is never observed. Full breakdown in the [extension privacy policy](https://github.com/ConsentTheater/extension/blob/main/PRIVACY.md). ## Open source, end to end The extension, the tracker catalogue, and this website are all open source under [AGPL-3.0-or-later](/license/). You can read the code, build your own copy, audit every privacy claim, or fork the project. * Extension source — [github.com/ConsentTheater/extension](https://github.com/ConsentTheater/extension) * Tracker catalogue — [github.com/ConsentTheater/playbill](https://github.com/ConsentTheater/playbill) * This website — [github.com/ConsentTheater/website](https://github.com/ConsentTheater/website) Questions, corrections, or an actor the extension classified incorrectly? Open an issue on [GitHub](https://github.com/ConsentTheater/extension/issues) — or, if you'd rather, email [developer@consenttheater.org](mailto:developer@consenttheater.org). ConsentTheater is an independent open-source project and is not affiliated with, endorsed by, or sponsored by Google, Mozilla, Microsoft, Brave Software, The Browser Company, Zen Browser, or any other browser vendor. The Chrome Web Store and Firefox Add-ons listings are simply the standard ways to distribute browser extensions. All product names, logos and browser brands are property of their respective owners.