A plain how-to for checking your church website for trackers by hand — View Source plus Find for the signatures, the DevTools Network tab, and inner pages like giving and prayer. What each tracker means and when to worry.
You can check your own church website for trackers in about ten minutes, with no special tools — open the page, view its source, and search for a handful of known names. If you find an advertising or identity tracker on a giving or prayer page, that's the one worth a second look.
In our June 2026 scan of 507 church homepages, 72% carried at least one third-party tracker, and 1 in 5 carried the Meta (Facebook) pixel. Most churches didn't put them there on purpose. A website builder turns analytics on by default, or someone runs an event-promotion campaign in 2019 and the code never comes back off. Nobody's doing anything wrong — they just never looked. Here's how to look.
Open your church homepage in a regular browser. Press Ctrl+U (Windows) or Cmd+U (Mac) to view the page source — a wall of code in a new tab. Don't read it. Press Ctrl+F or Cmd+F to bring up Find, and search for these one at a time:
If Find jumps to a match and highlights it, that tracker is on the page. If it says "no results," it isn't. That's the whole check. Write down what you find on each page.
If you want to see everything the page actually talks to — including trackers loaded indirectly — use the Network tab. Right-click anywhere on the page, choose Inspect, click the Network tab, then reload the page. You'll see a live list of every request. The third-party domains (facebook, google-analytics, hotjar, doubleclick, and others) are the ones reaching outside your site. This catches things a plain text search can miss, because some trackers are loaded by other scripts rather than written into the page directly.
This matters more than the homepage check itself. Inner pages often carry more than the front page — and they're the sensitive ones. Run the same View Source and Find pass on your giving page, your prayer-request page, and your contact form. In our scan, the giving pages we could reach carried the Facebook pixel at a higher rate (26.8%) than homepages (21.3%). A tracker on a giving form is watching people in the act of donating; that's a different weight than one on your "About Us" page.
Not all of these are equal, so don't treat them the same.
The Facebook/Meta pixel is the one to scrutinize. It's an advertising and identity tracker — it can send what a visitor did, including on a giving or prayer or counseling page, back to Facebook and tie it to that person's profile. If you find it on a sensitive page, that's worth a real decision.
Google Analytics is plain traffic counting — how many people visited, which pages, roughly where from. It's everywhere on the web and lower-risk, though it's still a third party seeing your visitors. Session recording like Hotjar can replay what a visitor typed or clicked, which is risky on any page with a form.
To remove or adjust any of them, a web admin works in one of three places: Google Tag Manager, your website builder's "integrations" or "marketing" settings, or a script pasted into the site's header. Trackers can be removed entirely or scoped so they don't run on the pages that handle sensitive moments.
You don't need to strip every tracker. Analytics on your homepage is ordinary. The call is narrower: look hard at advertising and identity trackers — the Facebook pixel above all — on the pages where people give, ask for prayer, or reach out for help. Presence isn't proof of misuse, and finding the pixel doesn't mean anyone mishandled anything. It means you now know it's there and can decide on purpose. For the bigger picture on how faith-app and giving data has actually been handled, see our case study on church apps and data.
For what it's worth, the assistant AskMyChurch puts on your own site is anonymous by default — no accounts, no names, no device tracking. It builds no profile of the person asking, surfaces care needs as themes rather than names, and sells or brokers no data.
Open your page, press Ctrl+U or Cmd+U to view the source, then press Ctrl+F or Cmd+F and search for connect.facebook.net or fbevents. If either is highlighted, the Meta (Facebook) pixel is on that page. Check your giving and prayer pages too, not just the homepage — in our June 2026 scan of 507 church homepages, 1 in 5 carried the pixel, and giving pages carried it at a higher rate than homepages.
Not necessarily. Google Analytics is basic traffic counting — how many people visited and which pages — and it's common across the web and lower-risk. It's still a third party seeing your visitors, but it's a different weight than an advertising or identity tracker like the Facebook pixel. Scrutinize the pixel on sensitive pages first; analytics on your homepage is ordinary.
View Source plus Find catches trackers written directly into the page's code, and takes about a minute per page. The Network tab (right-click, Inspect, Network, then reload) shows every domain the page actually talks to, including trackers loaded indirectly by other scripts. Start with View Source; use the Network tab when you want the complete picture.
A web admin works in one of three places: Google Tag Manager, your website builder's integrations or marketing settings, or a script pasted into the site's header. From there a tracker can be removed entirely or scoped so it doesn't run on sensitive pages like giving and prayer. You don't have to remove everything — focus on advertising and identity trackers on the pages that handle sensitive moments.
No. Presence is not proof of misuse. In our scan, most churches added these unintentionally — a website builder default, or an old event-promotion campaign that left code behind. Finding the Facebook pixel doesn't mean anyone mishandled data. It means you now know it's there and can decide on purpose whether it belongs on that page.
Updated 2026-06-26 · AskMyChurch by Vision Genesis · Knoxville, TN
See it answer — try a live demo →