Features How it works Support Download Free
Nahnu Asset Scanner How-to guide
How-to guide

How to use the plugin

Everything you need to go from a fresh install to a complete inventory of your site's assets, cookies, and external domains.

5 minute read No configuration required Works on any WordPress site
1
Step one

Install the plugin

Nahnu Asset Scanner installs like any other WordPress plugin. No API keys, no account, no external dependencies to set up first.

A
From the WordPress plugin directory
Go to Plugins > Add New Plugin in your WordPress admin. Search for "Nahnu Asset Scanner", click Install Now, then Activate.
B
From a zip file
Download the zip from WordPress.org. Go to Plugins > Add New Plugin > Upload Plugin, choose the zip file, install, and activate.

Once activated, Asset Scanner appears as a top-level menu item in your WordPress admin sidebar. No setup wizard, no onboarding.

2
Step two

Configure settings

Before running your first scan, visit Asset Scanner > Settings. The most useful thing here is updating the two optional cookie databases. The plugin ships with a bundled database, but fetching the external ones adds significant coverage.

Asset Scanner settings tab showing cookie database options

Both databases are optional. The plugin works without them. Fetching them improves cookie categorization accuracy and enables the Domains tab enrichment. Each fetch is a single manual action. The plugin makes no background network requests.

Fetch both databases before your first scan. It takes about ten seconds and you will not need to do it again until you want to update them.

3
Step three

Select pages to scan

Go to Asset Scanner in your admin menu. The main screen shows a list of your site's pages. Check the ones you want to include in the scan. You can scan up to 10 pages at a time and run as many scans as you need.

Asset Scanner pages tab showing page selection before a scan

Which pages should you pick? Start with the ones that matter most: your homepage, shop or pricing page, and checkout. Different page templates load very different sets of scripts and cookies.

Pages behind a login are not scanned. The scanner visits each URL as an unauthenticated guest. Membership-gated pages and login-required checkouts will return limited results.

4
Step four

Run the scan

Click the Run Scan button. The plugin visits each selected page on your server and collects everything it finds: scripts, stylesheets, cookies, and external domain calls. Results are stored in your database as each page finishes.

Asset Scanner with pages selected, ready to run scan

The scan runs entirely on your server. No data is sent to any external service. The scanner makes HTTP requests to your own pages and stores all findings in your WordPress database.

Scan stalling? Your server's PHP execution time limit is likely too short. Try scanning fewer pages per run, or ask your host to increase the max_execution_time PHP setting.

5
Step five

Read the results

Once the scan finishes, results are shown across four tabs. Each tab covers a different category of asset. You can filter and search within each tab.

JavaScript
Every script with its WordPress handle, file path, size, and the plugin that registered it. Use this to build your defer and exclusion lists in WP Rocket, Perfmatters, or LiteSpeed Cache.
CSS
Every stylesheet with its handle, path, size, and source plugin. Spot bloated stylesheets and know exactly which ones to exclude from combine or minify rules.
Cookies
Every cookie categorized as Necessary, Preferences, Analytics, or Marketing, and attributed to the plugin that sets it. Your starting point for Complianz, CookieYes, or any consent platform.
Domains
Every third-party domain your site contacts, enriched with Ghostery TrackerDB: the owning company, category, and a link to their privacy policy. Use for CSP configuration and GDPR processor lists.
Asset Scanner cookies tab showing categorized cookie results

Cookies set after user interaction will not appear. The scanner captures what is present on initial page load only. Cookies set after cart actions, consent, or login require manual inspection in your browser's DevTools.

6
Step six

Export your data

Each tab has an Export button. Click it and the results download as an Excel file. Open it in Excel, Google Sheets, or Numbers and use it however you need.

A
For cache optimization
Open the JS export. Copy the file paths of third-party scripts or scripts from plugins you know cause issues when deferred. Paste them into the exclusion list in WP Rocket, Perfmatters, or LiteSpeed Cache.
B
For cookie consent
Open the Cookies export. It includes cookie name, category, source plugin, and domain. Reference this when setting up Complianz, CookieYes, Real Cookie Banner, or Borlabs Cookie.
C
For privacy documentation
Open the Domains export. Use the company names and privacy policy links to build or update your GDPR third-party data processor list and Privacy Policy.

Re-scan after major plugin changes. When you install, remove, or update plugins, run a fresh scan. Assets and cookies can change with plugin updates and your cache exclusion lists may need updating.

What next?

Download the plugin Free on WordPress.org
See all features What the plugin does
Support Report a bug or request a feature

This website uses cookies to enhance your browsing experience and ensure the site functions properly. By continuing to use this site, you acknowledge and accept our use of cookies.

Accept All Accept Required Only