Comparison: Web Analytics

Best Web Analytics Tools Compared (2026): Features, Pricing, and Privacy

Web analytics tools power product decisions and marketing attribution, but they also sit on the critical path for GDPR, CCPA, and HIPAA. This guide compares leading platforms on measurement depth, then scores each on the privacy dimensions privacy teams actually validate: consent gating, IP and identifier handling, subprocessors, and whether the tool still fires when visitors reject analytics or send Global Privacy Control.

Audit your deployment See Privacy Edge

Quick summary

What to know before you choose

What it does

Web analytics collects page views, events, funnels, cohorts, and often identity-linked profiles so teams can understand acquisition, activation, and retention.

What to look for

Require EU data region options, consent mode or equivalent, server-side collection where needed, clear subprocessors, and evidence that tags do not load in reject or GPC states.

Where Lokker fits

Lokker inventories every analytics beacon across your sites, validates consent and GPC behavior at the network layer, and can enforce blocking when a CMP misconfigures GA4, Adobe, or product analytics SDKs.

The tools

Tools included in this comparison

Eight leading tools covering free, mid-market, and enterprise tiers, cloud and self-hosted deployment, and a range of privacy and compliance postures.

Google Analytics 4

Free and dominant web and app analytics with Consent Mode v2 and Ads-linked conversions.

FreeCloud (US)

Visit site Privacy topics

Adobe Analytics

Enterprise marketing analytics with advanced segmentation, attribution, and Experience Cloud integrations.

Enterprise pricingCloud + on-premises

Visit site

Mixpanel

Product analytics focused on events, funnels, retention, and cohort reporting.

From ~$50/moCloud + EU option

Visit site Privacy topics

Heap

Autocapture-heavy product analytics with retroactive event definition and behavioral cohorts.

From ~$200/moCloud + EU option

Visit site Privacy topics

Amplitude

Product intelligence platform spanning analytics, experimentation, and behavioral cohorts.

From ~$200/moCloud + EU option

Visit site

Plausible Analytics

Lightweight, privacy-first pageview analytics without cookies on the default embed.

From ~$50/moCloud + EU option

Visit site

Matomo

Open-source analytics with on-prem or cloud hosting and optional consent manager.

From ~$50/moCloud or self-hosted

Visit site

PostHog

Open-source product analytics, session replay, and feature flags in one developer-led stack.

FreeCloud or self-hosted

Visit site

All product names and trademarks are property of their respective owners. Lokker is not affiliated with or endorsed by any of the companies listed. Pricing and feature information is based on publicly available data and may change; verify with each vendor before purchasing.

Feature comparison

Capability comparison matrix

How each tool compares across the dimensions that matter most for product, engineering, and privacy teams.

Focus the matrix

Showing 5 of 8 tools. Add vendors as needed, or show the full table when you want every column.

3 tools are hidden from the focused table. The full text matrix below keeps every capability visible in the page source.

Scroll sideways if you choose more columns than fit your screen. Sticky capability labels stay visible

Capability	Google Analytics 4	Adobe Analytics	Mixpanel	Heap	Amplitude
Primary collection model	Client-side gtag or GTM; optional server-side via GA4 Measurement Protocol	SDK and beacon-based collection with enterprise data collection rules	Client SDKs and server-side APIs; event-first model	Autocapture SDK plus manual track APIs	Client SDKs, HTTP API, and server-side ingestion
Identity and profile stitching	User-ID, Google signals, and Ads-linked identity when consented	Experience Cloud ID Service and cross-device stitching options	Distinct ID merge rules and group analytics for B2B accounts	Heap Identify and merged user histories after login	User and group IDs with behavioral cohorts
Funnels, paths, and retention	Explorations, path analysis, and predictive audiences in GA4 UI	Advanced segmentation, fallout, and pathing in Analysis Workspace	Funnels, retention, and impact reports with signal properties	Retroactive funnels and paths from autocapture data	Journeys, retention, and compass for behavioral drivers
Consent and regulatory tooling	Consent Mode v2; regional and ads personalization signals	Consent extensions and Experience Platform Privacy Service integrations	Consent APIs and region-aware initialization patterns	Consent configuration to pause capture; partner CMP integrations	Consent preferences and EU data residency options
Server-side or first-party relay	Server-side GTM and Measurement Protocol for controlled forwarding	Server-side collection via Experience Platform Edge	Server SDKs and proxy patterns supported	Server-side APIs for non-web events; web still primarily client	HTTP API and warehouse import for hybrid pipelines
Warehouse and BI export	BigQuery export on GA360 or Analytics 360; standard GA4 export limits vary	Data feeds to cloud destinations and Customer Journey Analytics paths	Warehouse Sync and export APIs	Snowflake and managed export integrations on higher tiers	Amplitude CDP and warehouse export connectors
Mobile app SDK coverage	Firebase-linked GA4 app streams	Experience Platform Mobile SDK	iOS, Android, React Native, Flutter	iOS and Android SDKs with autocapture	Broad mobile and gaming SDK coverage
Real-time or near-real-time views	Near-real-time reporting with standard latency	Real-time reports and streaming triggers in enterprise setups	Live view for recent events	Live data feed on supported plans	Real-time monitors and alerts
Ads and remarketing integrations	Native Google Ads, DV360, and modeled conversions	Advertising Analytics and Experience Cloud destinations	Cohort sync to ad platforms via partners	Partner destinations for ads audiences	Recommendations integrations; cohort exports
Free tier or trial depth	Generous free tier with property and event limits	No meaningful free tier; enterprise sales	Free tier with monthly event caps	Free trial; paid plans for production scale	Free starter tier with monthly tracked users

Full text matrix for all tools

Primary collection model

Google Analytics 4: Client-side gtag or GTM; optional server-side via GA4 Measurement Protocol
Adobe Analytics: SDK and beacon-based collection with enterprise data collection rules
Mixpanel: Client SDKs and server-side APIs; event-first model
Heap: Autocapture SDK plus manual track APIs
Amplitude: Client SDKs, HTTP API, and server-side ingestion
Plausible Analytics: Lightweight first-party script; pageviews and outbound link clicks
Matomo: JavaScript tracker, log import, or mobile SDKs; self-hosted or cloud
PostHog: Client capture, server libraries, reverse proxy, and warehouse sync

Identity and profile stitching

Google Analytics 4: User-ID, Google signals, and Ads-linked identity when consented
Adobe Analytics: Experience Cloud ID Service and cross-device stitching options
Mixpanel: Distinct ID merge rules and group analytics for B2B accounts
Heap: Heap Identify and merged user histories after login
Amplitude: User and group IDs with behavioral cohorts
Plausible Analytics: No per-user profiles; aggregate and simple goal funnels
Matomo: User ID opt-in; configurable privacy settings for fingerprinting
PostHog: Person profiles with identify, groups, and feature flag targeting

Funnels, paths, and retention

Google Analytics 4: Explorations, path analysis, and predictive audiences in GA4 UI
Adobe Analytics: Advanced segmentation, fallout, and pathing in Analysis Workspace
Mixpanel: Funnels, retention, and impact reports with signal properties
Heap: Retroactive funnels and paths from autocapture data
Amplitude: Journeys, retention, and compass for behavioral drivers
Plausible Analytics: Funnels and goals on aggregate traffic
Matomo: Goals, funnels, cohorts, and custom dimensions
PostHog: Funnels, lifecycle, and correlation analysis

Consent and regulatory tooling

Google Analytics 4: Consent Mode v2; regional and ads personalization signals
Adobe Analytics: Consent extensions and Experience Platform Privacy Service integrations
Mixpanel: Consent APIs and region-aware initialization patterns
Heap: Consent configuration to pause capture; partner CMP integrations
Amplitude: Consent preferences and EU data residency options
Plausible Analytics: No personal data by default; lightweight consent banner guidance
Matomo: Optional consent manager; do-not-track and anonymization settings
PostHog: Initialization guards; self-hosted operators implement consent gates

Server-side or first-party relay

Google Analytics 4: Server-side GTM and Measurement Protocol for controlled forwarding
Adobe Analytics: Server-side collection via Experience Platform Edge
Mixpanel: Server SDKs and proxy patterns supported
Heap: Server-side APIs for non-web events; web still primarily client
Amplitude: HTTP API and warehouse import for hybrid pipelines
Plausible Analytics: First-party proxied script and EU-owned infrastructure
Matomo: Log analytics and server-side measurement without browser SDK
PostHog: Reverse proxy and self-hosted ingestion endpoints

Warehouse and BI export

Google Analytics 4: BigQuery export on GA360 or Analytics 360; standard GA4 export limits vary
Adobe Analytics: Data feeds to cloud destinations and Customer Journey Analytics paths
Mixpanel: Warehouse Sync and export APIs
Heap: Snowflake and managed export integrations on higher tiers
Amplitude: Amplitude CDP and warehouse export connectors
Plausible Analytics: Stats API and CSV export; no raw event warehouse by default
Matomo: Raw SQL, log export, and API access especially on self-hosted
PostHog: Postgres, S3, BigQuery, and batch export options

Mobile app SDK coverage

Google Analytics 4: Firebase-linked GA4 app streams
Adobe Analytics: Experience Platform Mobile SDK
Mixpanel: iOS, Android, React Native, Flutter
Heap: iOS and Android SDKs with autocapture
Amplitude: Broad mobile and gaming SDK coverage
Plausible Analytics: Web-focused; no native mobile SDK
Matomo: iOS and Android SDKs
PostHog: Mobile SDKs with session replay options on supported stacks

Real-time or near-real-time views

Google Analytics 4: Near-real-time reporting with standard latency
Adobe Analytics: Real-time reports and streaming triggers in enterprise setups
Mixpanel: Live view for recent events
Heap: Live data feed on supported plans
Amplitude: Real-time monitors and alerts
Plausible Analytics: Near-real-time dashboard
Matomo: Real-time map and dashboard widgets
PostHog: Live events stream in the product UI

Ads and remarketing integrations

Google Analytics 4: Native Google Ads, DV360, and modeled conversions
Adobe Analytics: Advertising Analytics and Experience Cloud destinations
Mixpanel: Cohort sync to ad platforms via partners
Heap: Partner destinations for ads audiences
Amplitude: Recommendations integrations; cohort exports
Plausible Analytics: No ad network remarketing; privacy positioning
Matomo: Optional Matomo Marketing Conversion Export with care
PostHog: No native ad network; focus on product data

Free tier or trial depth

Google Analytics 4: Generous free tier with property and event limits
Adobe Analytics: No meaningful free tier; enterprise sales
Mixpanel: Free tier with monthly event caps
Heap: Free trial; paid plans for production scale
Amplitude: Free starter tier with monthly tracked users
Plausible Analytics: Trial then paid SaaS; no long-term free cloud tier
Matomo: Self-hosted is free; cloud is paid
PostHog: Free cloud tier and unlimited self-hosted core features

Does your tool actually stop in reject and GPC states?

Lokker Consent Validator runs automated browser sessions across every consent state and confirms at the network layer whether tools in this category still send requests when they should not.

See Consent Validator Request a demo

Privacy and compliance

Privacy and compliance scorecard

The dimensions Lokker Privacy Edge evaluates when it detects web analytics tools on your properties. Use this scorecard alongside the capability matrix when making your vendor decision.

Yes

Partial

Unknown

Privacy dimension	Google Analytics 4	Adobe Analytics	Mixpanel	Heap	Plausible Analytics	Matomo	PostHog
Native Global Privacy Control handling	GA4 relies on Consent Mode and CMP gating; it does not natively read GPC as a stop signal.				Plausible avoids personal data collection by design; GPC is less central than for ad-tech pixels.	Operators can honor DNT or custom headers; not a turnkey GPC product feature.
HIPAA BAA available for covered deployments		Adobe can support regulated workloads on contracted offerings; confirm scope with Adobe for PHI contexts.	Business associate terms exist for eligible enterprise contracts; not default for standard SaaS.				HIPAA-eligible hosting is offered on specific PostHog enterprise plans.
EU data residency option	GA4 offers regionalization options depending on account type; validate mapping to your DPA.
IP address masking or truncation default	IP masking is configurable; defaults have evolved by region and product settings.				Plausible does not store raw IPs on the default cloud product.
Strong guardrails against PII in event payloads				Autocapture increases accidental PII capture risk unless privacy lists are maintained.
Published sub-processor list
Self-serve export and deletion workflows	User deletion tooling exists but is distributed across Google accounts and products.
Configurable event retention windows	GA4 retention windows exist but differ by property type and linked Google Ads usage.
Risk of silent third-party forwarding	Signals and Ads integrations can expand data flows beyond the analytics UI.				Fewer integrations reduces forwarding risk; still validate tag deployment.

Scores reflect publicly available product documentation as of 2026. Vendor capabilities change; verify current behavior with each vendor and through independent testing. "Partial" indicates the capability exists but requires non-default configuration, an additional plan tier, or has meaningful limitations.

Buyer guidance

How to choose the right tool for your context

Choosing among these web analytics tools depends on your industry, infrastructure, privacy posture, and budget. Use these decision guides to narrow your evaluation.

If you are standardized on Google Ads and GA4

GA4 plus Consent Mode v2 is the default stack for many marketing teams, but the privacy risk is in misconfiguration: pre-consent loads, modeled gaps, and linked Ads signals. Treat CMP rules and tag order as part of the analytics architecture.

Lokker note: Use Lokker Consent Validator to prove GA4 and related tags respect reject and GPC states on each property.

If you need EU hosting or self-hosting

Matomo self-hosted, PostHog self-hosted or EU cloud, Plausible EU cloud, and EU regions for Mixpanel, Heap, and Amplitude reduce transfer questions but do not replace consent for non-essential analytics.

Lokker note: Pair residency choices with Privacy Edge portfolio scans so US-only properties are not missed.

If you are product-led and event-heavy

Mixpanel, Heap, Amplitude, and PostHog excel at behavioral analytics. Autocapture speeds delivery but increases the chance that form fields or URLs leak sensitive attributes into event payloads.

Lokker note: Inventory blocked elements and deny lists continuously; Privacy Edge flags risky event properties in aggregate.

If you want minimal behavioral tracking

Plausible and tightly configured Matomo can reduce cookie use and profiling, but you still need a lawful basis and accurate marketing claims about what is collected.

Lokker note: Validate the deployed script matches the privacy policy with network-level evidence, not only vendor documentation.

If you operate healthcare or sensitive vertical pages

PHI should not flow to standard marketing analytics. When a BAA exists for a product analytics vendor, scope still matters: marketing pages, authenticated portals, and vendor subprocessors must be reviewed together.

Lokker note: Use Privacy Edge reason codes and Consent Validator evidence before relying on any analytics stack on patient-facing flows.

Privacy context

The privacy reality of web analytics

Analytics vendors rarely intend to collect health data, but URLs, search parameters, form field names, and identify calls routinely carry sensitive attributes. Regulators treat persistent identifiers and cross-site tracking as personal data even when you call the product anonymous. The compliance question is not only which vendor you pick, but whether the tag is absent when consent is absent.

Page URLs and query strings are not anonymous

Even without named fields, analytics beacons often transmit full URLs, campaign IDs, and fragments that encode diagnoses, locations, or account identifiers. That payload crosses to vendor infrastructure and subprocessors.

Identify and alias calls can create regulated profiles

Product analytics encourages stable user IDs and traits. When those traits include email, plan tier, or health-adjacent attributes, downstream exports to ads and email tools expand the compliance surface.

Cookies and local storage outlive the analytics UI

Client identifiers persist across sessions for frequency capping and cohort building. ITP and similar mechanisms change behavior, but they do not remove your obligation to gate non-essential storage behind consent.

Server-side forwarding does not automatically fix consent

Server-side GTM and Measurement Protocol can improve control, but if events are forwarded before consent resolves, you have only moved the violation closer to your origin.

Where Lokker fits

How Lokker helps no matter which analytics platform you choose

Lokker is not a web analytics replacement. It is privacy intelligence and enforcement that sits alongside GA4, Adobe, Mixpanel, Heap, Amplitude, Plausible, Matomo, or PostHog to prove what actually fires on your pages.

Privacy Edge: see every analytics beacon across the portfolio

Privacy Edge continuously scans properties and classifies analytics and advertising requests, including tag-manager-delivered beacons that never appear in a spreadsheet inventory.

See Privacy Edge

Consent Validator: prove reject and GPC states at the network layer

Consent Validator runs scripted sessions in each consent state and captures whether GA4, Adobe, or product analytics SDKs still initialize, set storage, or send events when they should not.

See Consent Validator

Guardian: block analytics calls when consent fails

Guardian enforces trust rules in the browser so misconfigured GTM or CMP rules cannot load analytics endpoints in unauthorized states.

See Guardian

Common questions

Web Analytics Tools: frequently asked questions

The most common questions from privacy teams, legal counsel, and buyers evaluating web analytics tools.

More comparison guides

Compare other MarTech categories

Session Replay Tools8 tools

Marketing Automation Platforms8 tools

Customer Data Platforms (CDPs)8 tools

Chat and Messaging Widget Platforms8 tools

Consent Management Platforms8 tools

A/B Testing and Experimentation Platforms8 tools

Tag Management Systems7 tools

View all comparison guides

Next step

Validate your web analytics tools deployment with Lokker

Lokker confirms that the tool you choose stops collecting data in reject and GPC states, surfaces any gaps in your CMP configuration, and enforces blocking at the network layer so a misconfigured consent banner cannot result in an unauthorized data collection event.

Request a demo See Privacy Edge