Paste a GTM install snippet, a bare GTM-XXXX ID, Search Console meta tags, or any HTML. The script extracts IDs and URLs, then fetches public gtm.js to list embedded https:// strings (common way to spot third-party endpoints in the loader).
Security note: This is a rough static analysis. Malicious or custom tags may load without obvious URL strings here. Use GTM Preview + browser DevTools Network + your GTM workspace audit for real assurance.