Cookie Scanner
Header-based cookie review guide for GDPR Article 7 and ePrivacy review
What is Cookie Scanner?
The Cookie Scanner analyzes response headers and first-load website signals to detect visible cookies and suggest categories, giving teams a documented starting point for GDPR Article 7 and ePrivacy Directive reviews.
CCO/CPO Value: Surface first-pass cookie findings, review likely categories, and export audit-ready documentation faster than a fully manual review.
GDPR Article 7 Requirements for Cookies
7(1) Proof of Consent
You must be able to demonstrate that consent was obtained. Our scanner helps you document likely consent-relevant cookies; consent records still need to come from your banner or CMP.
7(2) Clear Request
Consent must be presented in plain language, distinguishable from other matters. Scanner output helps you review likely cookie purposes before publishing banner copy.
7(3) Easy Withdrawal
Withdrawal must be as easy as giving consent. Our system provides preference center for one-click withdrawal.
7(4) No Bundling
Don't condition service on unnecessary data processing. Scanner identifies which cookies are truly necessary vs. optional.
Cookie Categories (Suggested Classification)
The scanner suggests categories using header analysis and common naming patterns:
Necessary (No Consent Required)
Essential for website functionality - these can be set without consent.
sessioncsrfxsrfauthtokenFunctional (Consent Recommended)
Enhance user experience but not essential - consent recommended.
langlanguagelocaletimezonepreferencesAnalytics (Consent Required)
Track user behavior for insights - explicit consent required.
_ga_gid_gat__utm*amplitudeMarketing (Consent Required - High Risk)
Used for targeted advertising - explicit opt-in consent required before setting.
_fbp_fbc_gcl_*IDEfrQuick Start Guide (5 Steps)
- 1Navigate to Cookie Scanner
Open the Cookie Scanner workspace if it is enabled for your design-partner account. - 2Enter Website URL
Enter the full URL of the website you want to scan (e.g., https://example.com) - 3Run Scan
Click "Scan Website" to collect first-pass cookie findings and suggested categories for review - 4Review Results
Review suggested categories, likely third-party indicators, and operator guidance before you update your consent records. - 5Export Report
Download CSV report for audit documentation and consent banner configuration
Understanding Scan Results
Total Cookies
Total number of cookies detected in response headers and first-load signals.
Third-Party Cookies
Cookies set by external domains - higher compliance risk, explicit consent required.
Categories Found
Number of unique categories (necessary, functional, analytics, marketing).
Recommendations
Compliance recommendations based on detected cookies and GDPR requirements.
CSV Export Format
Exported CSV contains the following columns for audit documentation:
| Column | Description |
|---|---|
| name | Cookie name |
| category | Auto-detected category |
| isThirdParty | true/false |
| domain | Cookie domain |
| expires | Expiration date |
| secure | Secure flag status |
| httpOnly | HttpOnly flag status |
| scannedAt | Scan timestamp |