Cookie Scanner

Automatically detect and categorize cookies and scripts on your website using our headless browser scanner.

Overview

The Cookie Scanner crawls your website to discover all cookies, localStorage items, sessionStorage items, and external scripts. This information is essential for:

  • Building an accurate cookie declaration for GDPR compliance
  • Identifying which scripts need consent before loading
  • Detecting new cookies when your site changes
  • Categorizing cookies for your consent banner

The scanner performs a two-phase scan (pre-consent and post-consent) to detect cookies both before and after consent is given. This helps you identify cookies that are set without proper consent — a critical GDPR compliance issue.

Access the scanner from Cookie Management in your dashboard.

How It Works

The scanner uses a headless browser (Puppeteer) to visit your website just like a real user would, performing a two-phase scan to capture cookies before and after consent.

  1. Starts at your homepage – Loads your main URL and waits for the page to fully render
  2. Pre-consent scan – Records all cookies, localStorage, and sessionStorage items before any consent is given
  3. Finds consent banner – Automatically locates your cookie consent dialog using common selectors
  4. Clicks accept – Accepts cookies by clicking the banner's accept button
  5. Post-consent scan – Records new cookies that appear after consent is accepted
  6. Discovers internal pages – Finds links and scans up to 10 pages on your domain
  7. Auto-categorizes – Matches detected items against our database of known cookies and scripts
i
Scan Scope
Each scan analyzes up to 10 pages on your domain. The scanner follows internal links from your homepage to discover subpages automatically.

Running a Scan

  1. Go to Cookie Management in your dashboard
  2. Select the domain you want to scan from the dropdown
  3. Click "Scan Now"
  4. Wait for the scan to complete (typically 1-2 minutes)
i
Tip
For best results, run your first scan after installing the Cookient script on your website. This ensures all cookies and scripts are detected.

Scan Frequency

How often scans run depends on your plan:

  • Free – Every 2 weeks
  • Starter – Weekly automatic scans
  • Pro – Weekly automatic scans
  • Business – Weekly automatic scans

Manual scans are rate-limited to 1 per hour.

Scan Progress

During a scan, you'll see a 6-step progress indicator showing the current phase:

  1. Starting browser – Launching headless Chromium
  2. Loading page – Navigating to your homepage
  3. Pre-consent scan – Recording cookies before consent
  4. Looking for banner – Finding your consent dialog
  5. Post-consent scan – Recording cookies after accepting
  6. Finalizing – Saving results to database

A typical scan takes about 2 minutes to complete.

Scan Results

After a scan completes, you'll see detailed results about your website's cookie behavior before and after consent.

Banner Detection

Banner Found

The scanner successfully located and interacted with your consent banner. You'll also see which button was clicked to accept cookies.

No Banner Detected

The scanner couldn't find a consent banner. This could mean your banner isn't installed, uses non-standard selectors, or appears conditionally.

Pre vs Post Consent

The scan results show cookie counts for each phase:

Pre-consent cookies

Cookies detected before any consent was given. Non-essential cookies here may indicate a GDPR compliance issue.

Post-consent cookies

Cookies that appeared after accepting the consent banner. This is the expected behavior for analytics and marketing cookies.

!
GDPR Compliance
If you see analytics or marketing cookies in the "pre-consent" phase, this indicates those scripts are loading before the user has given consent — a potential GDPR violation. Use the script blocking feature to fix this.

Cookies Tab

The Cookies tab displays all detected storage items on your website.

Detected Item Types

HTTP Cookies

Traditional cookies set via Set-Cookie headers or document.cookie

localStorage

Persistent browser storage that survives page reloads and browser restarts

sessionStorage

Temporary storage cleared when the browser tab is closed

Cookie Details

Click on any cookie row to expand and see additional information:

  • Name – Cookie identifier
  • Domain – Which domain set the cookie
  • Expiration – When the cookie expires (or "Session")
  • Category – Functional, Analytics, Marketing, etc.
  • Vendor – The service that created the cookie (if known)
  • Description – What the cookie is used for
  • First Detected – When the cookie was first seen
  • Last Seen – Most recent scan that found this cookie

When Set Column

The "When Set" column shows when each cookie was detected during the scan:

Before Consent– Cookie was set before consent was given (potential GDPR issue)
After Consent– Cookie only appeared after accepting the banner (correct behavior)
Both– Cookie was detected in both phases
*
New Cookies
Cookies detected for the first time are marked with a "New" badge. Review these regularly to ensure proper categorization.

Scripts Tab

The Scripts tab shows all external JavaScript files loaded by your website. These are third-party scripts from domains other than your own.

Script Details

  • Script Domain – The third-party domain hosting the script
  • Full URL – Complete path to the script file
  • Category – What the script is used for
  • Vendor – The company/service (Google, Meta, Hotjar, etc.)
  • Blocked – Whether the script is blocked before consent

Protected Scripts

Scripts from cookient.app are marked asProtectedand cannot be blocked. These are essential for the consent banner to function correctly.

Auto-detected Vendors

Cookient automatically recognizes scripts from major services:

Google Analytics
Google Tag Manager
Meta Pixel
Hotjar
LinkedIn Insight
X (Twitter)
TikTok Pixel
Intercom
HubSpot
Microsoft Clarity

Categories

Cookies and scripts are organized into categories that determine when they can be loaded based on user consent.

Functional

Essential for basic website functionality. Always allowed, no consent required. Examples: session cookies, language preferences, shopping cart.

Personalization

Remember user preferences for a personalized experience. Examples: theme settings, display preferences, recently viewed items.

Analytics

Track website usage and visitor behavior for analytics purposes. Examples: Google Analytics, Hotjar, Microsoft Clarity.

Marketing

Used for advertising and retargeting across websites. Examples: Facebook Pixel, Google Ads, LinkedIn Insight Tag.

Security

Required for security and fraud prevention. Always allowed. Examples: CSRF tokens, bot detection, authentication state.

Uncategorized

Not yet classified. Review and assign to the appropriate category.

i
Changing Categories
You can change a cookie or script's category at any time using the dropdown in the table. Changes take effect immediately.

Auto-categorization

Cookient automatically categorizes many common cookies and scripts using our built-in database.

How It Works

  • Cookie names are matched against patterns in our database
  • Script URLs are analyzed to identify known services
  • Vendor information is added when recognized
  • Descriptions are pulled from our cookie knowledge base

Pattern Matching

Our database includes both exact matches and wildcard patterns:

Examples
# Exact match
_ga → Analytics (Google Analytics)

# Wildcard pattern
_gid* → Analytics (Google Analytics)
_fbp → Marketing (Meta Pixel)
*
Manual Review
Always review auto-categorized items, especially "Uncategorized" ones. Some cookies may need manual classification based on your specific use case.

Script Blocking

Control which scripts load before and after user consent.

How Blocking Works

  1. Before consent: Blocked scripts are prevented from loading
  2. User gives consent: Scripts matching accepted categories are restored
  3. Consent withdrawn: Scripts are blocked again on next page load

Default Blocking Rules

  • Analytics – Blocked by default
  • Marketing – Blocked by default
  • Personalization – Blocked by default
  • Functional – Never blocked
  • Security – Never blocked

Toggle Blocking

Use the toggle switch in the Scripts tab to enable or disable blocking for each script. The switch appears red when blocking is enabled.

!
Test After Changes
After changing script blocking settings, test your website to ensure everything works correctly both before and after consent is given.

Scan History

View past scans and their results at the bottom of the Cookie Management page. Click on any scan row to expand and see detailed information.

Scan Statuses

Completed– Scan finished successfully
Running– Scan in progress
Pending– Scan queued
Failed– Scan encountered an error

Expanded Details

Each completed scan shows:

  • Number of cookies found
  • Number of scripts found
  • Pages scanned
  • New cookies detected (compared to previous scan)
  • Timestamp
  • Pre-consent cookies – Count of cookies before consent
  • Post-consent cookies – Count of cookies after accepting
  • Banner status – Whether a consent banner was found
  • Button clicked – Text of the accept button (if banner was found)
*
Collapsible History
Click on any row in the scan history table to expand or collapse its details. This keeps the interface clean while still providing full scan information when needed.
← Banner EditorInstallation →