In this article we’ll dig deeper into the way the cookie scan works and how to interpret the findings of the cookie scan. We’ve also listed three useful tips to get the most accurate results out of the cookie scan.
How the cookie scan works
While scanning your site, Complianz will utilize your browser to view several pages of your site (in an invisible iFrame). It then lists all cookies placed on the first-party domain and scans these pages for known third-party scripts. For sites with a lot of pages and posts, the scan will process 5 pages per pageload while you are logged in as admin. This is done to minimize the impact on the webserver and to prevent long waiting times for us busy website developers :-).
Interpreting cookie scan results
After a short wait, Complianz will list the results of the cookie scan. You can use this list as a quick overview and confirmation that the scan has run successfully, we will get to a more detailed and understandable overview later on. In the next few steps, you will be asked about used third-party mechanics and statistics tools like Google Analytics or Matomo. The last step in the ‘Cookies’ section of the Complianz Wizard is ‘Used Cookies’. In this section, you can synchronize the results of your cookie scan, along with the selected third-party services to Cookiedatabase.org. After the sync has completed, your screen should look something like this:
1. Are there any cookies listed that are not used on the front-end?
After completing the sync with Cookiedatabase.org, Complianz will automatically grey out all cookies that are known to be irrelevant to front-end website visitors. For example, see the cookies placed by ‘WP Search Insights’ in the screenshot above. You can perform a double-check yourself by visiting your own website in an incognito window (so without logging in). After visiting some pages and performing actions that may place cookies, right-click -> inspect -> application and navigate to cookies, local storage, and session storage. See the example screenshot below.
2. Are there any cookies listed under ‘Unknown service’?
If the cookie scan found cookies that are not yet described by the Cookiedatabase.org community, they will be listed under ‘Unknown service’. If you have confirmed that these cookies are actually used on the front-end of your site, you can start describing these cookies by clicking on the cookie name and uncheck ‘Sync cookie info with Cookiedatabase.org’. You can now add information to this cookie. If you need any help with this, feel free to reach out to our support team.
3. Do all cookies contain completed descriptions?
Complianz will display a red cross behind all cookies with incomplete descriptions. If needed, you can add information as described in the above paragraph.
4. Does your website use any third-party services that are not detected?
Some services installed on your website may place or access cookies outside of your domain. Complianz detects most of these services because we know the scripts that place these cookies. If you are using any marketing, tracking or advertising tools via your WordPress website, it may be wise to check if Complianz listed all detected cookies. You can confirm this as described above, by visiting the front-end of your website and clicking inspect -> Application -> Cookies. The difference is that you will also see other domains listed under Cookies if there are any services that place cookies outside of the own (first-party domain). If needed you can manually add the cookies of these third party services.
Tips to get accurate results with the cookie scan
If you feel that the cookie scan is either reporting fewer cookies than expected or a lot of cookies from plugins that are no longer used by your site, you can follow these three tips to improve the results of your cookie scan:
1. Temporarily disable any adblockers or do-not-track settings in your browser
Because the cookie scan runs in your browser, you don’t want adblockers to prevent cookies from being placed in your browser.
2. Clear cookies in your browser
The cookie scan will report all cookies that are placed in your browser. So if there are still cookies in your browser from services or plugins that are no longer used, it is possible that these get reported in the cookie scan. You can clear all cookies from your browser, or just clear cookies from your domain.
3. Don’t have multiple cookie banner plugins activated
Having multiple cookie banner plugins activated at the same time can interfere with the cookie scan. So also if you are just experimenting with Complianz as an alternative for inferior plugins ;-), disable them when performing the cookie scan, because these plugins can prevent cookies from being placed in your browser.
If you have followed these tips but still have questions about the cookie scan, feel free to reach out to our support team. We’re happy to help!