Cookie Scanner

Overview

The Cookie Scanner automatically detects, categorizes, and analyzes all cookies on your website, providing a comprehensive inventory and risk assessment for compliance purposes.

How It Works

Scanning Process

1. Page Load Detection

– Monitors all HTTP requests
– Captures Set-Cookie headers
– Tracks JavaScript cookie setting
– Identifies third-party cookies

2. Cookie Analysis

– Parses cookie attributes
– Extracts metadata
– Classifies by category
– Assesses compliance risk

3. Database Storage

– Stores in local database
– Links to consent records
– Tracks changes over time
– Generates reports

Cookie Categories


Essential Cookies


Purpose: Required for website functionality

Examples:

• Session management
• Security tokens
• CSRF protection
• Load balancing
• Authentication cookies

Compliance: Always allowed, no consent needed

Analytics & Performance


Purpose: Website analytics and performance monitoring

Examples:

• Google Analytics (ga, gid)
• Hotjar tracking
• Performance monitoring
• Error tracking
• User journey analysis

Compliance: Requires user consent in GDPR

Marketing & Advertising


Purpose: Targeted advertising and retargeting

Examples:

• Facebook Pixel
• Google Ads conversion
• Retargeting pixels
• Affiliate tracking
• Social media widgets

Compliance: Requires explicit consent

Functional & Preferences


Purpose: Enhance user experience and preferences

Examples:

• Language selection
• Theme preferences
• Shopping cart contents
• Form auto-fill
• User customizations

Compliance: Requires consent, can be essential

Social Media


Purpose: Social media integration and sharing

Examples:

• Facebook Like button
• Twitter widgets
• LinkedIn share buttons
• Instagram embeds
• YouTube cookies

Compliance: Requires consent for tracking

Risk Assessment


High Risk Cookies


Criteria:

• Third-party tracking
• Cross-site tracking
• Personal data collection
• Long retention periods
• No legitimate interest

Examples:

• Advertising pixels
• Analytics without consent
• Social tracking cookies
• Fingerprinting scripts

Medium Risk Cookies


Criteria:

• First-party analytics
• Functional but not essential
• Moderate retention
• Limited data collection

Examples:

• Performance monitoring
• User preference cookies
• A/B testing cookies

Low Risk Cookies


Criteria:

• Essential functionality
• Short retention
• No personal data
• First-party only

Examples:

• Session cookies
• CSRF tokens
• Load balancer cookies

Scanning Methods


Automatic Scanning


Real-time Detection:

• Monitors all page loads
• Captures network requests
• JavaScript cookie API
• Browser developer tools API

Scheduled Scans:

• Daily/weekly automated scans
• Full site crawling
• Cookie inventory updates
• Change detection

Manual Scanning


On-Demand Scans:

• Single page analysis
• Custom URL scanning
• Deep cookie inspection
• Manual categorization

Integration Scans:

• WordPress plugin detection
• Theme cookie analysis
• External service identification

Cookie Database


Local Storage


Database Tables:

• slos_cookies – Cookie inventory
• sloscookiescans – Scan history
• sloscookiecategories – Category definitions
• sloscookieconsent – Consent mappings

Data Structure:

• Cookie name and domain
• Category classification
• Risk level assessment
• Detection timestamp
• Consent requirements

Cloud Integration


Optional Enhancement:

• Matches against known databases
• Identifies cookie purposes
• Updates cookie definitions
• Provides vendor information

Benefits:

• Automated categorization
• Vendor compliance info
• Updated cookie knowledge
• Industry standard matching

Reporting & Export


Cookie Inventory Report


Contents:

• Complete cookie list
• Category breakdown
• Risk assessment
• Consent status
• Vendor information

Formats:

• PDF export
• CSV download
• JSON API
• HTML dashboard

Compliance Reports


GDPR Compliance:

• Consent-required cookies
• Legitimate interest assessment
• Data processing inventory
• User rights compliance

CCPA Compliance:

• Personal information collection
• Opt-out mechanisms
• Data sharing disclosures
• Consumer rights support

Cookie Management


Blocking Non-Essential Cookies


Before Consent:

• Block all non-essential cookies
• Show consent banner
• Queue cookie settings
• Apply after consent

Consent-Based Loading:

• Load based on user preferences
• Category-specific blocking
• Dynamic cookie management
• Withdrawal handling

Cookie Cleanup


Expired Cookies:

• Automatic cleanup
• Retention policy enforcement
• Database optimization
• Privacy compliance

Orphaned Cookies:

• Detect unused cookies
• Remove from inventory
• Update consent mappings
• Clean database records

Integration Features


Consent Management Integration


Automatic Mapping:

• Links cookies to consent categories
• Updates based on user choices
• Blocks non-consented cookies
• Tracks consent changes

Dynamic Consent:

• Real-time cookie blocking
• Consent withdrawal handling
• Preference updates
• Audit trail maintenance

Analytics Integration


Cookie Tracking:

• Monitor cookie usage
• Track consent patterns
• Analyze cookie impact
• Performance metrics

Reporting Events:

• Cookie scan completion
• New cookie detection
• Category changes
• Risk level updates

Performance Considerations


Scanning Impact


Resource Usage:

• Minimal CPU overhead
• Database optimization
• Efficient scanning algorithms
• Background processing

Page Load Impact:

• Asynchronous scanning
• Non-blocking execution
• Optimized JavaScript
• Lazy loading

Optimization Techniques


Smart Scanning:

• Incremental updates
• Change detection
• Prioritized scanning
• Resource limits

Caching Strategies:

• Cookie definition caching
• Scan result caching
• Database query optimization
• CDN-friendly

Security Features


Data Protection


Local Storage:

• All data stored locally
• No external transmission
• Encrypted database storage
• Access controls

Privacy Compliance:

• No personal data collection
• Cookie metadata only
• Anonymized reporting
• Audit trail security

Access Controls


Admin Permissions:

• Scan execution rights
• Report access controls
• Configuration permissions
• Audit log access

Data Security:

• Database encryption
• Secure API endpoints
• Input validation
• XSS protection

Troubleshooting


Scanning Issues


Cookies Not Detected:

• Check JavaScript execution
• Verify network monitoring
• Test on different pages
• Review browser compatibility

Incorrect Categorization:

• Manual category override
• Update cookie definitions
• Cloud database sync
• Custom rule creation

Performance Problems


Slow Scanning:

• Reduce scan frequency
• Limit page depth
• Optimize database queries
• Check server resources

High Resource Usage:

• Background processing
• Resource limits
• Scan scheduling
• Performance monitoring

Integration Issues


Consent Not Working:

• Check cookie blocking logic
• Verify consent storage
• Test cookie setting
• Review JavaScript errors

Analytics Not Tracking:

• Confirm event firing
• Check cookie consent status
• Verify analytics configuration
• Test event transmission

Best Practices


Scanning Strategy


• Regular Scans: Weekly automated scans
• Change Monitoring: Detect new cookies quickly
• Manual Reviews: Periodic manual verification
• Update Definitions: Keep cookie database current

Compliance Management


• Clear Categories: Well-defined cookie categories
• Transparent Communication: Clear cookie explanations
• User Control: Easy consent management
• Regular Audits: Compliance verification

Performance Optimization


• Efficient Scanning: Smart detection algorithms
• Resource Management: Background processing
• Caching: Result and definition caching
• Monitoring: Performance tracking

API Integration


REST API Endpoints


Cookie Scanning:
`
GET /wp-json/slos/v1/cookies/scan
POST /wp-json/slos/v1/cookies/scan
GET /wp-json/slos/v1/cookies/inventory
`

Cookie Management:
`
GET /wp-json/slos/v1/cookies/categories
POST /wp-json/slos/v1/cookies/categorize
DELETE /wp-json/slos/v1/cookies/{id}
`

Webhook Support


Scan Events:

• Scan started
• Scan completed
• New cookies detected
• Risk level changes

Integration Examples:

• Slack notifications
• Email alerts
• External systems
• Compliance dashboards

Related Documentation


• Consent Management Overview
• Cookie Banner Templates
• Consent Tracking
• Configuration Guide
• REST API Documentation