Cookie Discovery

How the Cookiewise scanner detects and inventories cookies on your website.

How Scanning Works

Cookiewise uses a headless Chromium browser (Puppeteer) to visit your website exactly as a real user would. During the scan, it:

1. Loads your homepage and captures all cookies set on page load
2. Crawls internal links - up to 10 pages per scan - to discover cookies set on subpages
3. Intercepts HTTP responses to capture Set-Cookie headers from servers
4. Monitors JavaScript to detect cookies set via document.cookie
5. Identifies third-party domains - any cookie not from your root domain is flagged as third-party

Starting a Scan

1. Navigate to Cookie Scanner
2. Select the website to scan
3. Choose the number of pages to scan (1-10)
4. Click Start Scan

Scans typically complete in 30-90 seconds depending on page count and site complexity.

What Gets Detected

Cookie Details Captured

For each cookie discovered, the scanner records:

• Name - The cookie identifier
• Domain - Which domain set it
• Path - The URL path scope
• Expiration - Session or persistent (with exact expiry date)
• Secure flag - Whether it requires HTTPS
• HttpOnly flag - Whether JavaScript can access it
• SameSite attribute - Cross-site behaviour (Strict, Lax, None)
• Category - Auto-assigned based on our categorization engine

Re-scanning

Your website changes over time - new plugins, updated tracking codes, new third-party integrations. We recommend:

• Monthly scans for actively developed sites
• After every deployment if you add new tracking or analytics tools
• Quarterly at minimum for stable sites

Each new scan updates your cookie inventory. Cookies that no longer appear are marked inactive, while new cookies are flagged for review.