Who offers free website scanning services

Cookie checker: which cookies does my website set?

Since the GDPR came into force and some rulings by the European Court of Justice and the Federal Court of Justice, it has been clear that websites are generally only allowed to set cookies if they have the express consent (“opt-in”) of the user. A mere cookie notice ("We use cookies - OK") is not sufficient, and the option of subsequently removing the cookies ("opt-out") is not sufficient.

There are now a number of consent management tools with which it is relatively easy and without great technical effort to block cookies and to document and manage the decisions of the users (consent as well as rejection).

Nevertheless, it is important for the operator of a website to know which cookies (e.g. also by external services such as Google Analytics or YouTube) are set. And of course you need to know whether all cookies are really being reliably blocked before the users give their consent.

Maybe interesting too How high is the acceptance rate for cookies?

Limitations of the cookie checker

However, please note the following restrictions of the variants described here:

  • The statements made by all tools and checks only ever apply to the directly requested page - not necessarily for your entire website. Especially special pages that integrate external services (e.g. Google Maps or social widgets from Facebook) may try to set other cookies again.
  • The tools are not a substitute for reliable technical and legal advice. The result of the analyzes can be or be ambiguous - for example, it is definitely a matter of interpretation which cookies are exactly essential or technically necessary.

In any case, take this as an indication of what still needs to be done. Let experts check it again - technically and legally!

You can use these tools to check cookies

There are individual free tools that you can use to check whether your site is already setting cookies before users give their consent - and which ones.

Cookiemetrix

After entering a URL (up to ten entries can be made per day free of charge), the cookie checker tool Cookiemetrix first provides a rough assessment based on a traffic light system, which is divided into three central criteria:

  • Banners Found: Is there a cookie banner and does it make a full impression?
  • Third-party domains: If cookies or scripts from other domains are integrated (typically YouTube, Facebook, etc.)
  • Stored Cookies: Are cookies set (before an explicit consent, which of course the bot sent by Cookiemetrix does not give)?

Depending on how well the page scores in these criteria, the traffic light is green, yellow / orange or red.

Below a very short overall assessment, there is further information in four tabs that specify the details of the traffic lights more precisely: which cookies were found etc.

Cookieserve

At Cookieserve, access is somewhat more technical and limited to the core competence of cookies. For a specific URL, the page essentially only displays which cookies are specifically set and which information is available about these cookies.

Cookieserve is completely reluctant to evaluate the result, making it all the more clear that this assessment can only be made really reliably by experts.

CCM19 cookie scanner

The cookie scanner from CCM19 (also a company that offers a "Cookie Consent Manager") does not offer a detailed assessment of the scan result, but tries to classify any cookies that may have been set into broad categories:

  • technically necessary,
  • Ads,
  • Analytics,
  • Personalization and
  • Statistics.

This should make it easier to evaluate the importance of the various cookies.

Here, too, the result of the scan can only be the starting point for a more detailed analysis.

Cookie display of the browser

Most browsers now make it relatively easy to find out about the cookies that a particular page sets. This way, too, can be used to gain a rough overview of the existing cookies. The above-mentioned restrictions still apply, of course, and there is also the risk of your own operating errors. Such a review should therefore always be supplemented by an analysis by an expert.

Good instructions for the most common browsers (Chrome, Firefox and Safari) can be found here on the website of the CMP provider CookieYes.

Other cookie checker tools

Some CMP providers offer their own cookie checks (e.g. Cookiepro, Cookiebot or consentmanager.de), but these providers ask for your e-mail address for the service - of course, with the proviso that they can send you advertising for your respective solution.

We advise against: browser plugins

There are a number of browser plugins that also promise to check cookies and query external services. However, many of these cookie checker plugins are criticized because they keep collecting and tapping data - or at least it is not entirely clear what the plugin does with the information it accesses. (However, this is a problem that many browser plugins have - caution is required here.)

Opt-in optimization Make cookie banners better

Finally: a little GDPR support

As with cookies, there is always confusion about which external services can be integrated into your own website in compliance with data protection regulations. In fact, the topic has not only become very complex because of the GDPR, but the legal situation makes the legally clean integration much more urgent.

The service provider Avalex, specializing in legal texts for online offers, offers a non-exhaustive, but very long list of web services and always supplements it with a legally sound assessment of whether the service can be properly integrated into your own website in accordance with data protection law.

Conclusion

At first glance, the regulations on cookies and GDPR may seem like an impenetrable jungle of legal measures. With the cookie checker tools mentioned, you can gain an initial overview and identify where action is required. However, it is always advisable to consult an expert in order to be on the legally safe side.