Cookie Scanning

Automatically detect and categorize cookies on your website with CookieFrame's scanning feature.

CookieFrame's cookie scanning feature automatically crawls your website to detect cookies, localStorage, and sessionStorage items. This helps you maintain an accurate cookie disclosure and ensures your consent banner reflects what's actually on your site.

Starting a Scan

Go to your domain in the CookieFrame dashboard
Click Scan Cookies or navigate to Cookies → Run Scan
Configure scan options (optional)
Click Start Scan

[SCREENSHOT PLACEHOLDER: Scan configuration modal]

The scan runs in the background. You'll receive an email notification when it completes.

What Gets Detected

The scanner detects three types of browser storage:

Storage Type	Detection Method
HTTP Cookies	Network response headers + client-side `document.cookie`
localStorage	JavaScript API inspection
sessionStorage	JavaScript API inspection

The scanner does not currently detect IndexedDB, Service Worker caches, or browser fingerprinting techniques. These may be added in future updates.

Detected cookies are automatically categorized:

Category	Description	User Choice
Necessary	Essential for site functionality (login, cart, security)	Always enabled
Analytics	Usage statistics and performance monitoring	Optional
Marketing	Advertising, retargeting, and tracking	Optional
Preferences	User settings like language or theme	Optional
Uncategorized	Unknown cookies pending review	Optional

How Categorization Works

CookieFrame uses a multi-layer approach to categorize cookies:

Known Cookie Database - Matches against 50+ patterns from major vendors (Google, Meta, HubSpot, Microsoft, etc.)
Heuristic Classification - 7-layer analysis examines cookie names, domains, values, and expiration to assign a category with confidence scoring

Always review uncategorized cookies manually. Incorrect categorization can lead to compliance issues.

Scan Configuration

Fine-tune how the scanner crawls your site:

Setting	Description	Default
Max Pages	Maximum pages to scan (plan-limited)	50
Max Depth	How many links deep to crawl	3
Include Subdomains	Scan subdomains (e.g., blog.example.com)	Off
Exclude Patterns	URL patterns to skip (comma-separated)	—
Entry URL	Starting page for the scan	Homepage
Wait Time	Milliseconds to wait for JavaScript	3000

Exclude Patterns

Skip URLs matching specific patterns:

/admin/*
/api/*
*.pdf
/checkout/*

This is useful for excluding authenticated areas, API endpoints, or large file downloads.

Understanding Results

After a scan completes, you'll see a summary:

[SCREENSHOT PLACEHOLDER: Scan results summary]

Summary Metrics

Pages Scanned - Successfully analyzed pages
Total Pages Found - All discovered URLs (may exceed max pages)
Cookies Found - Total unique cookies
localStorage Items - Client-side storage entries
sessionStorage Items - Session-specific storage entries

Change Detection

The scanner tracks changes between scans:

Status	Meaning
New	Cookie appeared since last scan
Updated	Cookie properties changed (expiration, value pattern, etc.)
Removed	Cookie no longer detected

Technologies Detected

The scanner identifies common third-party services and their cookies:

Google Analytics / GA4
Google Ads / AdSense
Meta Pixel (Facebook)
HubSpot
Hotjar
And many more

Per-Page Breakdown

View which cookies appear on each scanned page:

Go to Cookies → Scan Results
Click on any scan
Select Pages tab

This helps identify pages with excessive tracking or unexpected cookies.

Scan Statuses

Status	Description
Pending	Scan queued, waiting to start
Running	Scan in progress
Completed	Scan finished successfully
Completed with Errors	Scan finished but some pages failed
Failed	Scan could not complete
Cancelled	Scan manually stopped

Automated Scanning (Pro)

Pro plans include scheduled scans to keep your cookie list current:

Schedule	Description
Weekly	Scans every 7 days
Monthly	Scans on the 1st of each month

Enable automated scanning in Settings → Scanning.

Automated scans run during off-peak hours to minimize impact on your site. Results are emailed to your account email.

Managing Detected Cookies

After scanning, review and manage your cookies:

Edit Category

Go to Cookies
Click on any cookie
Select the correct category from the dropdown
Click Save

Add Description

Provide a user-friendly description for your privacy policy and consent banner:

Click on the cookie
Enter a description explaining what it does
Click Save

Remove cookies that are no longer present or were false positives:

Click on the cookie
Click Delete

Deleting a cookie from CookieFrame doesn't remove it from your website. You need to remove the source code or service that sets the cookie.

Troubleshooting

Scan Shows Zero Cookies

Check if site is accessible - The scanner needs public access to your site
Verify JavaScript loads - Increase wait time if cookies are set by JavaScript
Check robots.txt - Ensure the scanner isn't blocked

Scan Takes Too Long

Reduce max pages - Start with 20-30 pages
Reduce depth - Use depth 2 instead of 3
Add exclude patterns - Skip large areas like archives or search results

Missing Expected Cookies

Cookies may require interaction - The scanner doesn't fill forms or click buttons
Login-protected cookies - The scanner can't access authenticated areas
Conditional cookies - Some cookies only set on specific user actions

Scan Fails

Site unreachable - Verify your domain is publicly accessible
Timeout - Your site may be too slow; try during off-peak hours
SSL errors - Ensure your SSL certificate is valid

Best Practices

Scan after changes - Run a scan after adding new third-party services
Review uncategorized - Don't leave cookies as "uncategorized" in production
Document custom cookies - Add descriptions for first-party cookies
Regular scans - Enable automated scanning to catch new cookies
Test environments - Scan staging before production to catch issues early

Next Steps

Consent Banner Design - Customize your banner appearance
Compliance Frameworks - Configure GDPR, CCPA, or TCF
TCF Vendors - Manage IAB TCF vendor consent

On this page