Cookie scan help

  • Resolved AlexGraphicD

    (@alexgraphicd)


    7 months, 3 weeks ago

    Which tool do you suggest using to automatically scan the cookies on a website? I tried multiple online tools and each one showed different results so I’m confused which one I should choose.

Viewing 10 replies - 1 through 10 (of 10 total)

  • I have used this one last time:
    https://www.cookieserve.com/

    Thread Starter AlexGraphicD

    (@alexgraphicd)

    Yes and if you try other tools they will give you different results. Your link didn’t find any cookies on the website url I entered, but ‘cookie-script.com’ found 3.

    • This reply was modified 7 months, 3 weeks ago by AlexGraphicD.
    Plugin Author pressidium

    (@pressidium)

    Hey, @alexgraphicd!

    We haven’t had the chance to test automated cookie scanning tools, so I’m afraid we’re unable to suggest any at the moment.

    I’ll mark this as resolved, since it’s a bit out the plugin’s current scope. However, you’re welcome to discuss potential cookie scanning tools that may work for you.

    If you come across any other issues, feel free to create a new topic or open an issue on GitHub.

    Thread Starter AlexGraphicD

    (@alexgraphicd)

    that’s a disappointing reply. your plugin can be the best on what it does but if it doesn’t help us identify cookies accurately or at least suggest a 3rd party tool, then it is pretty much not usable.

    To be honest if you want to be most thorough you can simply use chrome built-in tool from DevTools: F12 -> Application > Cookies > Domain; just be sure to open it in Incognito mode, so all the cookies will be loaded properly.

    It’s more “technical” way of doing it but this way you won’t miss any cookies, that some random scanning tool would miss.

    From what i know Firefox and Safari have those too.

    There is no way to “scan” the cookies your application might set to clients. Imagine a situation where your application sets 2 cookies for visitors from US while the scanning tool runs from Europe, or a cookie that is set when an order is made. You need to either *know* the full codebase and what might be set based on different criteria, or write code to record all your responses with set-cookie involved to identify the cookies you might set.

    No external “cookie scanning” tool can ever be 100% correct.

    Thread Starter AlexGraphicD

    (@alexgraphicd)

    “There is no way to “scan” the cookies your application might set to clients.?“

    Complianz does this. So, say I detect the cookies manually, how the heck do I know which way to categorize them in Pressidium settings? Necessary, Analytics, Preferences etc.

    Thread Starter AlexGraphicD

    (@alexgraphicd)

    By the way is there a proper documentation for this plugin? What is the ‘Regex’ toggle option in settings? One of the most hard plugins to setup.

    Complianz does this. So, say I detect the cookies manually, how the heck do I know which way to categorize them in Pressidium settings? Necessary, Analytics, Preferences etc.

    As many others, but most of them needs to connect to external tool and still messes up the scanning, identify them properly or even have proper translations – i.e. there’s no 100% perfect scanning tool, it’s just not how it works.

    In my humble opinion you have two options:
    1. Switch to other plugin, like Complianz or CookieYes – the latter have 25k max views for free(the most among plugins that offer cookie management for free with scanning tools, and everything “almost” automated), with that you will have less headaches, i mean it.
    2. Open browser devtools just like i mentioned and confront list of available cookies with scanners you have tried, then categorize them and translate if needed – the one i have provided gives categories and translations afaik.

    By the way is there a proper documentation for this plugin?

    https://github.com/pressidium/pressidium-cookie-consent/wiki/Configuration

    What is the ‘Regex’ toggle option in settings?

    Regular expression. It’s for patterns in url’s. Check the “blocked script” section in wiki for more info.

    One of the most hard plugins to setup.

    From my understanding Pressidium is more like platform for people, who prefer to manage those things manually – it’s not for everyone and have it’s own problems, but it’s 100% free and works as cookie management system.

    Hope it helps.

    Plugin Author pressidium

    (@pressidium)

    Hey, @alexgraphicd!

    There is no way to “scan” the cookies your application might set to clients […]

    You need to either know the full codebase […]

    No external “cookie scanning” tool can ever be 100% correct.

    still messes up the scanning, identify them properly or even have proper translations – i.e. there’s no 100% perfect scanning tool, it’s just not how it works.

    As both @ianap and @nikodemsky correctly pointed out, no external tool can ever be 100% accurate. Though, there are tools available that can identify the majority of, if not all, cookies for some websites — their effectiveness may vary depending on the specific website in question.

    it doesn’t help us identify cookies accurately

    We recognize the potential benefits of a cookie scanning mechanism and we’ll explore implementing our own in a future iteration. For now, you could use your browser’s DevTools to manually list cookies.

    or at least suggest a 3rd party tool

    Given our limited exposure to third-party automated cookie scanning tools, we’re unable to provide a specific recommendation.

    how the heck do I know which way to categorize them in Pressidium settings? Necessary, Analytics, Preferences etc.

    For cookies set by the developer of the website through their code, they’re likely familiar with their intended purpose and the appropriate category they belong to.

    For cookies set by third-party plugins and/or services, you could consult their documentation (e.g. WooCommerce maintains a dedicated page on its docs about its cookies), or search online for the cookie name to gather relevant information.

    There are many cookie collections online that cover the most commonly used services like Google Analytics, Facebook Pixel, etc., which can assist in identifying the cookies they set.

    By the way is there a proper documentation for this plugin?

    Sure! Take a look at the wiki at https://github.com/pressidium/pressidium-cookie-consent/wiki.

    What is the ‘Regex’ toggle option in settings?

    Check out the “Cookies” and “Blocked Scripts” sections, under the “Configuration” page of the wiki:

    From the plugin’s documentation:

    Note that the cookie names can be either exact matches or regular expressions (if you select the “Is Regex?” toggle).

    You could also use a regular expression. For example, to block any script on the *.google-analytics.com domain, you could use:

    ^(?:https?:)?\/\/(?:www\.)?google-analytics\.com

    Regular expressions are strings of characters used to define a match pattern. Writing a pattern allows you to match multiple cookies and/or script URLs, which can be quite helpful. However, they do require a certain level of technical expertise, and if you’re not comfortable with them, you don’t have to use them.

    Note that regex101 is a great resource to test and understand your regular expressions.

    I hope that answered your questions. If there’s anything else you’d like to know, feel free to create a new topic or open an issue on GitHub.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Cookie scan help’ is closed to new replies.