Cookie law continues to evolve around the world. Just look at the recent developments in Turkey and Germany. n Turkey, the Turkish Data Protection Authority published its Draft Guidelines on Cookies on January 11, 2022. These draft guidelines offer a good snapshot of where Turkey is headed in terms of cookie regulation. Meanwhile, Germany’s DSK proceedings on its New Cookie Guidance are also picking up speed. We have already seen how CNIL’s cookie guidelines impacted many websites. A lot of big techs were fined for violating cookie rules.

Read what constitutes the CNIL’s guidelines and recommendations on cookies here.

Cookies are everywhere. They’re used by websites to keep track of visitors, keep their preferences, and display personalized ads. But they’re also part of data privacy regulation since some of them collect and share visitors’ personal data with third parties. Cookie law by authorities like CNIL observed that many websites still do not comply with the regulatory norms for cookies.

Try CookieYes’ cookie consent manager to comply with major cookie laws around the world, including GDPR, CCPA, CNIL, ePrivacy Directive, and Italy Garante.

  • Customizable cookie banner templates for GDPR & CCPA (can be used for other major laws)
  • Cookie opt-in and opt-out choices for users
  • Full, scheduled scanner for regular cookie auditing
  • Third-party cookie auto-blocking before user consent
  • Geo-targeted cookie banner for the EU, UK, and US
  • Consent withdraw widget
  • Cookie consent logging
  • Auto-translation to 30+ languages
  • Free privacy and cookie policy generators
  • Easy integration with any CMS
  • Multiple domains under one account
  • All subdomains share one subscription

We will cover the importance of cookie audit and how to perform a cookie audit of your website.

What is a cookie audit?

A cookie audit is the process of evaluating the effectiveness of your website’s use of cookies. It helps you to understand how your site uses cookies, what information they collect, how long they keep it for and whether they are storing any sensitive data. It also provides information about how long visitors stay on your site, where they came from and what pages they visited. This enables you to make improvements to your site based on this information.

A cookie audit is an essential part of maintaining good privacy practices and ensuring cookie compliance with relevant laws and regulations. It can also help you avoid problems such as unwanted tracking or law violations.

Cookie auditing can be done manually as well using auditing tools. We will discuss how to effectively conduct a cookie auditing in detail next.

What are cookies and how do they work?

A cookie is a text file containing small pieces of data that a website generates and stores on the users’ device through the web browser. It is largely used for remembering user information and tracking the users’ browsing activities. In a broad sense, the cookies are used to improve the browsing experience and help the website function.

When you visit a website, the browser sends a request to the site server to access the page. The server generates a unique ID or value and sends the cookies with it. The browser stores the cookies on the user device locally in a cookie file. 

On revisits when the browser sends the request to the server, it will check the user information, identify the unique ID, and return the relevant data.

This is how cookies work:

how cookies work

A cookie comprises three parts: name, value, and attribute. 

A website or a third-party server identifies a cookie using the name. Value is a random alphanumeric generated by the server to identify the users when they revisit the website or to cross-track across websites. An attribute stores cookie information, such as the expiration date, domain, path, and flags.

To find out information about the parts of cookies on a website, you can use inspect element in your web browser.

cookies details in chrome
Viewing cookie details in Chrome inspect element (Ctrl + Shift + I)

Cookies are of different types depending on various factors, such as their source, duration, and necessity/purpose. Here are the most common types of cookies:

First-party cookies and third-party cookies

First-party cookies are generated by the website that the user is visiting. They are used for improving the user browser experience and for authentication. E.g. when the users log in to a website, the server creates and sends first-party cookies with unique IDs to collect the login information. So, when they revisit the website some other time, the server will recognize them from the ID, and hence, the users do not need to log in again.

Third-party cookies are generated by a website different from the one that the user is visiting. They are mostly used for advertisements, analytics, or cross-site tracking. E.g. Google Analytics is a popular tool for measuring website analytics. If you use Analytics, it will send and store cookies on the users’ devices via your website to collect and generate the site’s analytics report.

Did you know that Google Chrome will completely phase out third-party cookies by 2022? Read about it here.

Necessary and non-necessary cookies

Necessary or essential cookies are necessary for a website to function or offer the services that the user requests. Disabling these cookies may affect the partial or full primary functionality of the website and it may not be able to provide the services explicitly requested by the users. E.g. cookies that hold items in an online shopping cart.

Non-necessary or non-essential cookies are cookies used for additional website services that the users may not request. Even without these cookies, the website will continue to work properly and offer its primary services. E.g. social media plugins used by some websites use non-essential cookies to let logged-in users share site content on the social platform.

What are the criteria for strictly necessary cookies? Find out the answer here.

Session and persistent cookies

Session cookies are short-lived cookies that expire when a user session is over. They are used for short-lived purposes such as online form submission or remembering information while navigating the web pages. E.g. when you fill in an online form, the website uses session cookies to remember the information you provided when you proceed to the next page. They expire once you submit the form or close the browser.

Persistent cookies have a longer expiration date that could be up to years. These cookies remain in the user device until their expiration date or whenever the users clear them from the browser. E.g. when the users choose a UI preference, the persistent cookies will remember it and load it every time they revisit.

How to do a cookie audit?

Conducting a cookie audit is easy if you have the right resources. Here is 3-step action for auditing cookies on your website.

1. Identify the cookies

The very first step in auditing the cookies on your website is to identify them. You will need to know about the cookies set by your website and the third parties.

To identify the cookies, you can check them using your internet browser. In the browser, open the developer console and look for the list of cookies set by the website. (Note: use incognito or private mode and do not activate third-party cookie blocking or Do Not Track in the browser).

Find out how to manually check for cookies set by your website here.

However, this method is time-consuming, and if any cookie takes time to download, it will not show in the list. The better option is to use a scanning tool to identify the cookies. Online cookie scanner tools such as the one powered by CookieYes scan your website for cookies in seconds and generate a detailed report. They are faster, more efficient, and free!

2. Understand the cookies

After you identify the cookies on your website, the next step is to analyze them. You know what cookies your website uses. Now, you need to understand their details like source (domain), purpose, duration, and path, and how these cookies work. Once again, you can get most of this information from web browsers. However, it will not give you the complete picture you require to do a complete cookie audit. CookieYes’ in-built cookie scanner will generate a detailed report after scanning your site for cookies. This report will give you all the details you need to understand about the cookies.


Watch how CookieYes helps to scan the entire website for cookies and generate a detailed report:

If you understand the cookies, you know the type of cookies your website uses and how they work. If the domain is different from your website, they are most likely third-party cookies.

Another important detail that you must be aware of is what type of user data these cookies collect. If they collect personally identifiable information of the users, then you may need to adopt measures for privacy compliance.

3. Become cookie compliant

After you identify the type of cookies, you need to check whether your website is compliant with privacy regulations for these cookies. 

Privacy regulations like GDPR and CCPA are applicable worldwide. They have strict standards that will apply to websites receiving traffic from the EU and the US (California). 

Under the privacy regulations like GDPR, if your website uses cookies that collect and use the users’ personal data, you must collect explicit consent from its visitors to use cookies on their device. 

If your website has not taken the following measures, you may be at risk of non-compliance, which is a punishable offense.  

  • Inform the users about cookies on your website and details about them in clear and plain language.
  • Get user consent before storing non-essential cookies on their device.
  • Allow opt-out for non-essential cookies and tell them about it.
  • Opting out is as easy and clear as opting in.
  • Let the users selectively opt-in to each cookie type.
  • Let the users easily withdraw consent at any time and inform them about it.
  • Keep proof of cookie consent registered by the users.

Comply with major cookie laws
for FREE

Get hassle-free cookie banner setup and cookie consent management for your website.

Free cookie banner

GDPRCCPA>CNILItaly Garante<br<

Free 14-day trialCancel anytime

FAQ on cookie audit

How do you check cookies on a website?

You can check cookies in the developer console of your browser. Alternatively, you can use a plugin or free online tool to scan for cookies. Free cookie checker tools are easily available on the internet and provide you with a detailed report on your findings.

What information is stored in cookies?

Cookies do not actually store any personal data or information about you. However, they are used to store information about how you interact with a website. They are small files that are stored on your device when you visits a website. The cookie is then sent back to the site each time you visit that website again, so that it can remember things about your browsing history.

These information in cookies are stored in an encrypted format using encryption keys generated by each site’s server.

What is cookie policy?

A cookie policy is a legal statement that describes the cookies used on your website. It’s also a list of all the cookies in use on your website with detailed information about what they are, what they do, who they’re from, and how you can opt out of them.

The reason why we need a cookie policy is that cookies can be used to track visitors’ movements around the website, which can be used to invade a users’ privacy. That’s why it’s important for websites to have a ookie policy that informs users about what cookies are being used and how they canopt out of them.