All Blog Posts

GDPR Cookie Audit

Your website runs on cookies, as does most of the Internet. But do you know which cookies are in use on your domain, and how to control them?

Updated January 17, 2022.

Data privacy laws regulate cookies worldwide and most likely affect your website too – but striking a balance between data privacy and data-driven business can be tricky.

Our consent management platform (CMP) has automated the entire compliance process, and provides your website with a world-leading cookie checker in a plug-and-play solution that respects user privacy and your website’s data needs.

Learn more about our free cookie audit tool, sign up today and get started with Google Consent Mode.

Cookies are the most used technology for tracking website visitors, as well as collecting and sharing their data for a range of purposes – like remembering log-in details or shopping cart contents, displaying targeted ads on your domain, or providing you with data about your website’s performance with its users.

But cookies are also notoriously privacy-unfriendly as the data that they collect from users and share with third parties range from anonymized information to the highly private and sensitive data – like behavior, location, purchase history, preferences, orientations, convictions, beliefs, and personal traits.

Data privacy laws in the EUCaliforniaUKCanadaAustraliaBrazilSouth Africa, and New Zealand (among many other countries and regions) have changed the ways in which your website can use cookies – in many places, strict rules apply.

Some require you to obtain prior consent from users before running any cookies on your domain, while others require you to present your website’s visitors with choices to opt-out – and almost all require that your website features privacy notices that inform your users in detail about every cookie in use on your domain.

Yes, every cookie and other tracking technology, including information on:

  • Technical specifications,
  • Provider,
  • Purpose,
  • Where data is sent to,
  • And what kinds of data are collected.

But knowing all cookies on your website is only half the job done – because once you’ve managed to get full transparency, most data privacy laws also require you to be able to control them and, more importantly, to hand over control to your website’s visitors.

In short, transparency and control are the two most important things for you to get right when it comes to data privacy compliance on your website.

And this is difficult to achieve if you don’t have a cookie audit tool like our CMP at your disposal.

Illustration of a webpage with cogs behind it - Cookiebot
The Cookiebot CMP cookie checker brings transparency and control to your website.

What cookies does my website use?

Websites come in many different shapes and sizes, but almost all use cookies for purposes ranging from basic site function to intricate end-user tracking.

Protecting the data privacy of your website’s visitors really comes down to knowing and controlling your website’s cookies.

Exactly what types of cookies your website uses depends on several things, such as if you use third-party services like Google Analytics or HubSpot, if you use social media plugins or if you embed videos, if you have a web shop or if you display ads on your domain.

Did you know that websites on average use 20 cookies?

Third-party services will set third-party cookies on your website, and these will often collect and share end-user data that fall under the legal definitions of personal data/personal information – like search and browser history, IP addresses, cross-website tracking information, user behavior on a website, device data, shopping history, and much more…

Websites typically have several third-party cookies in use that require the right compliance solutions to run legally in the several major regions of the world.

Common third-party cookies that most websites use include Google Analytics cookies that measure website traffic and conversion rates on your domain. These are regulated by data privacy laws in large parts of the world (EUUKCanadaCaliforniaSouth Africa and many other places).

But your website may also have cookies that you’re not even aware of and unable to detect yourself, since –

72% of cookies on websites are loaded in secret by other-third party cookies.

18% of cookies on websites are “trojan horses”, i.e. cookies that hide as deep as within eight other cookies, loading each other without your knowledge.

50% of trojan horses will change on repeated visits by users to your website.

Source: Beyond the Front Page, a 2020 research paper on website cookies.

Learn more about Google Analytics and cookies

Learn more about HubSpot and cookies

Google ending third-party cookies? New technologies will still need consent.

Cookiebot CMP by Usercentrics is an automated data privacy compliance solution built around the world’s most powerful cookie checker that scans your website and detects every tracking technology in use on your domain.

Alongside the automatic cookie checker, we also take control of all trackers on your domain and offers your end-users a choice of consent or opt-out through highly customizable banners and interfaces on your domain.

Illustration of a website with a women shining a torch on it - Cookiebot
Reveal all tracking technologies on your website with the Cookiebot CMP cookie checker.

Implemented straight from the cloud, our solution is quick and easy to use, and automatically detects where in the world your website’s visitors are located to ensure the right compliance solution with the data privacy law in effect in that country or region.

A cookie audit is not just about data law compliance. Building trust with the end-users of your website has become increasingly important as data privacy is fast becoming a metric of brand reputation itself.

When asked why they left a brand, 80% of consumers say they left because the brand was using their data without consent.

But balancing data privacy compliance against your data-driven business and needs for insights into your domain’s performance can be complicated.

With Cookiebot CMP, it’s easy and automatic.

Helping websites all over the world strike a sustainable balance between data privacy and data-driven business is the purpose of Cookiebot CMP – to foster an internet economy that works for both the end-user and your website.

That’s why Cookiebot CMP works seamlessly with Google Consent Mode that lets you run popular Google-services (like Google Analytics) based on the consent state of your website’s visitors, ensuring that you still get performance and conversion data even if end-users opt out of cookies and trackers on your domain.

Cookiebot CMP is free if you have a small website (under 50 subpages) and integrates with HubSpotUmbracoGoogle AnalyticsGoogle Tag ManagerWordPressIAB and more.

Try Cookiebot CMP free for 14 days – or forever if you have a small website.

Get started with Google Consent Mode and Cookiebot CMP

Scan your website with our free cookie checker to see what cookies are in use

Learn more about compliance with EU’s GDPR

Learn more about compliance with UK’s GDPR

Learn more about compliance with California’s CCPA/CPRA

What are cookies? And what cookies does your website use?

Okay, so what are cookies anyway?

Cookies are units of data that were invented in the early 90s, named after the fortune cookie because of their structures as containers bearing a message. And that’s exactly what cookies are, only the message can be all kinds of data, even the most private and sensitive information about an individual.

Illustration of webpages - Cookiebot
Websites use an average of 20 cookies, most of these are third-party cookies that need end-user consent.

Initially designed to function as the recall of a website, cookies have developed over the last 30 years to become the supply chains of the internet economy, harvesting vast amounts of data from end-users that is then grouped, profiled and, in turn, sold in real-time bidding auctions for targeted advertisement online, among many other purposes.

A 2019 Cookiebot CMP report revealed how third-party cookies from Google and Facebook were hiding on EU government and health websites, collecting sensitive data about users without their consent.

With data privacy laws emerging all over the world – from state-level bills in the US to an upcoming new ePrivacy Regulation in the EU – cookies, trackers and the tracking technologies of tomorrow are expected to be even more regulated. And it all comes down to what happens on your website.

Learn more about compliance with the EU’s GDPR

Does my website use different cookies?

Broadly speaking, cookies come in four types –

  • Necessary cookies
  • Preference cookies
  • Statistics cookies
  • Marketing cookies

Only necessary cookies are exempt (e.g. from consent requirements in the EU), nonetheless you still need to know of them and tell your end-users about them in your website’s privacy notice/privacy policy.

Statistics and marketing cookies make up the majority of trackers on most websites today, because they’re often third-party cookies that are set on your website when you use third-party services, like Google AnalyticsHubSpot, Facebook, Twitter, YouTube etc.

These cookies always need the prior granular consent of end-users, or (in California) the end-users need to be presented with a choice of opting-out of having these cookies collect their data.

Maybe you’ve heard that third-party cookies are slowly being replaced with new tracking technologies?

It’s true that third-party cookies are being phased out in many website browsers, including Chrome and Safari, but the new technologies poised to replace them still operate in the same way: collecting and processing user data for different purposes.

In other words, personal data/personal information will still be processed by these new technologies, and end-user consent (in the EUUKSouth Africa and Brazil) as well as opt-out options (in California and soon Virginia too) will still be needed if your website is to use them in a legal way.

In fact, a cookie is already an umbrella term that covers many different tracking technologies, such as –

  • HTTPS/JavaScript cookies
  • HTML5 Local Storage
  • Flash Local Shared Object
  • Silverlight Isolated Storage
  • IndexedDB
  • Ultrasound beacons
  • Pixel tags

Using a cookie checker like Cookiebot CMP enables you to know exactly what cookies your website uses, to control them and to offer end-users consent and opt-out choices.

Third-party cookies being replaced? See why you still need end-user consent

Summary: check cookies with Cookiebot CMP

Automatic compliance in plug-and-play solution with Cookiebot CMP

Maybe you started reading this article and was asking yourself: does my website use cookies?

By now you should be pretty sure that yes, your website does indeed use cookies… but which ones? And how many? Where do they come from, and what data do they collect from the people visiting your website? How can you control their function, so that your website is in full compliance with the data privacy laws in effect around the world? And how can you make sure that your website still receives the data that you need to get insights into its performance and conversions?

Illustration of a cookie consent popup  - Cookiebot
Get a transparent overview and full control of your website’s cookies with the Cookiebot CMP cookie checker.

By signing up to Cookiebot CMP, you get the world’s most powerful cookie checker in an automatic and easy-to-use compliance solution that fits every major data privacy law in the world.

Try Cookiebot CMP with Google Consent Mode to ensure insights and analytics to your data-driven business on the basis of the consent state of your end-users.


Does my website use cookies?

Yes, almost certainly your website uses cookies. On average, websites use around 20 cookies. In fact, 72% of cookies are loaded in secret by other third-party cookies, making them extremely hard to detect without a powerful cookie scanner.

Scan your website for free with the Cookiebot CMP cookie checker

What cookies does my website use?

What cookies your website uses depends on what functionalities and third-party services you have integrated onto your domain. For example, using Google Analytics on your website will set third-party cookies. Using third-party services means having third-party cookies on your website – all of these require prior consent from end-users in the EU/UK and opt-out options for users in California, among other countries and regions.

Try the Cookiebot CMP cookie checker for free today

How do I know if my website uses cookies?

Unless your use a cookie checker or a cookie audit tool like Cookiebot CMP, it’s hard to know exactly what cookies, trackers and other “trojan horses” might be running beneath the surface of your website. Many third-party cookies will be loaded within other cookies, or will have changed on repeated visits by users, making it practically impossible for you as the website owner/operator to always have a full overview without a powerful website cookie checker.

Scan your website for free with the Cookiebot CMP cookie audit tool

How do I identify cookies?

Knowing what cookies are on your site can be a tricky thing, especially without any cookie tester tools. Using a website cookie checker like Cookiebot CMP enables you to always automatically have full transparency over every cookie and tracking technology in use on your website.

Try the Cookiebot CMP cookie tester for free today

Can cookies identify you personally?

Yes, many cookies – especially third-party cookies – collect and share data that is highly personal and private. Cookies commonly collect IP addresses, search and browser history, device information, cross-browser data, and much more. By inference and by combination with other data points, cookies and other tracking technologies enable the personal identification of users.

Learn more about website tracking

Are cookies bad?

Cookies are just small text files, technology that is neither good nor bad in itself. It’s what cookies can do that can be very privacy-infringing to end-users. Cookies can collect information such as behavior, appearance, traits, preferences, sexual orientation, political convictions and religious beliefs.

Check cookies on your website with Cookiebot CMP

How do I know if I have third-party cookies?

If you use third-party services on your website, you will have third-party cookies. For example, using Google Analytics or HubSpot, social media plugins from Facebook or Twitter, or embedded videos from YouTube or Vimeo on your domain will set third-party cookies.

Does my site use cookies? Test with Cookiebot CMP

Do all websites use cookies?

Almost all websites in the world use cookies, whether their owners/operators are aware of it or not. Cookies are by far the most used technology for tracking, collecting, and sharing data from website visitors. Using a cookie checker like Cookiebot CMP can help you get full transparency over which cookies are in use on your website.

Check your website for cookies with Cookiebot CMP

How do I know if my website uses cookies?

Use a cookie checker like Cookiebot CMP to scan and detect all cookies, trackers and “trojan horses” on your website. The Cookiebot CMP cookie audit tool is the most powerful cookie checker/website scanner in the world.

Which cookies does my website use? Check with Cookiebot CMP

What types of website cookies are there?

Cookies fall into four categories: necessary, preference, statistics and marketing cookies. Only cookies strictly necessary for the basic function of your website are exempt from data privacy law requirements, while all other cookies are regulated and require prior consent or opt-out options, depending on where in the world your end-users are located.

Check website cookies with Cookiebot CMP

How do you do a cookie audit?

With the Cookiebot CMP cookie audit tool, you simply enter the URL of your website and our cookie checker automatically scans your website and finds all cookies and other tracking technologies present and in use.

What cookies are on my site? Get a free cookie check with Cookiebot CMP

Are cookies personal data under GDPR?

Yes, most of the data that cookies collect are classified as personal data under the GDPR. This includes IP addresses, search and browser history, and device information. If you’re unsure whether your website collects personal data, try the free compliance test by Cookiebot CMP.

Try the free GDPR cookie checker with Cookiebot CMP


Try the Cookiebot CMP website cookie checker for free

Get started with Google Consent Mode

WordPress cookie checker with Cookiebot CMP

Learn more about Google Analytics cookies

Learn more about compliance with the EU’s GDPR

Learn more about compliance with the UK’s GDPR

Learn more about compliance with California’s CCPA/CPRA

Learn more about compliant website tracking

Beyond the Front Page , a 2020 research paper on website cookies.

    Stay informed

    Join our growing community of data privacy enthusiasts now. Subscribe to the Cookiebot™ newsletter and get all the latest updates right in your inbox.

    By clicking on “Subscribe” I confirm that I want to subscribe to the Cookiebot™ newsletter. I can easily cancel my Cookiebot™ newsletter subscription and revoke consent to use my data by clicking the unsubscribe link or I can write to [email protected] to make the request. Privacy policy.