Usercentrics - PUBLIC

Why does the scan still shows positive scan results after the Usercentrics/Cookiebot CMP has been installed?

A cookie scanner is a technology that crawls through your website to look for trackers that invade users' privacy when they visit your domain. Data protection laws such as the GDPR of the EU and California's CCPA require websites to know what personal data they are collecting from their users - and the collection of personal data is largely done through cookies. A cookie scanner is therefore an important tool for compliance with DSGVO, CCPA and other data protection laws worldwide.
In this article, we present both the Cookiebot scan and the Usercentrics Data Privacy Audit scan:

These tools are for anyone who wants to do a quick and free website scan.

A cookie scanner is a technology that crawls through your website to look for trackers that invade users' privacy when they visit your domain. Data protection laws such as the GDPR of the EU and California's CCPA require websites to know what personal data they are collecting from their users - and the collection of personal data is largely done through cookies. A cookie scanner is therefore an important tool for compliance with DSGVO, CCPA and other data protection laws worldwide.
In this article, we present both the Cookiebot scan and the Usercentrics Data Privacy Audit scan:

These tools are for anyone who wants to do a quick and free website scan.

Overview


1. Cookiebot Scan

In the monthly scan report, all cookies and other tracking technology in use are listed. Included in the scan report is information about each cookie and (if applicable) what country the cookie sends data to and whether that country is deemed adequate or not by the European Commission.

The Cookiebot Consent Management Platform (CMP) Scanner is a unique technology that is the cornerstone of the Cookiebot CMP consent and compliance solution.

  • Our cookie scanner finds all cookies and all trackers without exception - even the hidden Trojans - to make your website compliant and protect user privacy.

  • It detects all cookies and trackers in operation on your website.

  • Generates a cookie statement with details about each cookie; type, duration, provider and purpose.

  • Automatically blocks all cookies and trackers until users give consent (to comply with the GDPR).

  • Provides opt-out options to users (for CCPA compliance).

Example of the scan report

Cookies sending data to adequate countries will be marked with: (adequate).

Adequate.png

Cookies sending data to inadequate countries will be marked with: (not adequate)

Not_adequate.png

2. Data Privacy Audit (Usercentrics)

This service enables the customers to view which cookies and third-party services are used on their website, without implementing the CMP or integrating any of the scripts. A user can simply go to https://audit.usercentrics.com/, search for their website and get results for free! The website owner starts it once.

Our Crawler service does a single page scan and the data (requests/responses, cookies, etc.) collected is presented which provides overview and detailed information about cookies and third-party services found on the website, IP address, server location and more. Additionally, we also provide detailed information on the cookies or third-party services implemented on the website.

Example of the scan report


General things you need to know about both scan reports

Cookiebot Scan

  • A cookie may not necessarily contain personal data but will still be listed in the report. Even if a CMP has been set up correctly you may still get some red text.

  • If it sends data to the United States, it will be listed as not adequate.

  • If you use services that are allowed to fire on the first impression.

  • If you see a cookie listed as sending data to an 'inadequate' third country, do check if this is a marketing cookie or not. If it is a marketing cookie, it is fair to assume that it contains personal data.

Usercentrics Data Privacy Website Audit

  • The Data Privacy Website Audit is intended to serve as a starting point for website operators to improve their data protection compliance. The results presented might not be 100% complete and should not be considered as an extensive compliance check. The results have no right to accuracy. Usercentrics does not assume any liability for the accuracy and completeness of the results.

The risk factors are pure suggestions based on the simple grading logic:

  • High Risk: The website sets a large number of third-party cookies and third-party requests without explicitly asking users for consent.

  • Medium Risk: The website sets either an above average number of first-party cookies OR third-party cookies and/or third-party requests, without explicitly asking users for consent.

  • Low Risk: The website sets first-party cookies without explicitly asking users for consent. No third-party cookies or third-party requests were found.

Please keep in mind that the Cookiebot and/or Usercentrics scan are "just" helpful information tools. It is not possible to determine - in a technically reliable way - if a cookie contains personal data or not. Therefore, and because scan reports also helps you be compliant with the EU ePrivacy Directive (ePR), which is much stricter about cookies even if they do not contain personal data, all cookies are listed in the scan report and not just those that contain personal data.

None of those scan tools will tell you if a website is compliant as that would be legal advice. Please always check with your data privacy officer or a specialised lawyer on that question.


Further helpful articles


Do you need further help?

How can I get help with technical questions?

 

Usercentrics - PUBLIC