SitePrivacyScore
Free lightweight tool, no login required

Free Cookie Scanner

Run a fast cookie scan on any website to review first-party cookies, spot possible tracking behavior, and understand which cookies may require closer privacy review.

Why Use a Cookie Scanner?

A cookie scanner gives you a fast way to see what a website is storing in a visitor's browser and why it matters. For developers, it is a practical release check after analytics, consent-banner, or tag-manager changes. For privacy and compliance teams, it helps answer a more important question: is the site setting only routine operational cookies, or is it introducing tracking behavior that may need stronger consent controls?

This free cookie checker focuses on cookies visible in the initial server response. That makes it useful for quick audits, first-pass reviews, and identifying obvious marketing or analytics patterns. You can review cookie names, domain scope, duration, and whether the cookie looks more like a standard session mechanism or a tracking-oriented behavior that deserves closer scrutiny.

Cookie scans matter because not all cookies should be treated the same way. Essential session cookies support login, checkout, and security workflows. Analytics and marketing cookies can be legitimate too, but under GDPR and ePrivacy rules they often require explicit consent before they are set. If you want the background behind those distinctions, read our guide to cookie scanners.

Lightweight scan:

This tool checks cookies from the server's initial HTTP response. JavaScript-injected cookies from analytics, ad scripts, or tag managers require a full browser-level scan via the complete SitePrivacyScore audit.

How to Read These Results

Essential or session cookies are usually tied to logins, carts, fraud controls, or other core website features. They still deserve review, but they are generally easier to justify.

Analytics or marketing cookies need closer attention. If they support measurement, advertising, personalization, or retargeting, they may require explicit consent before they are set.

Long-lived cookies are worth a second look. A cookie that lasts for months or years creates a larger tracking footprint than a short-lived session cookie.

What This Tool Checks

  • Cookie names and domains visible in the initial response
  • Basic duration and persistence signals
  • Lightweight classification into standard versus tracking-oriented behavior
  • Whether the site appears to set cookies that may need closer consent review

For runtime tracker behavior, consent timing, and JavaScript-injected cookies, follow this check with a full privacy audit.

Related Tools and Guides

Tracker Detector, Find Analytics & Ad ScriptsGDPR Quick Check, Test Consent & Policy ComplianceRead Guide: What Is a Cookie Scanner?Read Guide: Cookies and Web Tracking

Run full privacy audit

This free cookie scanner is a fast first-pass check. A full SitePrivacyScore audit also covers runtime trackers, consent timing, and browser-level cookie behavior.

Run Full Privacy AuditBrowse All Free Tools

For deeper runtime checks, run the full privacy audit →

Frequently Asked Questions

What is the difference between first-party and third-party cookies?+
First-party cookies are set by the website you are visiting. Third-party cookies are created by external domains (like ad networks or analytics providers) embedded on the page. Third-party cookies are the primary mechanism for cross-site user tracking.
Why do some cookies not show up in this scan?+
This tool performs a lightweight server-side request. Cookies injected by JavaScript after the page loads (such as those from Google Analytics or Facebook Pixel) are not visible in the initial HTTP response headers. A full browser-based audit catches these.
What makes a cookie a privacy risk?+
Cookies used for marketing retargeting, cross-site tracking, or user profiling are considered non-essential. Under GDPR and ePrivacy rules, these cookies must not be set until the user gives explicit, informed consent via a compliant cookie banner.
How long should cookies last?+
Session cookies expire when the browser closes and are generally safe. Persistent cookies with long lifetimes (months or years) are more concerning, especially if they serve tracking purposes. Regulations recommend minimizing cookie duration to what is strictly necessary.
Is a cookie consent banner enough to be compliant?+
No. A compliant consent banner must actually block non-essential cookies before the user clicks 'Accept'. Many websites show a banner but still load tracking scripts immediately on page load, which violates GDPR. A full audit can verify this behavior.