Cookie Detection¶
Waulter includes an automated cookie detection feature that crawls your website to identify cookies, consent banners, Google Consent Mode state, and third-party scripts. Results are displayed in the dashboard so you can verify your compliance posture and catch unexpected changes.
Observable results only
This documentation covers the detection results as they appear in the dashboard. The detection process runs automatically — you interact with the findings, not the detection mechanism.
What the crawler detects¶
| Detection category | What it finds |
|---|---|
| Cookies | First-party and third-party cookies set by your site and its scripts |
| Consent banners | Whether a consent banner is present and functional on the page |
| GCM state | Whether Google Consent Mode signals are being sent correctly |
| Third-party scripts | External scripts loaded on your pages (analytics, ads, social widgets, etc.) |
Cookie details¶
For each detected cookie, the dashboard shows:
| Field | Description |
|---|---|
| Name | The cookie name (e.g. _ga, fbp, vaswaulter) |
| Domain | Which domain set the cookie (first-party vs third-party) |
| Type | First-party or third-party |
| Category | The purpose category it belongs to (analytics, marketing, etc.) |
| Expiry | How long the cookie persists |
| Source | Which script set the cookie |
How results appear in the dashboard¶
Detection results are available per configuration in the dashboard:
- Open your configuration.
- Navigate to the Cookie Detection or Compliance section.
- View the latest detection results.
Results are organised by purpose category, making it easy to see which cookies belong to analytics, marketing, or other categories. Items that may need attention are flagged.
The "master check" — diff view¶
The master check provides a diff view showing what changed between consecutive detection runs. Think of it as a "before and after" comparison for your site's cookie landscape.
What the diff shows¶
| Change type | Indicator | Meaning |
|---|---|---|
| New cookie | Added | A cookie that was not present in the previous scan |
| Removed cookie | Removed | A cookie that was present before but is now gone |
| Changed cookie | Modified | A cookie whose properties changed (domain, expiry, etc.) |
| New script | Added | A third-party script that was not present before |
| GCM change | Modified | A change in Google Consent Mode signal behaviour |
Why the diff view matters¶
- Spot unexpected tracking — a new deployment might introduce cookies you didn't expect
- Verify removals — confirm that a removed third-party integration actually stopped setting cookies
- Catch regressions — detect if a GCM signal that was working correctly has stopped firing
- Compliance monitoring — track changes over time for audit purposes
How to use detection results¶
After a deployment¶
- Deploy your changes.
- Wait for the next detection run (or trigger a manual re-scan if available).
- Check the diff view for new or changed cookies.
- Verify that new cookies are properly categorised and included in your consent configuration.
Before an audit¶
- Review the latest detection results.
- Verify that all detected cookies match purposes in your configuration.
- Check for any uncategorised cookies — these need to be assigned to a purpose or removed.
- Export or screenshot the results as evidence.
When adding third-party integrations¶
- Add the integration to your site (e.g. a new analytics tool).
- Run a detection scan.
- Check what new cookies and scripts were detected.
- Add the appropriate purpose category to your Waulter configuration if needed.
- Update your Cookie Policy to include the new cookies.
Common findings and actions¶
| Finding | Action |
|---|---|
| Uncategorised cookie detected | Assign it to the correct purpose category in the dashboard |
| Third-party cookie from unknown source | Investigate which script sets it; consider removing the script or adding a purpose |
| GCM signals not detected | Verify useGtm: true is set in your WaulterConfig |
| Missing consent banner | Check that the SDK is deployed and the configuration is active |
| Cookie set before consent | Review tag firing order — ensure tags wait for consent triggers |
Sharing results with your team¶
Detection results can be used in cross-functional communication:
| Audience | What to share |
|---|---|
| DPO / Legal | Full detection report, especially any new or uncategorised cookies |
| Development team | Diff view highlighting changes from recent deployments |
| Marketing team | List of marketing-related cookies and their consent status |
| Agency clients | Summary report showing compliance status per domain |
Regular reviews
Schedule regular reviews of detection results (e.g. weekly or after each deployment). Catching new cookies early prevents compliance gaps from growing.