Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
Audits website cookies and trackers via automated scanning, categorization, lifecycle documentation, and Planet49 compliance analysis. For privacy/compliance reviews.
npx claudepluginhub mukul975/privacy-data-protection-skills --plugin privacy-skills-completeHow this skill is triggered — by the user, by Claude, or both
Slash command
/privacy-skills-complete:cookie-auditThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
A cookie audit is the foundational step in achieving cookie consent compliance. It involves systematically identifying, categorizing, and documenting every cookie and tracking technology deployed on a website. The Court of Justice of the European Union in Planet49 GmbH v. Bundesverband der Verbraucherzentralen (Case C-673/17, 1 October 2019) established that pre-ticked checkboxes do not constit...
Audits website cookies and trackers via automated scanning, categorization, lifecycle documentation, and Planet49 compliance analysis. For privacy/compliance reviews.
Audits cookie lifetimes against CNIL 13-month maximum, Safari ITP caps, third-party phase-out, and classifies session vs persistent cookies for compliance.
Audits web pages for GDPR/CCPA cookie consent compliance: clears session, captures pre-consent cookies, detects banners, analyzes accept/reject/preference buttons.
Share bugs, ideas, or general feedback.
A cookie audit is the foundational step in achieving cookie consent compliance. It involves systematically identifying, categorizing, and documenting every cookie and tracking technology deployed on a website. The Court of Justice of the European Union in Planet49 GmbH v. Bundesverband der Verbraucherzentralen (Case C-673/17, 1 October 2019) established that pre-ticked checkboxes do not constitute valid consent under the ePrivacy Directive, and that users must be informed about cookie duration and third-party access before consenting. A thorough audit reveals what consent must be obtained and what disclosures must be made.
Before scanning, document the audit scope for Pinnacle E-Commerce Ltd:
| Parameter | Value |
|---|---|
| Primary domain | www.pinnacle-ecommerce.com |
| Subdomains in scope | shop.pinnacle-ecommerce.com, account.pinnacle-ecommerce.com, blog.pinnacle-ecommerce.com |
| Authenticated pages | Yes — customer account, checkout flow |
| Mobile-specific pages | m.pinnacle-ecommerce.com |
| Third-party integrations | Google Analytics 4, Meta Pixel, Hotjar, Stripe, Intercom |
| Scan frequency | Quarterly (next: Q2 2026) |
Deploy scanning tools to capture all cookies and tracking technologies:
Browser-Based Scanning
Use a headless Chromium instance to crawl the site and capture:
Set-Cookie headersdocument.cookie JavaScript APInavigator.sendBeacon() calls)Network-Level Capture
Monitor HTTP/HTTPS traffic to identify:
Classify each cookie using the ICC UK Cookie Guide categories, aligned with the ePrivacy Directive Article 5(3):
Category 1: Strictly Necessary Cookies essential for the website to function. No consent required under Article 5(3) exemption.
Examples for Pinnacle E-Commerce Ltd:
| Cookie Name | Domain | Duration | Purpose |
|---|---|---|---|
| session_id | .pinnacle-ecommerce.com | Session | Maintains user session state |
| csrf_token | .pinnacle-ecommerce.com | Session | Cross-site request forgery protection |
| cart_items | shop.pinnacle-ecommerce.com | 24 hours | Shopping cart contents |
| auth_token | account.pinnacle-ecommerce.com | 30 minutes | Authentication state |
| load_balancer | .pinnacle-ecommerce.com | Session | Server load distribution |
Category 2: Performance/Analytics Cookies that collect aggregate usage data. Consent required.
| Cookie Name | Domain | Duration | Purpose |
|---|---|---|---|
| _ga | .pinnacle-ecommerce.com | 2 years | Google Analytics client ID |
| _ga_XXXXXXX | .pinnacle-ecommerce.com | 2 years | GA4 session persistence |
| _gid | .pinnacle-ecommerce.com | 24 hours | GA4 session distinction |
| hjSessionUser* | .pinnacle-ecommerce.com | 1 year | Hotjar user identification |
| hjSession* | .pinnacle-ecommerce.com | 30 minutes | Hotjar session data |
Category 3: Functionality Cookies that remember user preferences. Consent required unless strictly necessary.
| Cookie Name | Domain | Duration | Purpose |
|---|---|---|---|
| locale | .pinnacle-ecommerce.com | 1 year | Language preference |
| currency | shop.pinnacle-ecommerce.com | 1 year | Currency selection |
| recently_viewed | shop.pinnacle-ecommerce.com | 30 days | Recently viewed products |
Category 4: Targeting/Advertising Cookies used for ad targeting and cross-site tracking. Consent always required.
| Cookie Name | Domain | Duration | Purpose |
|---|---|---|---|
| _fbp | .pinnacle-ecommerce.com | 90 days | Meta Pixel browser ID |
| _fbc | .pinnacle-ecommerce.com | 90 days | Meta click identifier |
| _gcl_au | .pinnacle-ecommerce.com | 90 days | Google Ads conversion linker |
| IDE | .doubleclick.net | 13 months | Google ad serving |
| fr | .facebook.com | 90 days | Meta ad delivery and measurement |
For each cookie identified, verify against Planet49 requirements:
Planet49 Compliance Checklist:
Gap Analysis Template:
| Cookie | Category | Consent Collected | Duration Disclosed | Third-Party Disclosed | Gap |
|---|---|---|---|---|---|
| _ga | Analytics | Yes | No — listed as "persistent" not "2 years" | No — Google not named | Duration + third-party disclosure |
| _fbp | Targeting | Yes | Yes | Yes | None |
| locale | Functionality | No | No | N/A | Assess if strictly necessary |
The audit report for Pinnacle E-Commerce Ltd must include:
Schedule automated scans to detect new cookies introduced by:
Integrate cookie scanning into the CI/CD pipeline: any new cookie detected in staging must be categorized and documented before deployment to production.