Audits website cookies and trackers via automated scanning, categorization, lifecycle documentation, and Planet49 compliance analysis. For privacy/compliance reviews.
npx claudepluginhub mukul975/privacy-data-protection-skills --plugin privacy-skills-completeThis skill uses the workspace's default tool permissions.
A cookie audit is the foundational step in achieving cookie consent compliance. It involves systematically identifying, categorizing, and documenting every cookie and tracking technology deployed on a website. The Court of Justice of the European Union in Planet49 GmbH v. Bundesverband der Verbraucherzentralen (Case C-673/17, 1 October 2019) established that pre-ticked checkboxes do not constit...
Conducts multi-round deep research on GitHub repos via API and web searches, generating markdown reports with executive summaries, timelines, metrics, and Mermaid diagrams.
Dynamically discovers and combines enabled skills into cohesive, unexpected delightful experiences like interactive HTML or themed artifacts. Activates on 'surprise me', inspiration, or boredom cues.
Generates images from structured JSON prompts via Python script execution. Supports reference images and aspect ratios for characters, scenes, products, visuals.
A cookie audit is the foundational step in achieving cookie consent compliance. It involves systematically identifying, categorizing, and documenting every cookie and tracking technology deployed on a website. The Court of Justice of the European Union in Planet49 GmbH v. Bundesverband der Verbraucherzentralen (Case C-673/17, 1 October 2019) established that pre-ticked checkboxes do not constitute valid consent under the ePrivacy Directive, and that users must be informed about cookie duration and third-party access before consenting. A thorough audit reveals what consent must be obtained and what disclosures must be made.
Before scanning, document the audit scope for Pinnacle E-Commerce Ltd:
| Parameter | Value |
|---|---|
| Primary domain | www.pinnacle-ecommerce.com |
| Subdomains in scope | shop.pinnacle-ecommerce.com, account.pinnacle-ecommerce.com, blog.pinnacle-ecommerce.com |
| Authenticated pages | Yes — customer account, checkout flow |
| Mobile-specific pages | m.pinnacle-ecommerce.com |
| Third-party integrations | Google Analytics 4, Meta Pixel, Hotjar, Stripe, Intercom |
| Scan frequency | Quarterly (next: Q2 2026) |
Deploy scanning tools to capture all cookies and tracking technologies:
Browser-Based Scanning
Use a headless Chromium instance to crawl the site and capture:
Set-Cookie headersdocument.cookie JavaScript APInavigator.sendBeacon() calls)Network-Level Capture
Monitor HTTP/HTTPS traffic to identify:
Classify each cookie using the ICC UK Cookie Guide categories, aligned with the ePrivacy Directive Article 5(3):
Category 1: Strictly Necessary Cookies essential for the website to function. No consent required under Article 5(3) exemption.
Examples for Pinnacle E-Commerce Ltd:
| Cookie Name | Domain | Duration | Purpose |
|---|---|---|---|
| session_id | .pinnacle-ecommerce.com | Session | Maintains user session state |
| csrf_token | .pinnacle-ecommerce.com | Session | Cross-site request forgery protection |
| cart_items | shop.pinnacle-ecommerce.com | 24 hours | Shopping cart contents |
| auth_token | account.pinnacle-ecommerce.com | 30 minutes | Authentication state |
| load_balancer | .pinnacle-ecommerce.com | Session | Server load distribution |
Category 2: Performance/Analytics Cookies that collect aggregate usage data. Consent required.
| Cookie Name | Domain | Duration | Purpose |
|---|---|---|---|
| _ga | .pinnacle-ecommerce.com | 2 years | Google Analytics client ID |
| _ga_XXXXXXX | .pinnacle-ecommerce.com | 2 years | GA4 session persistence |
| _gid | .pinnacle-ecommerce.com | 24 hours | GA4 session distinction |
| hjSessionUser* | .pinnacle-ecommerce.com | 1 year | Hotjar user identification |
| hjSession* | .pinnacle-ecommerce.com | 30 minutes | Hotjar session data |
Category 3: Functionality Cookies that remember user preferences. Consent required unless strictly necessary.
| Cookie Name | Domain | Duration | Purpose |
|---|---|---|---|
| locale | .pinnacle-ecommerce.com | 1 year | Language preference |
| currency | shop.pinnacle-ecommerce.com | 1 year | Currency selection |
| recently_viewed | shop.pinnacle-ecommerce.com | 30 days | Recently viewed products |
Category 4: Targeting/Advertising Cookies used for ad targeting and cross-site tracking. Consent always required.
| Cookie Name | Domain | Duration | Purpose |
|---|---|---|---|
| _fbp | .pinnacle-ecommerce.com | 90 days | Meta Pixel browser ID |
| _fbc | .pinnacle-ecommerce.com | 90 days | Meta click identifier |
| _gcl_au | .pinnacle-ecommerce.com | 90 days | Google Ads conversion linker |
| IDE | .doubleclick.net | 13 months | Google ad serving |
| fr | .facebook.com | 90 days | Meta ad delivery and measurement |
For each cookie identified, verify against Planet49 requirements:
Planet49 Compliance Checklist:
Gap Analysis Template:
| Cookie | Category | Consent Collected | Duration Disclosed | Third-Party Disclosed | Gap |
|---|---|---|---|---|---|
| _ga | Analytics | Yes | No — listed as "persistent" not "2 years" | No — Google not named | Duration + third-party disclosure |
| _fbp | Targeting | Yes | Yes | Yes | None |
| locale | Functionality | No | No | N/A | Assess if strictly necessary |
The audit report for Pinnacle E-Commerce Ltd must include:
Schedule automated scans to detect new cookies introduced by:
Integrate cookie scanning into the CI/CD pipeline: any new cookie detected in staging must be categorized and documented before deployment to production.