Cookie Jar — Learn

A fast, client-side cookie inventory for discovery and documentation. See JS-visible cookies, infer vendor and category, surface external resource domains, and export CSV for your policy and CMP setup.

What Cookie Jar does

  • Reads JS-visible cookies on the current page (or from pasted HTML as a fallback).
  • Flags first-party vs inferred third-party using domain comparisons.
  • Suggests vendor & category using common cookie name patterns (editable in code).
  • Lists external resource domains (scripts/iframes/images) to hint at third-party vendors.
  • Provides a CSV export with the findings for policy drafts and internal reviews.

Note: client-side scans cannot read HttpOnly cookies or server-only Set-Cookie headers.

When you should use it

  • Pre-policy discovery: get a quick view of cookies set after page load and user actions.
  • Vendor inventory: quickly identify likely analytics/marketing vendors on a given page.
  • Regression checks: spot new cookies after deploying tags, widgets, or A/B tools.
  • Consent review: confirm what appears before/after consent on key templates.

How it works & important limitations

Cookie Jar runs entirely in the browser. It reads the page’s document.cookie, so it only sees cookies available to JavaScript. Many compliance-critical cookies are HttpOnly or set via HTTP headers and won’t be visible here. Use our server-side/headless scan (coming soon) for a full inventory including Set-Cookie details (expiry, Secure, SameSite, HttpOnly).

Vendor/category labels are pattern-based hints. Always verify them and map to your CMP categories (e.g., Strictly Necessary, Performance, Functional, Targeting). For UK sites, align with ICO/PECR and your legal guidance.

Interpreting the results

  • First-party: domain matches your hostname (or subdomain). May still require consent if non-essential.
  • Third-party (inferred): cookie/vendor doesn’t match your domain. Check if consent is required and if prior blocking is needed.
  • External resource domains: a handy hint list of potential third parties loading on the page.
  • CSV export: use it to populate your cookie register and share with legal/marketing for review.

Related tools

AI Visibility Checker

Quick signals for whether AI assistants might already mention or cite your pages.

AEO Audit Analyzer

Run AI-readiness checks on answerability, entities, and schema coverage.

Schema Validator+

Validate common JSON-LD types and catch missing/invalid properties before shipping.

Cookie Jar FAQs

What can and can’t Cookie Jar detect?

It detects cookies visible to JavaScript. It can’t access HttpOnly cookies or the Set-Cookie headers returned by the server.

Are vendor/category labels definitive?

No. They’re pattern-based hints. Always validate and map to your policy categories.

Will this enforce consent blocking?

No. Use a Consent Management Platform to manage banners, prior blocking, preference storage and proofs of consent.

Is this legal advice?

No. It’s a technical helper. For compliance, consult legal guidance appropriate to your jurisdiction (e.g., UK ICO/PECR and UK GDPR).