What Cookies are on My Site? 3 Ways to Find out What Cookies Your Site is Delivering to Your Users

If you’re a website owner, chances are you have a lot of different technologies under the hood. The days of web pages being delivered over plain HTML are long gone and with content management systems like WordPress become more and more complex, most website owners don’t know everything that’s going on behind the scenes.

Why Do I Need to Know What Cookies are on My Site?

The Internet today is much different than it was a decade ago. In the past, people would peruse the web from site to site without any thought as to what those sites were keeping track of. Most of us didn’t even know what cookies were (and many still don’t).

While most people assume websites use some types of analytics to track visitor traffic and improve user experience, many also realize that websites track users for other purposes as well. Knowing what cookies are being used on a website that you own can be important for several reasons, here are a few of them.

Compliance

Depending on your location, there may be laws and regulations that require website owners to disclose the use of cookies to their users. By knowing what cookies are being used on your website, you can ensure that you are in compliance with these laws and regulations.

While the laws don’t necessarily apply to every website in every location in the world, some of them such as the General Data Protection Regulation (GDPR) in the European Union (EU) are far-reaching and have severe penalties for noncompliance. Even website owners outside the EU have begun adopting methods to be GDPR compliant. GDPR requires website owners to inform users about the use of cookies and obtain their consent before using them.

Similarly, the California Consumer Privacy Act (CCPA) applies to website owners in California and requires the disclosure to users of the use of cookies and other data collection practices. The law also requires owners to give users the right to opt-out of the sale of their personal information.

User Privacy

Cookies can be used to track user behavior and collect personal information. Knowing what cookies are being used on your website can help you ensure that you are not collecting any unnecessary or sensitive information from your users.

In addition to the previous mentions of GDPR and CCPA laws, collecting unnecessary data about your users can bloat your CRM or databases and it also makes you a more attractive target for hackers who are looking to steal information.

As a website owner, it’s best to only collect the bare minimum that you need from a user or website visitor. You are liable for holding the data and keeping it secure, so the less sensitive data you have, the lower your attack surface.

Performance

Cookies can affect website performance. Because they’re stored on the user’s device, cookies are sent back to the server with each request. The more cookies that are set, the larger the amount of data that needs to be transmitted with each request. This can slow down the website.

By knowing what cookies are being used on your website, you can identify any cookies that are no longer necessary or are too large and remove them. You can also optimize the size of the cookies that are essential to your site’s functionality by compressing or encrypting them.

Additionally, some cookies may have expiration dates that are set too far in the future, which can cause them to accumulate over time and slow down the website. By knowing what cookies are being used on your website, you can ensure that the expiration dates for the cookies are set appropriately to prevent this from happening.

Security

Some cookies can be used to authenticate users, allowing them to access restricted areas of a website or store sensitive information, such as a shopping cart.

By knowing what cookies are being used on your website, you can ensure that they are being set and used securely. This can include checking that the cookies are being transmitted over a secure connection (HTTPS), that they have a secure flag set, and that they are being stored securely on the user’s device.

Additionally, cookies can be used to protect against cross-site scripting (XSS) attacks, which are a type of security vulnerability where an attacker injects malicious code into a website. Some cookies can be used to store information about the user’s session, which can be used to verify the authenticity of the user’s request and prevent XSS attacks.

Advertising

Cookies can be used to deliver targeted ads to your users. Knowing what cookies are being used on your website can help you understand your audience better and show them more relevant ads.

So How Do I Find Out What Cookies are on My Site?

There are a few ways to find out what cookies are being served up by your site (or any site for that matter). I usually recommend using a combination of tools to ensure you get a complete picture of the cookies being delivered by your website.

1. Use a Free Website Cookie Scanner

This is probably the easiest method to find out what cookies are on your website, which is why it’s listed first. There are several website cookie checkers out there that will scan any site you want and return their results of a cookie scan. A good one is Cookieserve, which I like because it doesn’t require you to create an account. In my opinion, this makes it one of the best free cookie scanners you can get.

Other useful sites include cookie-checker.com and whatismybrowser.com but both of them do require you to sign up for an account before you can see the scan results.

Cookie Scanner website will also help give you a breakdown on how your website fairs with compliance regulations regarding cookies.

2. Use a Browser Extension

Another easy method of finding out what cookies are on a website, there are many browser extensions that can let you know what cookies are being set when you visit a particular website.

A good browser extension you can use is called EditThisCookie and it’s available on the Chrome web store. It will work in any Chromium-based browser. It allows you to edit existing cookies in your browser, delete cookies, add new cookies, and search cookies to see which cookies are on your website.

3. Use Your Browser’s Developer Tools

This method is great because it doesn’t require you to install anything on your computer or web browser. Most major browser have a developer mode you can enable by simply clicking F12.

For example, here’s how to see cookies in chrome:

1. Launch Chrome and hit F12 on your keyboard to open developer mode.
2. Visit your website.
3. At the top of the developer pane, select Application.
4. On the left hand side of the developer pane, under Storage, expand Cookies and select each site listed. The website you’re visiting will be listed here.
5. Select it and a list of all the cookies and their values will appear.
6. Note that if your website embeds data from another website, such as YouTube, that site will also appear in the website list and you can view those cookies as well.

Here’s an example of what cookies are delivered over at TechCrunch:

As you can see, cookies not only come from TechCrunch, they are also being set by Twitter and TinyPass – both of which are sites that have content embedded on the TechCrunch homepage (as of the date this screen capture was taken).

Final Thoughts

In this post we covered why you might want to know what cookies are on your website and how to find out. To help ensure compliance and a safe user experience, cookies are a necessary item to have on your website and if you embed content from other sites, it’s important to know what those embeds are doing to your users.

You can view all the cookies your website delivers simply by using developer mode on your web browser, a browser extension, or a website service that’ll scan your site for you.

Once you know, you can start making the critical decision of balancing information gathering, security, and user experience for your website visitors.