Cookie Governance

Monitor your cookies for functionality and privacy risks.

Cookies are fundamental to any web-based experience, whether used to store personal preferences, logged-in states, shopping carts, or to track visitor behavior, so you can optimize experiences. But, cookies need to be monitored for functionality and potential security risks. 

ObservePoint can automatically audit your cookies, so you know exactly what’s happening with them and when something deserves a closer look.

Cookie Governance
PepsiCo_logo
Dell_Logo
US-Bank-Logo
Vodafone_2017_logo.svg
2560px-Dropbox_logo_2017.svg

How many cookies are being set on your website?

As a first step in governing your cookies, you’ll need to know exactly how many cookies are on your site and what they’re being used for, so you can accurately classify and monitor them.

ObservePoint’s Cookie Inventory page shows you how many unique cookies were found during your Audit and a complete list of cookie names and domains. You’ll be able to scan for any cookies that seem unfamiliar and find out why they are there, who owns them, and where they are coming from.

Cookie List

How frequently is each cookie being set? Which pages do/don’t have each cookie?

Cookie set

Contextual information about your cookies might not be available from other tools such as a Consent Management Platform, which generally gives you a de-duped list of cookies without showing you where and or how often they are being placed.

ObservePoint provides details such as how many pages each cookie is set on and what those page URLs are.  

What percentage of cookies are third vs first-party?

Many browsers are blocking third-party cookies by default, so you’ll want to understand your site’s dependence on third-party technologies. If your percentage of third-party to first-party cookies is over a 50/50 split, then you might want to examine if you have too many. 

ObservePoint’s Cookie Inventory page shows you: both the total number of first and third-party cookies and which one each cookie is.

percent party cookies

Are any cookies Non-secure?

secure cookies

If a cookie is secure, it means that the cookie will only be sent over a secure channel, which can mitigate Man-In-The-Middle attacks. A non-secure cookie should be examined to see if it can be updated or to find out who controls it to ask those questions. Not every cookie needs to be secure, but you should be aware of which aren’t and why.

ObservePoint shows you the total number of Non-secure cookies and whether each listed cookie is secure or not.

Do any of your cookies have empty SameSite values?

SameSite can be used to instruct the browser to only send the cookie when the request is originating from the same site. This can mitigate cross-site request forgery attacks. Again, not every cookie should have a SameSite value, but it’s a best practice to not leave it empty.

The Cookie Inventory page reports the total number of empty SameSite values and which cookies they are.

SameSite

Do any cookies on my website have an HTTPOnly value of “false”?

httponly cookie

HTTPOnly means that the cookie can only be read by the server and not by JavaScript on the client or in the browser. Having this protect against cross-site scripting attacks.

The Cookie Inventory page in ObservePoint’s platform shows each cookie’s HTTPOnly status.

Are any of your cookies excessively large?

A cookie’s size doesn’t necessarily make it good or bad, but an excessively large cookie could indicate that there’s more information it might be collecting and passing on to third parties. You should examine large cookies to make sure you feel confident about the relationship you have with that vendor and technology.

In ObservePoint’s platform, the cookie size is an average because a specific cookie could be showing up on different pages. If you drill into specific pages, you can see the actual size on that page.

big cookie

Create your ObservePoint account and scan your website today!

No credit card required!

Start your trial of the full ObservePoint solution to see how you can scale and automate your web governance efforts.

  • Scan your webpages and schedule recurring Audits
  • Inventory campaign links and experience interruptions
  • Set up Rules to notify you when something changes
  • Share the results with your team to plan next steps 
  • And much, much more

Featured Content

6 Website Privacy Questions

Webinar

6 Website Privacy Questions You Should be Asking

9PointDataPrivacyAudit

Tip Sheet

9 Point Website Privacy Audit

FinningCaseStudy

Case Study

Finning Automates QA for Efficient and Secure Technology Deployment

ConsentManagementOP

PDF

Consent Management & ObservePoint