Website Privacy Validation (5/6): Where are new and/or unapproved cookies and technologies showing up on my website?

If you’ve followed along with our privacy validation series, you know that we've discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, and whether or not the consent management platform (CMP) is respecting user preferences. The next thing you should ask is, “Where are new and/or unapproved cookies and tags showing up on my website?”

Essentially, you want to see changes as they occur over time, detect new technologies if and when they appear on your website, and decide whether to add them to your approved list or take steps to remove them from your site.

Once again, we used ObservePoint to run an Audit of OneTrust.com, our example website for this series. We ran a standard 1000-page discovery audit and created a consent category to denote all  cookies and tags detected as “approved.”

We then waited a month and ran the Audit again, applying that consent category to see if anything beyond the original approved list surfaced since the previous run. In the reports, you can see that the Audit found 8 new cookies and 4 new tags that were not on the original standards list.

As you drill into “unapproved” cookies, you might find some that are unfamiliar to you. These should be reviewed further to determine purpose and ownership, and may need to be removed from the website.

Others might be immediately recognizable, like those from newly-published subdomains or a MarTech tool that was recently implemented. In this example Audit, the “utm_key” cookie from the “trustweek.onetrust.com” domain could be related to an event OneTrust hosts that simply wasn’t live during the previous run. In this instance, they could add that to the approved list.

 

Once that cookie is added, then any time it shows up in the future it will no longer be flagged as new or unapproved. ObservePoint enables you to continuously curate your cookie categorization and “approved” lists, so you only get flagged when items are truly out-of-standard, allowing you to focus solely on the critical issues that ensure your website stays in compliance.

If you’d like to see how you could audit your own website to continuously monitor for new or unapproved cookies and tags, reach out to get a pre-recorded demo.

Read the next post in our Website Privacy Validation series: Are requests coming from unauthorized countries, regions, or domains?

Related Posts

ObservePoint Use Case Library

Discover 21 tips to improve your Adobe Analytics implementation and analytics data. Download your free copy.
Read More

Website Privacy (6/6): Are requests coming from unauthorized countries, regions, or domains?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, whether or not the consent management platform (CMP) is respecting user preferences, and where new or unapproved cookies are showing up on your site. The final question we address in this series is, “Are there network…
Read More

Website Privacy Validation (4/6): Does my CMP effectively respect all possible consent profiles?

If you’ve followed along with our privacy validation series, you know that we’ve checked for the presence of the privacy policy, the “do not sell/share” link, and the cookie consent banner tag. The next thing you should ask is, “Does my consent management platform (CMP) effectively block/allow specific cookies and tags based on user-specified consent preferences.” Essentially, you…
Read More

ObservePoint Use Case Library

Discover 21 tips to improve your Adobe Analytics implementation and analytics data. Download your free copy.
Read More

Website Privacy (6/6): Are requests coming from unauthorized countries, regions, or domains?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, whether or not the consent management platform (CMP) is respecting user preferences, and where new or unapproved cookies are showing up on your site. The final question we address in this series is, “Are there network…
Read More

Website Privacy Validation (4/6): Does my CMP effectively respect all possible consent profiles?

If you’ve followed along with our privacy validation series, you know that we’ve checked for the presence of the privacy policy, the “do not sell/share” link, and the cookie consent banner tag. The next thing you should ask is, “Does my consent management platform (CMP) effectively block/allow specific cookies and tags based on user-specified consent preferences.” Essentially, you…
Read More