Secure Privacy's website scanner automatically detects cookies, trackers, and third-party services running on your site — classifying each into a consent category and generating a compliance score. This guide explains how to run manual scans, configure scan settings, read your results, and set up automated scheduled scanning to keep your cookie declarations accurate over time.
Who Is This For?
Website administrators running and configuring Secure Privacy scans for their domains
Compliance teams reviewing scan results, cookie inventories, and compliance scores
Developers setting up automated scanning schedules and allowlisting the scanner in firewalls or WAFs
How the Secure Privacy Scanner Works
The scanner visits your website pages like a real browser — executing JavaScript, loading resources, and cataloging everything it finds:
First-party cookies set by your domain
Third-party cookies set by external services such as analytics tools, ad networks, and social widgets
Local storage and session storage entries
Tracking pixels and beacon requests
Third-party scripts loaded on your pages
Each detected item is automatically classified into a consent category: Essential, Analytics, Marketing, Preferences, or Social Media.
How to Run a Manual Scan
Before you start
Ensure your domain is registered in the Secure Privacy dashboard and the installation script is active on your site before running a scan.
Steps
Log in to your Secure Privacy dashboard.
Navigate to Websites and select your domain.
Click the Scan tab.
Click Start Scan.
Wait 2–10 minutes for the scan to complete — time varies depending on page count.
Tip: After making significant changes to your website — such as adding new marketing tags, integrating a new analytics provider, or redesigning pages — always run a manual scan to catch newly introduced cookies.
Configuring Scan Settings
Pages to scan
By default, the scanner crawls your sitemap and follows internal links. You can customize this behavior:
Include specific pages: Add URLs the scanner should always check — useful for key compliance pages that may not be in the sitemap.
Exclude pages: Add URLs or patterns to skip — for example,
/admin/or/staging/.
Scan depth
Level |
What It Covers |
Best For |
|---|---|---|
Level 1 |
Homepage only |
Quick spot-checks |
Level 2 |
Homepage + directly linked pages |
Small sites |
Level 3 |
Three levels deep |
Most websites (recommended) |
Full Crawl |
All discoverable pages |
Comprehensive compliance audits |
Understanding Scan Results
Cookie inventory
After a scan completes, you will see a detailed cookie inventory showing the following fields for each detected item:
Field |
What It Shows |
|---|---|
Name |
The cookie identifier |
Domain |
Which domain sets the cookie |
Category |
Auto-assigned consent category |
Duration |
How long the cookie persists |
Description |
What the cookie is used for |
Compliance score
Your compliance score is calculated based on four factors:
Categorization completeness — Are all detected cookies properly categorized?
Essential cookie accuracy — Are essential cookies correctly identified and marked?
Pre-consent blocking — Are non-essential cookies blocked before visitor consent is given?
Declaration accuracy — Does your published cookie declaration match what the scanner detected?
Setting Up Automatic Scheduled Scans
Automated scanning catches new cookies introduced by site updates without requiring manual intervention — keeping your cookie declarations current between planned reviews.
Go to Scan Settings > Schedule.
Choose your scan frequency: Weekly (recommended), Bi-weekly, or Monthly.
Select your preferred day and time for the scan to run.
Enable email notifications to receive a summary when each scan completes.
Recommendation: Weekly scanning is advised for sites that frequently update content, add new third-party integrations, or run active marketing campaigns.
Allowlisting the Secure Privacy Scanner
If your website is protected by a firewall, CDN, or WAF, the scanner may be challenged or blocked — resulting in incomplete scan results. Contact [email protected] to request the current list of scanner IP addresses to allowlist in your security configuration.
Post-Scan Checklist
After every scan, review the following to maintain an accurate and compliant cookie configuration:
Assign categories to any unclassified cookies detected in the inventory.
Update cookie descriptions for accuracy and visitor transparency.
Verify that essential cookies are correctly marked and no non-essential cookies are in the Essential category.
Confirm that marketing and analytics cookies are blocked until consent is given.
Update your published cookie policy to reflect any new cookies or services found in the scan.
Frequently Asked Questions
How often should I run a website scan?
Weekly automated scanning is recommended for most websites. Additionally, trigger a manual scan whenever you make significant changes — such as adding new marketing tags, installing plugins, updating your CMS, or integrating new analytics or advertising services — to catch any newly introduced cookies immediately.
What does it mean if a cookie is marked as "unclassified"?
An unclassified cookie is one that Secure Privacy's automatic classification engine was unable to match to a known service in its database. You should review unclassified cookies manually — identify what service or script is setting them and assign the correct consent category in the Classification tab. Unclassified cookies can affect your compliance score and may not be correctly blocked until categorized.
Why might the scanner not detect all cookies on my site?
The scanner may miss cookies that are only set after specific user interactions, behind authentication, or on pages not reachable from your sitemap or internal links. Use the Include Pages setting to add any critical pages manually, and consider the Scan Behind Login feature for Enterprise accounts if authenticated pages need to be scanned.