Staying GDPR-compliant isn't just about displaying a cookie banner — it's about making sure every cookie, tracking pixel, iframe, and third-party script on your site is correctly identified, categorised, and controlled. When those classifications are wrong or incomplete, your consent management platform serves up a banner that doesn't match what's actually running in the background, which exposes your business to regulatory risk.
Many teams try to manage this manually — hunting through browser dev tools, maintaining spreadsheets of cookie names and expiry dates, and guessing at which consent category each tracker belongs to. It's time-consuming, error-prone, and almost impossible to keep current as your site evolves. Others rely on a generic cookie consent solution that auto-classifies everything at the account level, only to find that individual domains in their portfolio have unique tracking requirements that a one-size-fits-all configuration can't accommodate.
Secure Privacy's domain-level Classification page solves this cleanly. It gives you a structured, per-domain view of every detected cookie, pixel, iframe, and service — and lets you align each one to the correct consent category without overriding your account-wide defaults where they aren't needed.
By the end of this guide you will be able to: review all detected tracking technologies for a specific domain, assign or correct their GDPR consent categories, manually register custom cookies and pixels not caught by the automated scanner, and ensure your cookie declaration accurately reflects what runs on your site.
Who Is This Guide For?
This guide is for website owners, privacy compliance managers, and developers who are already using Secure Privacy and need to fine-tune cookie consent classification at the individual domain level. It is particularly relevant if you:
Manage multiple domains with different tracking setups under one Secure Privacy account
Need to manually add cookies or pixels that the automated scanner did not detect
Want to ensure your cookie declaration accurately lists all marketing, analytics, and necessary cookies for a specific site
Are preparing for a GDPR, CCPA, or ePrivacy audit and need precise per-domain consent category mapping
Important: Account-wide classification settings always override domain-level settings. If a cookie, pixel, or service is configured at the account level, changes made here at the domain level will not take effect for those items. For purely domain-specific tracking elements, domain-level classification gives you full control.
Getting Started: Accessing Domain-Level Classification
To begin classifying or recategorising cookies, pixels, iframes, or services for a specific domain, follow these steps.
Step 1 — Select Your Domain
Log in to your Secure Privacy dashboard and open the Domains tab. Click the domain you want to configure.
Select a domain from the Domains tab to open its configuration page.
Step 2 — Open the Classification Tab
Once inside the domain page, click the Classification tab. This reveals all detected cookies, pixels, iframes, and services for the domain, along with their current consent category assignments.
The Classification tab provides a full breakdown of detected tracking technologies for the selected domain.
Recommendation: Before changing consent categories, review the detected items with your legal team to confirm that the classifications align with your business needs and applicable data protection obligations — particularly under GDPR and ePrivacy rules.
Classification — Cookies Tab: Managing GDPR Cookie Categories
The Cookies tab lists every cookie detected on your website — both account-level cookies (shared across all your domains) and domain-specific cookies. Account-level cookies are marked with a distinct icon so you can distinguish them from domain-only entries.
The Cookies tab shows all detected cookies, their consent categories, and whether they are configured at the account or domain level.
Adding a Custom Cookie
If a cookie was not automatically detected during the scan — for example, a first-party cookie set by a custom in-house script — click Add Cookie to register it manually. You can configure the following fields:
Cookie Name: The name identifier for the cookie (as it appears in the browser).
Host: The domain that sets the cookie.
Category: The GDPR consent category — Necessary, Analytics, Marketing, or Preferences (configured via the Services tab).
Service Name: The service or vendor associated with this cookie.
Expiry: The cookie expiration date or duration (e.g., 1 year, session).
Description: A plain-language description of the cookie's purpose, available in multiple languages for multilingual cookie declarations.
Any custom cookie you add here will be applied to this domain and will appear in the scan report and publicly visible cookie declaration after your next rescan on the Scan Report page.
Classification — Pixels Tab: Classifying Tracking Pixels for Consent
The Pixels tab displays all tracking pixels detected on your website — including account-level and domain-level pixels. Tracking pixels (such as the Meta Pixel, Google Ads conversion tag, or LinkedIn Insight Tag) typically require prior user consent under GDPR before they may fire.
All detected tracking pixels are listed here, with options to classify or manually add custom pixel entries.
Adding a Custom Pixel
To register a pixel not detected by the automated scan, click Add Pixel and provide the following:
Source URL: The URL from which the pixel is loaded.
Service Name: The advertising or analytics service associated with this pixel.
Custom pixel entries will appear in the scan report and cookie declaration after your next rescan on the Scan Report page.
Classification — Iframes Tab: Managing Third-Party Embedded Content
The Iframes tab displays all detected iframes for your domain — including custom and account-level entries. Embedded third-party content such as YouTube videos, Google Maps, or Vimeo players can set cookies and process personal data, and typically requires user consent before loading.
The Iframes tab lists all embedded third-party content detected on your domain that may require prior consent.
Adding a Custom Iframe
Click Add Iframe to manually register an embedded content source. Configure the following fields:
Source: The URL source of the iframe content (e.g.,
https://www.youtube.com/embed/).Service Name: The service associated with this iframe (e.g., YouTube, Google Maps).
The Add Iframe dialog lets you register a custom embedded content source and link it to a service.
Classification — Services Tab: Grouping Cookies and Scripts by Consent Category
The Services tab gives you a full overview of all services detected for your domain, including those configured at the account level. Services are the backbone of your consent structure — they group related cookies, pixels, and scripts under a single vendor or tool and assign them a shared consent category (Necessary, Analytics, Marketing, or Preferences).
The Services tab organises all tracking technologies under named services, each with a defined GDPR consent category.
Editing a Service
To edit a service, click the three-dot menu (⋮) next to the service entry and select Edit. You can configure the following:
Service Name: The display name shown to visitors in the cookie consent banner and declaration (e.g., "Google Analytics", "Meta Pixel").
Category: The consent category assigned to this service — Necessary, Analytics, Marketing, or Preferences.
Script Type and Source: The script type and its source URL. If a service loads from multiple sources, separate each URL with a comma.
Privacy Policy Link: A direct link to the service provider's privacy policy, displayed in the cookie declaration for transparency.
The Edit Service dialog lets you define the service name, consent category, script sources, and a link to the vendor's privacy policy.
Note: Ensure all service configurations accurately reflect your business requirements and have been reviewed by your legal team. Correct classification of cookies, pixels, iframes, and services is essential for maintaining GDPR-compliant consent management across your digital properties.
Troubleshooting Common Classification Issues
My custom cookie isn't appearing in the cookie declaration.
Custom entries only appear after a rescan. Go to the Scan Report page and trigger a new scan to update the declaration.
I changed a consent category at the domain level, but it isn't taking effect.
Account-level settings override domain-level settings. If the item is configured at the account level, you will need to adjust it there instead.
A cookie or pixel I added is showing under the wrong service.
Open the Services tab, edit the relevant service, and verify the script sources and category. Then re-add the cookie or pixel and select the correct service from the dropdown.
My scan isn't detecting a known third-party script.
Some scripts load conditionally or are injected after initial page load. Use the Cookies, Pixels, or Iframes tabs to add these entries manually and assign them to the correct service and consent category.
Frequently Asked Questions
What is cookie classification and why does it matter for GDPR?
Cookie classification is the process of assigning each cookie, pixel, iframe, or script on your website to a consent category — Necessary, Analytics, Marketing, or Preferences. Under GDPR and ePrivacy rules, visitors must have meaningful, category-level control over non-essential tracking. Correct classification ensures your cookie banner reflects what actually runs on your site, keeping your consent management legally defensible.
What is the difference between account-level and domain-level classification?
Account-level classification applies settings across all domains in your Secure Privacy account and always takes precedence. Domain-level classification lets you fine-tune individual cookies, pixels, iframes, and services for a specific website — ideal when different domains in your portfolio have different tracking setups.
Can I add a cookie that Secure Privacy didn't automatically detect?
Yes. In the Classification → Cookies tab, click Add Cookie to manually register any cookie. You can specify the name, host, consent category, associated service, expiry, and a multilingual description. It will appear in your scan report and cookie declaration after the next rescan.
Do tracking pixels and iframes also need user consent under GDPR?
Yes. Tracking pixels (such as the Meta Pixel or Google Ads tag) and embedded iframes (such as YouTube or Google Maps) can process personal data and set cookies. They typically require prior user consent under GDPR unless strictly necessary. Secure Privacy lets you classify and block these technologies until consent is given.
How do the Necessary, Analytics, and Marketing consent categories work?
Necessary cookies are always active — they are required for the site to function. Analytics cookies measure performance and usage. Marketing cookies track visitors for advertising purposes. Visitors can accept or reject each non-necessary category through the cookie consent banner, and Secure Privacy enforces those choices automatically.
How often should I rescan after making classification changes?
Rescan whenever you add new third-party scripts, pixels, or integrations, or after any major site update. Each rescan updates your cookie declaration to reflect the latest classifications, keeping it accurate for both visitors and regulators.
Related Articles
How to Configure Account-Level Cookie Classification[?]
Consent Categories Explained: Necessary, Analytics, Marketing, and Preferences[?]