Cookie Law test

What does it do?

Tests whether the website is in possible violation of the so-called Cookie Law (more formally, the “EU ePrivacy Law”) which came into effect from May 26th 2011. It also detects many common cookie law solutions and helps create a draft cookie policy for a website based on what is found.

Note that this test and the law is not limited to just ‘traditional’ web cookies – it also identifies Flash Cookies and may be extended eventually to detect HTML5 Local Storage too.

Example results

Example cookie law test results

Why is it important?

From May 2011 a new privacy law came into effect across the EU. The law requires websites ask visitors for consent to use most web cookies.

Nearly all websites use cookies, which are an extremely common technology for remembering anything about a visitor between webpages. Cookies are commonly used for login, remembering preferences, tracking visitors and more.

The new law is intended to regulate the use of cookies to protect user’s privacy, although it has been widely criticized. More on the law.

How is it measured?

Sitebeam records all of the cookies it encounters as it explores your website, and detects cookies that could potentially be saved by other means. These are categorized wherever possible by the purpose that they serve.

Although this test awards a score, it does NOT affect any summary scores.

The score is based on the number of pages using cookies, and the type of cookies being used. Cookies which are recognized and are known to cause issues are penalized more harshly than those which are known to be relatively harmless. Some cookies are ambiguous in nature and this is also reflected in the score.

Technical explanation

The following methods are used to discover HTTP cookies:

  • Each page is loaded into a headless browser (essentially a real web browser, WebKit based).
  • Any cookies set by this page are recorded and logged by their domain.
  • Every iframe found on the page is downloaded and the above process repeated. The resulting cookies count against the top level page, not the iframe.
  • For efficiency, some widely used URLs are not tested (e.g. the URLs for a Facebook Like button, which is an iframe). This is purely to remove the need to test additional iframes that are known in advance.
  • All frames are only downloaded once – that is, if an iframe is used multiple times it will only be loaded once (again, to maximize testing speed).
  • Flash Cookies are identified by checked the computed HTML for Flash. The computer HTML is the HTML resulting after the execution of any Javascript, so this method will detect Flash written out by script. However the headless browser itself cannot render Flash, so Flash detection scripts may not render the Flash as a result, and it won’t be seen by this test. The precise behavior depends on the website.

The score is based on the number of pages which appear to have cookies, definitely have cookies, and use cookies which are expressly prohibited.

Potential problems

My website is not subject to this law

We only recommend using this test for sites where the EU law applies. It is not currently part of our standard reports and only appears when requested explicitly.

I use analytics, and this is penalized

Under our current understanding of the law, cookie based analytics is prohibited without express user consent first. See for example how the ICO (the UK regulator for this law) requires permission to use them on their website. There is debate on this issue and the ICO have also said they are hugely unlikely to prosecute anyone for using analytics.

Website uses cookies, but Sitebeam doesn’t see them

Cookies are only noted for the HTML pages tested within the URLs specified. Cookies set when a form is submitted – e.g. following a login – cannot be detected.

How to use this test effectively

This test currently intended to help you understand the cookies used by a given website, in preparation for compliance with the new EU law, or to test any solutions you might have implemented. Read more on the cookie law.

Was this article helpful? Contact our support team if you have a question.