What does it do?
Note that this test and the law is not limited to just ‘traditional’ web cookies – it also identifies Flash Cookies and may be extended eventually to detect HTML5 Local Storage too.
Why is it important?
From May 2011 a new privacy law came into effect across the EU. The law requires websites ask visitors for consent to use most web cookies.
How is it measured?
Sitebeam records all of the cookies it encounters as it explores your website, and detects cookies that could potentially be saved by other means. These are categorized wherever possible by the purpose that they serve.
Although this test awards a score, it does NOT affect any summary scores.
The score is based on the number of pages using cookies, and the type of cookies being used. Cookies which are recognized and are known to cause issues are penalized more harshly than those which are known to be relatively harmless. Some cookies are ambiguous in nature and this is also reflected in the score.
The following methods are used to discover HTTP cookies:
- Each page is loaded into a headless browser (essentially a real web browser, WebKit based).
- Any cookies set by this page are recorded and logged by their domain.
iframefound on the page is downloaded and the above process repeated. The resulting cookies count against the top level page, not the iframe.
- For efficiency, some widely used URLs are not tested (e.g. the URLs for a Facebook Like button, which is an iframe). This is purely to remove the need to test additional iframes that are known in advance.
- All frames are only downloaded once – that is, if an iframe is used multiple times it will only be loaded once (again, to maximize testing speed).
My website is not subject to this law
We only recommend using this test for sites where the EU law applies. It is not currently part of our standard reports and only appears when requested explicitly.
I use analytics, and this is penalized
Under our current understanding of the law, cookie based analytics is prohibited without express user consent first. See for example how the ICO (the UK regulator for this law) requires permission to use them on their website. There is debate on this issue and the ICO have also said they are hugely unlikely to prosecute anyone for using analytics.
Cookies are only noted for the HTML pages tested within the URLs specified. Cookies set when a form is submitted – e.g. following a login – cannot be detected.
How to use this test effectively
This test currently intended to help you understand the cookies used by a given website, in preparation for compliance with the new EU law, or to test any solutions you might have implemented. Read more on the cookie law.