Cookie Scanner

Scan websites for cookies and third-party trackers using headless Chromium. Returns GDPR/ePrivacy/CCPA compliance assessments.

POST /api/cookie-scan

Security

~5s avg scan

API Key auth

GDPR/CCPA/ePrivacy

What It Does

The Cookie & Tracker Compliance Scanner performs a comprehensive audit of any website's cookie and tracking behavior. Using a headless Chromium browser, it navigates to the target URL, intercepts all network requests, and catalogs every cookie set during the session.

Each detected tracker is classified using a built-in database of known tracker domains, identifying analytics scripts, advertising pixels, social media widgets, and more. The API then evaluates compliance against major privacy regulations including GDPR, ePrivacy Directive, and CCPA.

Results include a compliance status (pass, warning, or fail) for each regulation, detailed breakdown of findings, and specific recommendations for addressing violations such as missing consent mechanisms, pre-consent cookie drops, and inadequate cookie policies.

Headless Browser Scanning

Real browser execution captures all JavaScript-set cookies

Tracker Classification

Categorizes by purpose using a built-in tracker database

Multi-Regulation Support

GDPR, ePrivacy Directive, and CCPA compliance checks

Actionable Reports

Specific recommendations for fixing compliance gaps

Code Examples

                curl -X POST https://api.atomicapis.dev/api/cookie-scan \\
  -H "X-RapidAPI-Proxy-Secret: YOUR_SECRET" \\
  -H "Content-Type: application/json" \\
  -d '{
    "url": "https://example.com",
    "timeout": 15000,
    "waitForIdle": true,
    "additionalWait": 2000
  }'
              

                const response = await fetch('https://api.atomicapis.dev/api/cookie-scan', {
  method: 'POST',
  headers: {
    'X-RapidAPI-Proxy-Secret': 'YOUR_SECRET',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    url: 'https://example.com',
    timeout: 15000,
    waitForIdle: true,
    additionalWait: 2000
  })
});

const result = await response.json();
console.log(`Total cookies: ${result.summary.totalCookies}, Trackers: ${result.summary.totalTrackers}`);
              

                import requests

response = requests.post(
    'https://api.atomicapis.dev/api/cookie-scan',
    headers={
        'X-RapidAPI-Proxy-Secret': 'YOUR_SECRET',
        'Content-Type': 'application/json'
    },
    json={
        'url': 'https://example.com',
        'timeout': 15000,
        'waitForIdle': True,
        'additionalWait': 2000
    }
)

result = response.json()
print(f"Total cookies: {result['summary']['totalCookies']}, Trackers: {result['summary']['totalTrackers']}")
              

                using System.Net.Http.Json;

var client = new HttpClient();
client.DefaultRequestHeaders.Add("X-RapidAPI-Proxy-Secret", "YOUR_SECRET");

var request = new
{
    url = "https://example.com",
    timeout = 15000,
    waitForIdle = true,
    additionalWait = 2000
};

var response = await client.PostAsJsonAsync(
    "https://api.atomicapis.dev/api/cookie-scan", 
    request
);

var result = await response.Content.ReadFromJsonAsync<CookieScanResult>();
Console.WriteLine($"Total cookies: {result.Summary.TotalCookies}, Trackers: {result.Summary.TotalTrackers}");
              

Request Parameters

Parameter	Type	Required	Description
`url`	string	Yes	The URL to scan for cookies and trackers.
`timeout`	integer	No	Timeout in milliseconds (5000-30000). Default: `15000`
`waitForIdle`	boolean	No	Wait for network idle before scanning. Default: `true`
`additionalWait`	integer	No	Additional wait time in milliseconds after page load (0-10000). Default: `2000`

Response Format

Example Response

{
  "url": "https://example.com",
  "summary": {
    "totalCookies": 8,
    "firstPartyCookies": 3,
    "thirdPartyCookies": 5,
    "totalTrackers": 4,
    "cookiesByCategory": {
      "Necessary": 2,
      "Analytics": 3,
      "Marketing": 2,
      "Unknown": 1
    }
  },
  "cookies": [
    {
      "name": "_ga",
      "domain": ".example.com",
      "path": "/",
      "secure": true,
      "httpOnly": false,
      "sameSite": "Lax",
      "expiresInDays": 730,
      "isFirstParty": true,
      "category": "Analytics",
      "knownService": "Google Analytics",
      "description": "Google Analytics client ID"
    }
  ],
  "trackers": [
    {
      "domain": "google-analytics.com",
      "category": "Analytics",
      "knownService": "Google Analytics",
      "requestCount": 3,
      "sampleUrls": ["https://www.google-analytics.com/analytics.js"]
    }
  ],
  "compliance": {
    "gdpr": {
      "status": "warning",
      "issues": ["No cookie consent banner detected", "Analytics cookies set without consent"],
      "recommendations": ["Implement a cookie consent mechanism"]
    },
    "eprivacy": {
      "status": "warning",
      "issues": ["Non-essential cookies set without consent"],
      "recommendations": ["Block non-essential cookies until consent is given"]
    },
    "ccpa": {
      "status": "pass",
      "issues": [],
      "recommendations": []
    }
  },
  "scanDurationMs": 5200.3
}

Response Fields

Field	Type	Description
`url`	string	The URL that was scanned
`summary`	object	Aggregated stats: totalCookies, firstPartyCookies, thirdPartyCookies, totalTrackers, cookiesByCategory
`cookies[]`	array	Detected cookies with name, domain, path, secure, httpOnly, sameSite, expiresInDays, isFirstParty, category, knownService, description
`trackers[]`	array	Third-party trackers with domain, category, knownService, requestCount, sampleUrls
`compliance`	object	Compliance assessment for gdpr, eprivacy, and ccpa -- each with status, issues, and recommendations
`scanDurationMs`	number	Time taken to complete the scan in milliseconds

Use Cases

GDPR Compliance

Ensure your website meets GDPR requirements for cookie consent, transparency, and user control before regulatory audits.

compliance.gdpr === "compliant"

Privacy Audits

Regular automated scanning to maintain compliance as your site evolves and new tracking technologies are introduced.

schedule: "weekly"

Consent Management

Validate that your consent management platform (CMP) is properly blocking non-essential cookies until user consent is obtained.

checkConsent: true

Build Constraints

Headless Chromium

Uses Puppeteer with headless Chrome for accurate JavaScript execution and cookie detection.

Network Interception

Intercepts all network requests to identify third-party trackers and their destinations.

Tracker Classification

Uses a built-in database of known tracker domains for accurate categorization.

Shared Infrastructure

Shares browser pool infrastructure with Screenshot API for efficient resource utilization.

Rate Limits & Timeouts

Deep scans may take up to 30 seconds depending on site complexity. Basic scans typically complete in 3-8 seconds. Rate limit: 10 requests/minute for free tier, 100/minute for pro.

Error Codes

Code	Status	Description
`400`	Bad Request	Invalid URL format or missing required parameters
`401`	Unauthorized	Invalid or missing API key
`403`	Forbidden	API key does not have access to this endpoint
`408`	Request Timeout	Scan exceeded maximum execution time (60s)
`422`	Unprocessable	URL could not be loaded (blocked, invalid SSL, etc.)
`429`	Rate Limited	Too many requests - retry after window
`500`	Server Error	Internal error - contact support

Ready to audit your website?

Start scanning for cookie compliance issues today.

Try for Free