Cookie Inventory Report


The Cookie Inventory report provides insights into all cookies collected during the audit and their respective attributes. These insights are particularly relevant in respect to security and privacy, but apply more broadly as well.

Summary Metrics

In this section of the report you can see the following metrics displayed:

  • The # of pages scanned
  • The # of unique cookies
  • The # of unique 1st party cookies
  • The # of unique 3rd party cookies
  • The # of cookies with a secure attribute that equals false
  • The # of cookies with an undefined SameSite attribute

You can hover over any metric to see a tool-tip defining it and drill into any chart to see the latest run compared to all historical runs.


The Cookies table shows each unique cookie and the following attributes

  • Name
  • Domain
  • 1st/3rd Party - 1st-party cookies are directly created by the domain being visited. 3rd-party cookies are created by domains that are not the domain being visited. These are created by a different subdomain than the current subdomain being visited. 
  • Expiration Type
  • SameSite* - Controls whether or not a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks (CSRF).
  • Secure* - Indicates that the cookie is sent to the server only when a request is made with the https: scheme (except on localhost), and therefore, is more resistant to man-in-the-middle attacks.
  • HTTPONLY* - Forbids JavaScript from accessing the cookie.
  • Average Size (bytes)
  • Set on # of pages

*Source - Mozilla Developer Network

Note: In the 1st/3rd party cookie column, we identify 3rd party "owned" cookies which are cookies that are set by a different subdomain than the subdomain currently crawled.

Once you have filtered to a specific set of cookies, the table below will update and allow you to drill into a Page Details report for additional analysis.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us