Skip to main content

How to Find the Source of a Cookie

Written by Luiza Gircoveanu

Overview

Identifying the source of cookies is especially critical when working to ensure your websites are compliant with data privacy standards throughout the globe.

Cookies are set on a web page through two methods: network request response headers and JavaScript.

The fastest way to find a cookie's source is the Cookie Initiators feature. If the domain is part of an Audit or Journey, Cookie Initiators automatically surfaces who set a cookie, when, and via which method (Application Code, HTTP Response Header, ObservePoint Action, or Unknown) — directly from the Cookie Inventory Report, with no dev tools required.

The manual DevTools method below is still useful if:

  • You need to check a cookie on a page that isn't currently covered by an Audit or Journey, or

  • You want to inspect the live page yourself for ad-hoc debugging.

Note: It's critical to understand the persistent nature of cookies. Not every page where a cookie is present in a report is the page responsible for setting that cookie. Cookies can bleed from page to page, and ensuring you have set up Audits properly can help you avoid confusion and have clearer reporting.

1.Recommended Method: Use Cookie Initiators

  1. Open a completed Audit or Journey.

  2. Go to the Cookie Inventory Report (Audits) or the Cookies tab on a Journey Action.

  3. Select the cookie you're investigating.

  4. View its origin story — the initiator type, originating request, and associated technology.

See the full Cookie Initiators article for step-by-step screenshots.

2. DevTools Method: Cookies Set by Network Request Response Headers

To identify the source of a cookie that is set by network request response headers, follow the steps below.

  1. Open the dev console and navigate to the Application ribbon.

  2. Expand the Cookies drawer on the left-hand side and find the cookie you want to identify the source of.

  3. Right-click the cookie and select Show Requests With This Cookie.

  4. This will take you to the Network ribbon and apply a filter showing all requests that reference that cookie (not every request that references a cookie sets it).

  5. If no results turn up, the cookie was set via JavaScript — skip to Cookies Set by JavaScript below. Otherwise, go to the next step.

  6. Click through each network request and check the Response Headers for a set-cookie header. Not all requests will have one, but if they do, that request set a cookie on the page.

  7. Search through each request until you find the one containing the cookie you're looking for in the set-cookie header.

3. DevTools Method: Cookies Set by JavaScript

To identify the source of a cookie that is set by JavaScript, follow the steps below.

  1. Open the dev console and click the 3-dot menu icon in the top-right corner.

  2. Hover over More Tools and select Search.

  3. Use the search bar to search for the cookie name across all source code on the page.

  4. If multiple files appear, inspect each and look for document.cookie or cookies being assigned a value (e.g. cookie_name=abc123). This indicates that file is setting the cookie in question.

Conclusion

Whenever possible, use Cookie Initiators to identify a cookie's source — it gives you the initiator type, timing, and origin story automatically, without digging through DevTools. The manual methods above are there as a fallback for pages outside your Audits and Journeys, or for quick one-off checks. Together, these approaches give you full visibility into how and when cookies are set, so you can keep your site's cookie behavior aligned with privacy compliance requirements.

Did this answer your question?