CookieAudit will analyze a website while you navigate through it. It checks the consent popups' compliance with common Data Protection Regulations.
CookieAudit is built on CookieBlock. CookieBlock is a browser extension that is able to categorize cookies into different purposes ("Necessary", "Functionality", "Analytics" and "Advertising") using machine-learning technology. CookieAudit uses these capabilities to provide a developer, or really any curious mind, a tool for analyzing cookie-related behaviour of any website.
This extension has been built by members of the Information Security Group of the Computer Science Department at ETH Zürich, and was developed as part of the semester thesis "Extension for Auditing Consent Popups’ GDPR Compliance".
Currently CookieAudit is only available for chrome:
Instead of downloading the extension from the chrome extension store you can also build it locally. To do so follow these steps:
- Clone this repository
- Open Chrome and go to
Window > Extensions - Enable
Developer modeon the top right - Click
Load unpacked - Go to the cloned repository folder and select the folder
src/ - The CookieAudit extension should now be in the extensions bar of your Chrome browser
- Close all tabs
- Open the URL you want to scan in a new tab
- Accept necessary cookies only and browse the website. Explore as many subpages and functionality as possible to increase the scan accuracy.
The extension lists all cookies which were set by the website but weren't classified as necessary.
- (Optional) If the extension was able to read the consent notice (currently only Cookiebot and Onetrust are supported) you can start an advanced scan. This time, accept all cookies and navigate around the website for a second time.
CookieAudi will analyze all cookies this time. It spots different violations such as undeclared cookies and cookies which are in a potentially wrong category.
- End the scan
The extension will present you with a report listing all findings. To print the report, click "Export Summary",
then right-click > Print....
mockup/contains just an early version on how the extension might looksrc/source code for the CookieAudit extension
A detailed overview of the code in
src/and how it works can be found insrc/README.md
- Adding support for more CMPs. Instructions on how to do so are in
content/consentNotice.js. - Adding support for more languages. Currently the cookie banner is analyzed with keywords in
banner.js. Those keywords could be extended to provide a more accurate analysis. - Automatically conduct scans. Instead of having the user click through a website this could be automated and extended to multiple websites.