@consenttheater/playbill 0.3.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -6
- package/dist/actors/advertising.json +426 -20
- package/dist/actors/analytics.json +317 -23
- package/dist/actors/consent.json +1 -2
- package/dist/actors/data_leak.json +3 -24
- package/dist/actors/fingerprinting.json +2 -4
- package/dist/actors/functional.json +855 -5
- package/dist/actors/marketing.json +360 -16
- package/dist/actors/security.json +23 -2
- package/dist/actors/session_recording.json +3 -2
- package/dist/actors/social.json +1 -2
- package/package.json +5 -5
|
@@ -1,14 +1,19 @@
|
|
|
1
1
|
{
|
|
2
2
|
"category": "security",
|
|
3
3
|
"description": "Bot detection, CAPTCHA, CSRF protection, fraud prevention, DDoS mitigation",
|
|
4
|
-
"stats": { "cookies":
|
|
4
|
+
"stats": { "cookies": 65, "domains": 47, "companies": 47 },
|
|
5
5
|
"cookies": {
|
|
6
6
|
"AEC": { "company": "Google", "service": "Google", "category": "security", "description": "Ensures requests within a browsing session are made by the user and not by other sites", "consent_burden": "minimal", "lifetime": "6 months", "docs_url": "https://policies.google.com/technologies/cookies" },
|
|
7
|
+
"CMSCsrfCookie": { "company": "Kentico", "service": "Kentico", "category": "security", "consent_burden": "minimal", "description": "Store's a security token that the system uses to validate all form data submitted via POST requests. Helps protect against Cross site request forgery.", "lifetime": "session", "docs_url": "https://xperience.io/policies/privacy-policy" },
|
|
7
8
|
"G_AUTHUSER_H": { "company": "Google", "service": "Google Sign-In", "category": "security", "description": "Google multi-account sign-in cookie indicating which logged-in account to use for embedded services", "consent_burden": "minimal", "lifetime": "2 years", "docs_url": "https://policies.google.com/technologies/cookies" },
|
|
9
|
+
"Host-ERIC_PROD-": { "company": "Salesforce", "service": "Salesforce", "category": "security", "consent_burden": "minimal", "description": "Enterprise Request Infrastructure Cookie (ERIC) carries the cross-site request forgery (CSRF) security token between the server and the client. The cookie name indicates the server mode (PROD or PRODDEBUG) and a random number. A different token is generated for each Lightning app.", "lifetime": "1 minute", "docs_url": "https://www.salesforce.com/company/privacy/" },
|
|
10
|
+
"INDEED_CSRF_TOKEN": { "company": "Indeed", "service": "Indeed", "category": "security", "consent_burden": "minimal", "description": "This cookie is used by Cloudflare to identify trusted web traffic.", "lifetime": "Session", "docs_url": "https://www.indeed.com/legal" },
|
|
8
11
|
"NID": { "company": "Google", "service": "Google", "category": "security", "description": "Google NID cookie storing preferences and CAPTCHA verification for reCAPTCHA and Google services", "consent_burden": "contested", "lifetime": "6 months", "note": "While categorized by Google as 'preferences', this cookie enables cross-site user identification", "docs_url": "https://policies.google.com/technologies/cookies" },
|
|
9
12
|
"RT": { "company": "Akamai", "service": "Akamai mPulse", "category": "security", "description": "Akamai mPulse real user monitoring round-trip time cookie for performance measurement", "consent_burden": "minimal", "lifetime": "7 days", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
|
|
10
13
|
"TS*": { "company": "F5", "service": "F5 Shape Security", "category": "security", "description": "F5 Shape Security bot defense cookie for traffic classification and fraud prevention", "consent_burden": "contested", "pattern": true, "lifetime": "session", "docs_url": "https://www.f5.com/company/policies/privacy-notice" },
|
|
14
|
+
"ZCAMPAIGN_CSRF_TOKEN": { "company": "ZOHO", "service": "ZOHO", "category": "security", "consent_burden": "minimal", "description": "This cookie is used to distinguish between humans and bots.", "lifetime": "session", "docs_url": "https://www.zoho.com/privacy.html" },
|
|
11
15
|
"_GRECAPTCHA": { "company": "Google", "service": "reCAPTCHA", "category": "security", "description": "Google reCAPTCHA challenge token — sets third-party cookie on google.com, leaking visitor IP and behavior data to Google", "consent_burden": "contested", "lifetime": "6 months", "note": "Despite being 'security', this cookie enables Google cross-site tracking. Privacy alternatives: hCaptcha, Friendly Captcha, Cloudflare Turnstile", "docs_url": "https://developers.google.com/recaptcha/docs/faq" },
|
|
16
|
+
"__AntiXsrfToken": { "company": "Microsoft", "service": "Azure / Microsoft", "category": "security", "consent_burden": "minimal", "description": "This cookie is used to prevent Cross-site request forgery (often abbreviated as CSRF) attacks of the website. CSRF attacks exploit the trust that a site has in a user's browser.", "lifetime": "session", "docs_url": "https://account.microsoft.com/privacy" },
|
|
12
17
|
"__Host-GAPS": { "company": "Google", "service": "Google Accounts", "category": "security", "description": "Google Account Protection Service cookie preventing cross-site request attacks on Google accounts", "consent_burden": "minimal", "lifetime": "2 years", "docs_url": "https://policies.google.com/technologies/cookies" },
|
|
13
18
|
"__Secure-ROLLOUT_TOKEN": { "company": "Google", "service": "YouTube / Google", "category": "security", "description": "Google A/B testing rollout token set on third-party domain — tracks feature flag assignments across sites", "consent_burden": "contested", "lifetime": "session", "note": "Third-party cookie from youtube.com/google.com used for experiment bucketing — leaks browsing context to Google", "docs_url": "https://policies.google.com/technologies/cookies" },
|
|
14
19
|
"__cf_bm": { "company": "Cloudflare", "service": "Cloudflare Bot Management", "category": "security", "description": "Identifies and distinguishes between humans and bots to mitigate automated abuse", "consent_burden": "minimal", "lifetime": "30 minutes", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
|
|
@@ -16,6 +21,7 @@
|
|
|
16
21
|
"__cflb": { "company": "Cloudflare", "service": "Cloudflare Load Balancing", "category": "security", "description": "Cloudflare load balancer affinity cookie for routing requests to the same backend server", "consent_burden": "minimal", "lifetime": "24 hours", "docs_url": "https://developers.cloudflare.com/load-balancing/understand-basics/session-affinity/" },
|
|
17
22
|
"__cfruid": { "company": "Cloudflare", "service": "Cloudflare", "category": "security", "description": "Cloudflare cookie for rate limiting identification to prevent denial-of-service attacks", "consent_burden": "minimal", "lifetime": "session", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
|
|
18
23
|
"__ddg1_": { "company": "DuckDuckGo", "service": "DuckDuckGo", "category": "security", "description": "DuckDuckGo first-party cookie for preventing automated abuse while preserving privacy", "consent_burden": "minimal", "lifetime": "1 year", "docs_url": "https://duckduckgo.com/privacy" },
|
|
24
|
+
"__eoi": { "company": "Google", "service": "Google AdSense", "category": "security", "consent_burden": "minimal", "description": "This cookie is used for security authenticate users, prevent fraud, and protect users as they interact with a service.", "lifetime": "3 Months", "docs_url": "https://business.safety.google/privacy/" },
|
|
19
25
|
"__imp_apg_r_*": { "company": "Imperva", "service": "Imperva (Incapsula) Bot Protection", "category": "security", "description": "Imperva/Incapsula bot mitigation cookie for WAF and DDoS protection", "consent_burden": "contested", "pattern": true, "lifetime": "session", "docs_url": "https://www.imperva.com/trust-center/privacy-statement/" },
|
|
20
26
|
"_abck": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager cookie for advanced bot detection using behavioral analysis", "consent_burden": "contested", "lifetime": "1 year", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
|
|
21
27
|
"_cfuvid": { "company": "Cloudflare", "service": "Cloudflare", "category": "security", "description": "Cloudflare unique visitor ID cookie for rate limiting per-visitor rather than per-IP", "consent_burden": "minimal", "lifetime": "session", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
|
|
@@ -26,28 +32,42 @@
|
|
|
26
32
|
"_pxde": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Bot Defense", "category": "security", "description": "PerimeterX/HUMAN debug-state cookie companion to _px3/_pxvid for bot detection", "consent_burden": "minimal", "lifetime": "session", "docs_url": "https://www.humansecurity.com/privacy" },
|
|
27
33
|
"_pxhd": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Bot Defense", "category": "security", "description": "PerimeterX/HUMAN bot detection cookie storing browser fingerprint data", "consent_burden": "contested", "lifetime": "1 year", "docs_url": "https://www.humansecurity.com/privacy" },
|
|
28
34
|
"_pxvid": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Bot Defense", "category": "security", "description": "PerimeterX/HUMAN visitor identifier cookie for bot risk assessment", "consent_burden": "contested", "lifetime": "1 year", "docs_url": "https://www.humansecurity.com/privacy" },
|
|
35
|
+
"a0_users:sess": { "company": "Auth0", "service": "Auth0", "category": "security", "consent_burden": "minimal", "description": "Used for CSRF protection in Classic Universal Login flows.", "lifetime": "session" },
|
|
36
|
+
"a0_users:sess.sig": { "company": "Auth0", "service": "Auth0", "category": "security", "consent_burden": "minimal", "description": "Used for CSRF protection in Classic Universal Login flows.", "lifetime": "session" },
|
|
37
|
+
"aboutads_sessNNN": { "company": "Google", "service": "Google AdSense", "category": "security", "consent_burden": "minimal", "description": "This cookie is used for security authenticate users, prevent fraud, and protect users as they interact with a service.", "lifetime": "30 minutes", "docs_url": "https://business.safety.google/privacy/" },
|
|
29
38
|
"ak_bmsc": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager session cookie for distinguishing human from bot traffic", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
|
|
30
39
|
"arkose_token": { "company": "Arkose Labs", "service": "Arkose Labs Bot Detection", "category": "security", "description": "Arkose Labs fraud prevention token cookie for CAPTCHA challenge verification", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://www.arkoselabs.com/privacy-policy/" },
|
|
40
|
+
"aws-waf-token": { "company": "Amazon Web Services", "service": "AWS WAF", "category": "security", "consent_burden": "minimal", "description": "AWS WAF (Web Application Firewall) bot-control and challenge token cookie used to verify legitimate traffic and mitigate automated abuse", "lifetime": "session", "docs_url": "https://docs.aws.amazon.com/waf/latest/developerguide/waf-tokens.html" },
|
|
31
41
|
"bm_mi": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager machine identity cookie for advanced device fingerprinting", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
|
|
32
42
|
"bm_sv": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager session verification cookie for real-time bot scoring", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
|
|
33
43
|
"bm_sz": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager sizing cookie for recording client device capabilities for bot scoring", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
|
|
34
44
|
"castle_session_*": { "company": "Castle", "service": "Castle Account Security", "category": "security", "description": "Castle account security session cookie for device fingerprinting and anomaly detection", "consent_burden": "contested", "pattern": true, "lifetime": "session", "docs_url": "https://castle.io/privacy/" },
|
|
35
45
|
"cf_clearance": { "company": "Cloudflare", "service": "Cloudflare", "category": "security", "description": "Stores proof that a visitor has passed a Cloudflare challenge to avoid repeated challenges", "consent_burden": "minimal", "lifetime": "30 minutes", "note": "Functional security cookie, typically exempt from consent under GDPR Article 6(1)(f)", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
|
|
36
46
|
"cf_ob_info": { "company": "Cloudflare", "service": "Cloudflare Always Online", "category": "security", "description": "Cloudflare Always Online cookie storing origin error info for cached page delivery", "consent_burden": "minimal", "lifetime": "session", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
|
|
47
|
+
"csrf-canary": { "company": "Trustpilot", "service": "Trustpilot", "category": "security", "consent_burden": "minimal", "description": "These cookies are used by the TrustPilot service to identify you and enable you to leave reviews of our products and services. ", "lifetime": "session" },
|
|
48
|
+
"csrf_same_site": { "company": "X", "service": "X", "category": "security", "consent_burden": "minimal", "description": "These cookies enable us to track visitor activity from our X ads on our website, and also to allow users to share content from our websites. They cookies do not provide us with any confidential information relating to your account.", "lifetime": "2 years", "docs_url": "https://twitter.com/en/privacy" },
|
|
49
|
+
"csrf_same_site_set": { "company": "X", "service": "X", "category": "security", "consent_burden": "minimal", "description": "These cookies enable us to track visitor activity from our X ads on our website, and also to allow users to share content from our websites. They cookies do not provide us with any confidential information relating to your account.", "lifetime": "2 years", "docs_url": "https://twitter.com/en/privacy" },
|
|
37
50
|
"ct0": { "company": "X Corp", "service": "X (Twitter)", "category": "security", "description": "Stores a unique CSRF token to protect against cross-site request forgery on X/Twitter", "consent_burden": "minimal", "lifetime": "6 hours", "docs_url": "https://help.twitter.com/en/rules-and-policies/twitter-cookies" },
|
|
38
51
|
"datadome": { "company": "DataDome", "service": "DataDome Bot Protection", "category": "security", "description": "DataDome persistent bot protection cookie storing device fingerprint and risk score", "consent_burden": "contested", "lifetime": "1 year", "docs_url": "https://datadome.co/privacy-policy/" },
|
|
52
|
+
"devOverrideCsrfToken": { "company": "Salesforce", "service": "Salesforce", "category": "security", "consent_burden": "minimal", "description": "CSRF Token.", "lifetime": "session", "docs_url": "https://www.salesforce.com/company/privacy/" },
|
|
53
|
+
"gist_oauth_csrf": { "company": "GitHub", "service": "GitHub", "category": "security", "consent_burden": "minimal", "description": "This cookie is set by Gist to ensure the user that started the oauth flow is the same user that completes it.", "lifetime": "Deleted when oauth state is validated", "docs_url": "https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement" },
|
|
54
|
+
"hs-membership-csrf": { "company": "HubSpot", "service": "Hubspot", "category": "security", "consent_burden": "minimal", "description": "This cookie is used to ensure that content membership logins cannot be forged.", "lifetime": "session", "docs_url": "https://legal.hubspot.com/privacy-policy" },
|
|
55
|
+
"hubspotapi-csrf": { "company": "HubSpot", "service": "Hubspot", "category": "security", "consent_burden": "minimal", "description": "This is used for CSRF prevention - preventing third party websites from accessing your data. Expires after a year.", "lifetime": "1 year", "docs_url": "https://legal.hubspot.com/privacy-policy" },
|
|
56
|
+
"idccsrf": { "company": "Salesforce", "service": "Salesforce", "category": "security", "consent_burden": "minimal", "description": "Used for SSO authentication as CSRF protection.", "lifetime": "3 months", "docs_url": "https://www.salesforce.com/company/privacy/" },
|
|
39
57
|
"incap_ses_*": { "company": "Imperva", "service": "Imperva (Incapsula) Bot Protection", "category": "security", "description": "Incapsula session cookie for maintaining security state during a visit", "consent_burden": "contested", "pattern": true, "lifetime": "session", "docs_url": "https://www.imperva.com/trust-center/privacy-statement/" },
|
|
40
58
|
"kasada_*": { "company": "Kasada", "service": "Kasada Bot Defense", "category": "security", "description": "Kasada bot mitigation cookie for proof-of-work challenge verification", "consent_burden": "contested", "pattern": true, "lifetime": "session", "docs_url": "https://www.kasada.io/privacy-policy/" },
|
|
41
59
|
"nfp_*": { "company": "Netacea", "service": "Netacea Bot Management", "category": "security", "description": "Netacea bot management fingerprint cookie for distinguishing legitimate traffic from automated bots", "consent_burden": "contested", "pattern": true, "lifetime": "session", "docs_url": "https://www.netacea.com/privacy-policy/" },
|
|
42
60
|
"pxcts": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Bot Defense", "category": "security", "description": "PerimeterX/HUMAN counter cookie tracking client-side timestamps for bot risk scoring", "consent_burden": "minimal", "lifetime": "session", "docs_url": "https://www.humansecurity.com/privacy" },
|
|
43
61
|
"reese84": { "company": "F5", "service": "F5 Shape Security", "category": "security", "description": "F5 Shape Security bot detection cookie using telemetry data for automated threat classification", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://www.f5.com/company/policies/privacy-notice" },
|
|
62
|
+
"saml_csrf_token": { "company": "Github", "service": "GitHub", "category": "security", "consent_burden": "minimal", "description": "This cookie is set by SAML auth path method to associate a token with the client.", "lifetime": "Session", "docs_url": "https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement" },
|
|
44
63
|
"sb": { "company": "Meta", "service": "Facebook", "category": "security", "description": "Stores browser details for Facebook security and login verification", "consent_burden": "minimal", "lifetime": "2 years", "docs_url": "https://www.facebook.com/policies/cookies/" },
|
|
45
64
|
"shield_*": { "company": "Shield Security", "service": "Shield Security (WP)", "category": "security", "description": "Shield Security WordPress plugin cookie for login protection, bot blocking, and firewall state", "consent_burden": "minimal", "pattern": true, "lifetime": "session", "docs_url": "https://getshieldsecurity.com/privacy/" },
|
|
46
65
|
"sucuri_cloudproxy_uuid_*": { "company": "GoDaddy (Sucuri)", "service": "Sucuri WAF", "category": "security", "description": "Sucuri CloudProxy WAF session cookie for maintaining security state during traffic filtering", "consent_burden": "minimal", "pattern": true, "lifetime": "session", "docs_url": "https://sucuri.net/privacy/" },
|
|
47
66
|
"visid_incap_*": { "company": "Imperva", "service": "Imperva (Incapsula) Bot Protection", "category": "security", "description": "Incapsula visitor identifier for bot detection and security analysis", "consent_burden": "contested", "pattern": true, "lifetime": "1 year", "docs_url": "https://www.imperva.com/trust-center/privacy-statement/" },
|
|
48
67
|
"wfwaf-authcookie-*": { "company": "Defiant Inc.", "service": "Wordfence WAF", "category": "security", "description": "Wordfence WordPress WAF authentication cookie for bypassing firewall rules for logged-in admins", "consent_burden": "minimal", "pattern": true, "lifetime": "12 hours", "docs_url": "https://www.wordfence.com/help/firewall/optimizing-the-firewall/" },
|
|
49
68
|
"x-amz-captcha-1": { "company": "Amazon", "service": "Amazon Security", "category": "security", "description": "Amazon CAPTCHA verification cookie for bot protection during security challenges", "consent_burden": "minimal", "lifetime": "session", "docs_url": "https://www.amazon.com/gp/help/customer/display.html?nodeId=201890250" },
|
|
50
|
-
"x-amz-captcha-2": { "company": "Amazon", "service": "Amazon Security", "category": "security", "description": "Secondary Amazon CAPTCHA token for multi-step bot verification challenges", "consent_burden": "minimal", "lifetime": "session", "docs_url": "https://www.amazon.com/gp/help/customer/display.html?nodeId=201890250" }
|
|
69
|
+
"x-amz-captcha-2": { "company": "Amazon", "service": "Amazon Security", "category": "security", "description": "Secondary Amazon CAPTCHA token for multi-step bot verification challenges", "consent_burden": "minimal", "lifetime": "session", "docs_url": "https://www.amazon.com/gp/help/customer/display.html?nodeId=201890250" },
|
|
70
|
+
"xf_csrf": { "company": "Xenforo", "service": "Xenforo", "category": "security", "consent_burden": "minimal", "description": "This cookie is used to store a user's cross-site request forgery token, preventing other applications from making malicious requests on the user's behalf.", "lifetime": "1 year", "docs_url": "https://xenforo.com/privacy-policy/" }
|
|
51
71
|
},
|
|
52
72
|
"domains": {
|
|
53
73
|
"api-js.datadome.co": { "company": "DataDome", "service": "DataDome Bot Protection", "category": "security", "consent_burden": "contested", "docs_url": "https://datadome.co/privacy-policy/" },
|
|
@@ -90,6 +110,7 @@
|
|
|
90
110
|
"recaptcha.net": { "company": "Google", "service": "reCAPTCHA (CN)", "category": "security", "consent_burden": "contested", "note": "Google reCAPTCHA alternative domain used in regions where google.com is restricted", "docs_url": "https://www.google.com/recaptcha/about/" },
|
|
91
111
|
"service.mtcaptcha.com": { "company": "MTCaptcha", "service": "MTCaptcha Service", "category": "security", "consent_burden": "minimal", "docs_url": "https://www.mtcaptcha.com/privacy-policy" },
|
|
92
112
|
"ssl.google-analytics.com": { "company": "Google", "service": "Google Analytics SSL", "category": "security", "consent_burden": "contested", "note": "SSL endpoint for Google Analytics; may be used for consent verification", "docs_url": "https://policies.google.com/privacy" },
|
|
113
|
+
"stonly.com": { "company": "Stonly", "service": "Stonly", "category": "security", "consent_burden": "minimal", "docs_url": "https://stonly.com/privacy" },
|
|
93
114
|
"t.humansecurity.com": { "company": "HUMAN Security", "service": "HUMAN Security Tracking", "category": "security", "consent_burden": "contested", "docs_url": "https://www.humansecurity.com/privacy" },
|
|
94
115
|
"vercel.live": { "company": "Vercel", "service": "Vercel Web Analytics (Security)", "category": "security", "consent_burden": "minimal", "note": "Vercel edge middleware for bot protection and rate limiting", "docs_url": "https://vercel.com/legal/privacy-policy" },
|
|
95
116
|
"waf.sucuri.net": { "company": "GoDaddy (Sucuri)", "service": "Sucuri WAF", "category": "security", "consent_burden": "contested", "docs_url": "https://sucuri.net/privacy/" },
|
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
{
|
|
2
2
|
"category": "session_recording",
|
|
3
3
|
"description": "Heatmaps, session replays, screen recording, click tracking, scroll tracking",
|
|
4
|
-
"stats": { "cookies":
|
|
4
|
+
"stats": { "cookies": 71, "domains": 90, "companies": 53 },
|
|
5
5
|
"cookies": {
|
|
6
6
|
"ANONCHK": { "company": "Microsoft", "service": "Microsoft Clarity", "category": "session_recording", "description": "Indicates whether MUID is transferred to ANID, used for advertising purposes by Microsoft", "consent_burden": "contested", "lifetime": "10 minutes", "docs_url": "https://learn.microsoft.com/en-us/clarity/setup-and-installation/cookie-list" },
|
|
7
7
|
"CLID": { "company": "Microsoft", "service": "Microsoft Clarity", "category": "session_recording", "description": "Identifies the first time Clarity saw this user on any site using Clarity", "consent_burden": "contested", "lifetime": "1 year", "docs_url": "https://learn.microsoft.com/en-us/clarity/setup-and-installation/cookie-list" },
|
|
8
|
+
"QuantumMetricSessionID": { "company": "Quantum Metric", "service": "Quantum Metric Recording", "category": "session_recording", "description": "Quantum Metric session identifier used to stitch together session replay and experience analytics events for a single visit", "consent_burden": "required", "lifetime": "session", "docs_url": "https://www.quantummetric.com/legal/privacy-policy/" },
|
|
9
|
+
"QuantumMetricUserID": { "company": "Quantum Metric", "service": "Quantum Metric Recording", "category": "session_recording", "description": "Quantum Metric persistent visitor identifier linking session replays across visits for experience analytics", "consent_burden": "required", "lifetime": "1 year", "docs_url": "https://www.quantummetric.com/legal/privacy-policy/" },
|
|
8
10
|
"SM": { "company": "Microsoft", "service": "Microsoft Clarity", "category": "session_recording", "description": "Synchronizes the MUID across Microsoft domains for cross-site analytics", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://learn.microsoft.com/en-us/clarity/setup-and-installation/cookie-list" },
|
|
9
11
|
"__insp_uid": { "company": "Inspectlet", "service": "Inspectlet", "category": "session_recording", "description": "Unique Inspectlet user identifier for session replay and visitor segmentation", "consent_burden": "contested", "lifetime": "1 year", "docs_url": "https://www.inspectlet.com/legal" },
|
|
10
12
|
"__insp_wid": { "company": "Inspectlet", "service": "Inspectlet", "category": "session_recording", "description": "Inspectlet session recording window identifier for heatmap and funnel analytics", "consent_burden": "contested", "lifetime": "1 year", "docs_url": "https://www.inspectlet.com/legal" },
|
|
@@ -23,7 +25,6 @@
|
|
|
23
25
|
"_cs_mk_aa": { "company": "Contentsquare", "service": "Contentsquare", "category": "session_recording", "description": "Contentsquare Adobe Analytics integration cookie for cross-platform analytics correlation", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://contentsquare.com/privacy/" },
|
|
24
26
|
"_cs_s": { "company": "Contentsquare", "service": "Contentsquare", "category": "session_recording", "description": "Contentsquare session cookie for grouping page views into sessions for analysis", "consent_burden": "contested", "lifetime": "30 minutes", "docs_url": "https://contentsquare.com/privacy/" },
|
|
25
27
|
"_dd_replay_*": { "company": "Datadog", "service": "Datadog Session Replay", "category": "session_recording", "description": "Datadog session replay cookie — infrastructure monitoring tool recording browser sessions including DOM mutations and user interactions", "consent_burden": "required_strict", "pattern": true, "lifetime": "session", "docs_url": "https://www.datadoghq.com/legal/privacy/" },
|
|
26
|
-
"_fs_uid": { "company": "FullSession", "service": "FullSession Recording", "category": "session_recording", "description": "FullSession visitor identifier for session recording and interaction analytics", "consent_burden": "required", "lifetime": "1 year", "docs_url": "https://www.fullsession.io/privacy-policy" },
|
|
27
28
|
"_gcl_gs": { "company": "Google", "service": "Google Optimize", "category": "session_recording", "description": "Google Optimize session experiment cookie for maintaining A/B test variation assignment during a session", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://developers.google.com/optimize" },
|
|
28
29
|
"_gs_*": { "company": "Gainsight", "service": "Gainsight PX", "category": "session_recording", "description": "Gainsight PX product experience cookie for tracking feature adoption and user engagement patterns", "consent_burden": "required", "pattern": true, "lifetime": "1 year", "docs_url": "https://www.gainsight.com/privacy/" },
|
|
29
30
|
"_hjAbsoluteSessionInProgress": { "company": "Hotjar", "service": "Hotjar", "category": "session_recording", "description": "Detects the first pageview session of a user to control total session data tracking", "consent_burden": "contested", "lifetime": "30 minutes", "docs_url": "https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookie-Information" },
|
package/dist/actors/social.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"category": "social",
|
|
3
3
|
"description": "Social media embeds, sharing widgets, social login, social plugins",
|
|
4
|
-
"stats": { "cookies":
|
|
4
|
+
"stats": { "cookies": 73, "domains": 248, "companies": 132 },
|
|
5
5
|
"cookies": {
|
|
6
6
|
"APISID": { "company": "Google", "service": "Google Accounts", "category": "social", "description": "Google API session identifier for authenticating YouTube embeds and Google integrations", "consent_burden": "contested", "lifetime": "2 years", "docs_url": "https://policies.google.com/technologies/cookies" },
|
|
7
7
|
"GPS": { "company": "Google", "service": "YouTube", "category": "social", "description": "YouTube GPS cookie for recording geolocation data on mobile devices viewing embedded videos", "consent_burden": "required", "lifetime": "30 minutes", "docs_url": "https://policies.google.com/technologies/cookies" },
|
|
@@ -37,7 +37,6 @@
|
|
|
37
37
|
"at-rand": { "company": "Oracle", "service": "AddThis", "category": "social", "description": "AddThis randomized visitor identifier for social sharing analytics and ad network integration", "consent_burden": "required_strict", "lifetime": "2 years", "docs_url": "https://www.addthis.com/privacy" },
|
|
38
38
|
"bcookie": { "company": "LinkedIn", "service": "LinkedIn", "category": "social", "description": "LinkedIn browser identifier cookie for bot detection and security across embedded content", "consent_burden": "contested", "lifetime": "1 year", "docs_url": "https://www.linkedin.com/legal/l/cookie-table" },
|
|
39
39
|
"c_user": { "company": "Meta", "service": "Facebook", "category": "social", "description": "Stores the authenticated user ID for Facebook login sessions", "consent_burden": "contested", "lifetime": "90 days", "docs_url": "https://www.facebook.com/policies/cookies/" },
|
|
40
|
-
"csrftoken": { "company": "Meta", "service": "Instagram", "category": "social", "description": "Instagram CSRF protection token cookie for securing API requests from embedded widgets", "consent_burden": "minimal", "lifetime": "1 year", "docs_url": "https://help.instagram.com/519522125107875" },
|
|
41
40
|
"csv": { "company": "Reddit", "service": "Reddit", "category": "social", "description": "Reddit compact site view preference cookie for mobile-optimized rendering", "consent_burden": "minimal", "lifetime": "2 years", "docs_url": "https://www.redditinc.com/policies/cookies" },
|
|
42
41
|
"datr": { "company": "Meta", "service": "Facebook", "category": "social", "description": "Meta/Facebook browser identifier cookie for security and site integrity verification across Facebook services", "consent_burden": "required", "lifetime": "2 years", "docs_url": "https://www.facebook.com/policies/cookies/" },
|
|
43
42
|
"disqus_unique": { "company": "Disqus", "service": "Disqus", "category": "social", "description": "Disqus unique visitor identifier for comment system analytics and ad targeting", "consent_burden": "required", "lifetime": "1 year", "docs_url": "https://help.disqus.com/en/articles/1717155-use-of-cookies" },
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@consenttheater/playbill",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.5.0",
|
|
4
4
|
"description": "An open-source, tiered knowledge base of GDPR-relevant web trackers (cookies, domains, companies) with pure-function matching helpers. Each entry is tagged with the consent burden it creates under EU/GDPR rules — no verdicts, no risk scores. Standalone library for privacy auditors, compliance scanners, consent platforms, browser extensions, and research tools.",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "ConsentTheater",
|
|
@@ -10,9 +10,9 @@
|
|
|
10
10
|
"license": "AGPL-3.0-or-later",
|
|
11
11
|
"repository": {
|
|
12
12
|
"type": "git",
|
|
13
|
-
"url": "git+https://
|
|
13
|
+
"url": "git+https://codeberg.org/ConsentTheater/playbill.git"
|
|
14
14
|
},
|
|
15
|
-
"homepage": "https://
|
|
15
|
+
"homepage": "https://codeberg.org/ConsentTheater/playbill",
|
|
16
16
|
"keywords": [
|
|
17
17
|
"gdpr",
|
|
18
18
|
"privacy",
|
|
@@ -67,9 +67,9 @@
|
|
|
67
67
|
},
|
|
68
68
|
"devDependencies": {
|
|
69
69
|
"typescript": "^5.9.3",
|
|
70
|
-
"vitest": "^4.1.
|
|
70
|
+
"vitest": "^4.1.7"
|
|
71
71
|
},
|
|
72
72
|
"engines": {
|
|
73
|
-
"node": ">=
|
|
73
|
+
"node": ">=24.0.0"
|
|
74
74
|
}
|
|
75
75
|
}
|