@slashgear/gdpr-cookie-scanner 3.5.1 → 3.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (113) hide show
  1. package/CHANGELOG.md +106 -0
  2. package/CLAUDE.md +12 -1
  3. package/NEXT_STEPS.md +37 -3
  4. package/README.md +23 -0
  5. package/dist/analyzers/colour.d.ts +36 -0
  6. package/dist/analyzers/colour.d.ts.map +1 -0
  7. package/dist/analyzers/colour.js +75 -0
  8. package/dist/analyzers/colour.js.map +1 -0
  9. package/dist/analyzers/compliance.d.ts.map +1 -1
  10. package/dist/analyzers/compliance.js +24 -6
  11. package/dist/analyzers/compliance.js.map +1 -1
  12. package/dist/analyzers/tcf-decoder.d.ts +9 -0
  13. package/dist/analyzers/tcf-decoder.d.ts.map +1 -0
  14. package/dist/analyzers/tcf-decoder.js +123 -0
  15. package/dist/analyzers/tcf-decoder.js.map +1 -0
  16. package/dist/analyzers/wording.d.ts +1 -0
  17. package/dist/analyzers/wording.d.ts.map +1 -1
  18. package/dist/analyzers/wording.js +39 -0
  19. package/dist/analyzers/wording.js.map +1 -1
  20. package/dist/report/generator.d.ts +1 -2
  21. package/dist/report/generator.d.ts.map +1 -1
  22. package/dist/report/generator.js +80 -108
  23. package/dist/report/generator.js.map +1 -1
  24. package/dist/report/html.d.ts.map +1 -1
  25. package/dist/report/html.js +173 -4
  26. package/dist/report/html.js.map +1 -1
  27. package/dist/scanner/consent-modal.d.ts.map +1 -1
  28. package/dist/scanner/consent-modal.js +57 -39
  29. package/dist/scanner/consent-modal.js.map +1 -1
  30. package/dist/scanner/index.d.ts.map +1 -1
  31. package/dist/scanner/index.js +4 -0
  32. package/dist/scanner/index.js.map +1 -1
  33. package/dist/scanner/tcf.d.ts +9 -0
  34. package/dist/scanner/tcf.d.ts.map +1 -0
  35. package/dist/scanner/tcf.js +72 -0
  36. package/dist/scanner/tcf.js.map +1 -0
  37. package/dist/types.d.ts +26 -0
  38. package/dist/types.d.ts.map +1 -1
  39. package/docs/index.html +37 -49
  40. package/docs/reports/www.arte.tv/after-accept.png +0 -0
  41. package/docs/reports/www.arte.tv/after-reject.png +0 -0
  42. package/docs/reports/www.arte.tv/gdpr-report-arte.tv-2026-02-24.html +997 -0
  43. package/docs/reports/www.deezer.com/after-accept.png +0 -0
  44. package/docs/reports/www.deezer.com/after-reject.png +0 -0
  45. package/docs/reports/www.deezer.com/gdpr-report-deezer.com-2026-02-22.html +1667 -0
  46. package/docs/reports/www.impots.gouv.fr/after-accept.png +0 -0
  47. package/docs/reports/www.impots.gouv.fr/after-reject.png +0 -0
  48. package/docs/reports/www.impots.gouv.fr/gdpr-report-impots.gouv.fr-2026-02-22.html +751 -0
  49. package/docs/reports/www.leboncoin.fr/after-accept.png +0 -0
  50. package/docs/reports/www.leboncoin.fr/after-reject.png +0 -0
  51. package/docs/reports/www.leboncoin.fr/gdpr-report-leboncoin.fr-2026-02-22.html +764 -0
  52. package/docs/reports/www.netflix.com/after-accept.png +0 -0
  53. package/docs/reports/www.netflix.com/after-reject.png +0 -0
  54. package/docs/reports/www.netflix.com/gdpr-report-netflix.com-2026-02-23.html +1050 -0
  55. package/docs/reports/www.radiofrance.fr/after-accept.png +0 -0
  56. package/docs/reports/www.radiofrance.fr/after-reject.png +0 -0
  57. package/docs/reports/www.radiofrance.fr/gdpr-report-radiofrance.fr-2026-02-24.html +1145 -0
  58. package/package.json +1 -2
  59. package/src/analyzers/colour.ts +89 -0
  60. package/src/analyzers/compliance.ts +35 -10
  61. package/src/analyzers/tcf-decoder.ts +130 -0
  62. package/src/analyzers/wording.ts +44 -0
  63. package/src/report/generator.ts +92 -119
  64. package/src/report/html.ts +197 -4
  65. package/src/scanner/consent-modal.ts +64 -38
  66. package/src/scanner/index.ts +5 -0
  67. package/src/scanner/tcf.ts +80 -0
  68. package/src/types.ts +29 -0
  69. package/tests/analyzers/colour.test.ts +187 -0
  70. package/tests/analyzers/compliance.test.ts +102 -0
  71. package/tests/analyzers/tcf-decoder.test.ts +292 -0
  72. package/tests/analyzers/wording.test.ts +38 -0
  73. package/tests/scanner/button-classification.test.ts +32 -0
  74. package/docs/reports/github.com/after-accept.png +0 -0
  75. package/docs/reports/github.com/after-reject.png +0 -0
  76. package/docs/reports/github.com/gdpr-checklist-github.com-2026-02-22.md +0 -44
  77. package/docs/reports/github.com/gdpr-cookies-github.com-2026-02-22.md +0 -29
  78. package/docs/reports/github.com/gdpr-report-github.com-2026-02-22.md +0 -102
  79. package/docs/reports/github.com/gdpr-report-github.com-2026-02-22.pdf +0 -0
  80. package/docs/reports/gitlab.com/after-accept.png +0 -0
  81. package/docs/reports/gitlab.com/after-reject.png +0 -0
  82. package/docs/reports/gitlab.com/gdpr-checklist-gitlab.com-2026-02-22.md +0 -44
  83. package/docs/reports/gitlab.com/gdpr-cookies-gitlab.com-2026-02-22.md +0 -55
  84. package/docs/reports/gitlab.com/gdpr-report-gitlab.com-2026-02-22.md +0 -200
  85. package/docs/reports/gitlab.com/gdpr-report-gitlab.com-2026-02-22.pdf +0 -0
  86. package/docs/reports/gitlab.com/modal-initial.png +0 -0
  87. package/docs/reports/npmjs.com/after-accept.png +0 -0
  88. package/docs/reports/npmjs.com/after-reject.png +0 -0
  89. package/docs/reports/npmjs.com/gdpr-checklist-npmjs.com-2026-02-22.md +0 -44
  90. package/docs/reports/npmjs.com/gdpr-cookies-npmjs.com-2026-02-22.md +0 -25
  91. package/docs/reports/npmjs.com/gdpr-report-npmjs.com-2026-02-22.md +0 -88
  92. package/docs/reports/npmjs.com/gdpr-report-npmjs.com-2026-02-22.pdf +0 -0
  93. package/docs/reports/reddit.com/after-accept.png +0 -0
  94. package/docs/reports/reddit.com/after-reject.png +0 -0
  95. package/docs/reports/reddit.com/gdpr-checklist-reddit.com-2026-02-22.md +0 -44
  96. package/docs/reports/reddit.com/gdpr-cookies-reddit.com-2026-02-22.md +0 -33
  97. package/docs/reports/reddit.com/gdpr-report-reddit.com-2026-02-22.md +0 -148
  98. package/docs/reports/reddit.com/gdpr-report-reddit.com-2026-02-22.pdf +0 -0
  99. package/docs/reports/reddit.com/modal-initial.png +0 -0
  100. package/docs/reports/stackoverflow.com/after-accept.png +0 -0
  101. package/docs/reports/stackoverflow.com/after-reject.png +0 -0
  102. package/docs/reports/stackoverflow.com/gdpr-checklist-stackoverflow.com-2026-02-22.md +0 -44
  103. package/docs/reports/stackoverflow.com/gdpr-cookies-stackoverflow.com-2026-02-22.md +0 -67
  104. package/docs/reports/stackoverflow.com/gdpr-report-stackoverflow.com-2026-02-22.md +0 -206
  105. package/docs/reports/stackoverflow.com/gdpr-report-stackoverflow.com-2026-02-22.pdf +0 -0
  106. package/docs/reports/stackoverflow.com/modal-initial.png +0 -0
  107. package/docs/reports/www.afp.com/after-accept.png +0 -0
  108. package/docs/reports/www.afp.com/after-reject.png +0 -0
  109. package/docs/reports/www.afp.com/gdpr-checklist-afp.com-2026-02-22.md +0 -44
  110. package/docs/reports/www.afp.com/gdpr-cookies-afp.com-2026-02-22.md +0 -42
  111. package/docs/reports/www.afp.com/gdpr-report-afp.com-2026-02-22.md +0 -202
  112. package/docs/reports/www.afp.com/gdpr-report-afp.com-2026-02-22.pdf +0 -0
  113. package/docs/reports/www.afp.com/modal-initial.png +0 -0
package/docs/reports/npmjs.com/gdpr-report-npmjs.com-2026-02-22.md DELETED
@@ -1,88 +0,0 @@
1
- # GDPR Compliance Report — npmjs.com
2
-
3
- > **Scan date:** 22/02/2026, 19:25:09
4
- > **Scanned URL:** https://npmjs.com
5
- > **Scan duration:** 7.1s
6
- > **Tool:** gdpr-cookie-scanner v0.1.0
7
-
8
- ## Global Compliance Score
9
-
10
- ### 🔴 25/100 — Grade F
11
-
12
- | Criterion | Score | Progress | Status |
13
- | ---------------- | ---------- | ---------- | ------ |
14
- | Consent validity | 0/25 | ░░░░░░░░░░ | ❌ |
15
- | Easy refusal | 0/25 | ░░░░░░░░░░ | ❌ |
16
- | Transparency | 0/25 | ░░░░░░░░░░ | ❌ |
17
- | Cookie behavior | 25/25 | ██████████ | ✅ |
18
- | **TOTAL** | **25/100** | | **F** |
19
-
20
- ## Executive Summary
21
-
22
- ❌ **No consent modal detected.** The site sets cookies without requesting consent.
23
- ✅ No non-essential cookie set before interaction.
24
- ✅ Non-essential cookies are correctly removed after rejection.
25
- ✅ No tracker requests before consent.
26
-
27
- **1 critical issue(s)** and **1 warning(s)** identified.
28
-
29
- ## 1. Consent Modal
30
-
31
- _No consent modal detected on the page._
32
-
33
- ## 2. Dark Patterns and Detected Issues
34
-
35
- ### ❌ Critical issues
36
-
37
- **No cookie consent modal detected**
38
-
39
- > A consent mechanism is required before depositing non-essential cookies
40
-
41
- ### ⚠️ Warnings
42
-
43
- **No privacy policy link found on the page**
44
-
45
- > A privacy policy must be accessible from every page (GDPR Art. 13)
46
-
47
- ## 3. Cookies Set Before Any Interaction
48
-
49
- | Name | Domain | Category | Expiry | Consent required |
50
- | --------- | ---------- | -------- | ------- | ---------------- |
51
- | `__cf_bm` | .npmjs.com | unknown | < 1 day | ✅ No |
52
- | `_cfuvid` | .npmjs.com | unknown | Session | ✅ No |
53
-
54
- ## 4. Cookies After Consent Rejection
55
-
56
- ✅ No non-essential cookie detected after rejection.
57
-
58
- _No cookies detected._
59
-
60
- ## 5. Cookies After Consent Acceptance
61
-
62
- _No cookies detected._
63
-
64
- ## 6. Network Requests — Detected Trackers
65
-
66
- _No known network tracker detected._
67
-
68
- ## 7. Recommendations
69
-
70
- 1. **Deploy a CMP solution** (e.g. Axeptio, Didomi, OneTrust, Cookiebot) that displays a consent modal before any non-essential cookie.
71
-
72
- 1. **Add a "Reject all" button** at the first layer of the modal, requiring no more clicks than "Accept all" (CNIL 2022).
73
-
74
- 1. **Complete the modal information**: purposes, identity of sub-processors, retention period, right to withdraw.
75
-
76
- ## Scan Errors and Warnings
77
-
78
- - ⚠️ No reject button found — could not test rejection flow
79
- - ⚠️ No accept button found — could not test acceptance flow
80
-
81
- ## Legal References
82
-
83
- - **RGPD Art. 7** — Conditions for consent
84
- - **RGPD Recital 32** — Consent must result from an unambiguous positive action
85
- - **ePrivacy Directive 2002/58/EC** — Consent requirement for non-essential cookies
86
- - **CEPD Guidelines 05/2020** — Consent under the RGPD
87
- - **CEPD Guidelines 03/2022** — Dark patterns on platforms
88
- - **CNIL Recommendation 2022** — Rejection must be as easy as acceptance (same number of clicks)
package/docs/reports/reddit.com/gdpr-checklist-reddit.com-2026-02-22.md DELETED
@@ -1,44 +0,0 @@
1
- # GDPR Compliance Checklist — reddit.com
2
-
3
- > **Scan date:** 22/02/2026, 19:17:05
4
- > **Scanned URL:** https://reddit.com
5
- > **Global score:** 34/100 — Grade **F**
6
-
7
- **9 rule(s) compliant** · **3 non-compliant** · **5 warning(s)**
8
-
9
- ## Consent
10
-
11
- | Rule | Reference | Status | Detail |
12
- | ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------- |
13
- | Consent modal detected | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ✅ Compliant | Detected (`[aria-label*='consent' i]`) |
14
- | No pre-ticked checkboxes | [GDPR Recital 32](https://gdpr-info.eu/recitals/no-32/) | ✅ Compliant | No pre-ticked checkbox detected |
15
- | Accept button label is unambiguous | [GDPR Art. 4(11)](https://gdpr-info.eu/art-4-gdpr/) | ✅ Compliant | No Accept button detected |
16
-
17
- ## Easy refusal
18
-
19
- | Rule | Reference | Status | Detail |
20
- | ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ------------------------------- |
21
- | Reject button present at first layer | [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies) | ❌ Non-compliant | No Reject button at first layer |
22
- | Rejecting requires no more clicks than accepting | [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies) | ✅ Compliant | Cannot verify (missing buttons) |
23
- | Size symmetry between Accept and Reject | [EDPB Guidelines 03/2022](https://www.edpb.europa.eu/system/files/2022-03/edpb_03-2022_guidelines_on_dark_patterns_in_social_media_platform_interfaces_en.pdf) | ✅ Compliant | Button sizes are comparable |
24
- | Font symmetry between Accept and Reject | [EDPB Guidelines 03/2022](https://www.edpb.europa.eu/system/files/2022-03/edpb_03-2022_guidelines_on_dark_patterns_in_social_media_platform_interfaces_en.pdf) | ✅ Compliant | Font sizes are comparable |
25
-
26
- ## Transparency
27
-
28
- | Rule | Reference | Status | Detail |
29
- | ------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------- |
30
- | Granular controls available | [EDPB Guidelines 05/2020](https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en) | ⚠️ Warning | No granular controls (checkboxes or panel) detected |
31
- | Processing purposes mentioned | [GDPR Art. 13-14](https://gdpr-info.eu/art-13-gdpr/) | ⚠️ Warning | Information absent from the modal text |
32
- | Sub-processors / third parties mentioned | [GDPR Art. 13-14](https://gdpr-info.eu/art-13-gdpr/) | ⚠️ Warning | Information absent from the modal text |
33
- | Retention period mentioned | [GDPR Art. 13(2)(a)](https://gdpr-info.eu/art-13-gdpr/) | ⚠️ Warning | Information absent from the modal text |
34
- | Right to withdraw consent mentioned | [GDPR Art. 7(3)](https://gdpr-info.eu/art-7-gdpr/) | ⚠️ Warning | Information absent from the modal text |
35
- | Privacy policy link present in the consent modal | [GDPR Art. 13](https://gdpr-info.eu/art-13-gdpr/) | ✅ Compliant | Link found: https://www.reddit.com/policies/privacy-policy |
36
- | Privacy policy accessible from the main page | [GDPR Art. 13](https://gdpr-info.eu/art-13-gdpr/) | ✅ Compliant | Link found: https://www.reddit.com/policies/privacy-policy |
37
-
38
- ## Cookie behavior
39
-
40
- | Rule | Reference | Status | Detail |
41
- | --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ------------------------------------------------------ |
42
- | No non-essential cookie before consent | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ❌ Non-compliant | 2 illegal cookie(s): `loid` (unknown), `csv` (unknown) |
43
- | Non-essential cookies removed after rejection | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies) | ✅ Compliant | No non-essential cookie persisting after rejection |
44
- | No network tracker before consent | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ❌ Non-compliant | 3 tracker(s): Tracking Pixel (image) |
package/docs/reports/reddit.com/gdpr-cookies-reddit.com-2026-02-22.md DELETED
@@ -1,33 +0,0 @@
1
- # Cookie Inventory — reddit.com
2
-
3
- > **Scan date:** 22/02/2026, 19:17:05
4
- > **Scanned URL:** https://reddit.com
5
- > **Unique cookies detected:** 10
6
-
7
- ## Instructions
8
-
9
- This table lists all cookies detected during the scan, across all phases.
10
- The **Description / Purpose** column is to be filled in by the DPO or technical owner.
11
-
12
- - **Before consent** — cookie present from page load, before any interaction
13
- - **After acceptance** — cookie set or persisting after clicking "Accept all"
14
- - **After rejection** — cookie present after clicking "Reject all"
15
-
16
- ## Cookie table
17
-
18
- | Cookie | Domain | Category | Phases | Expiry | Consent required | Description / Purpose |
19
- | --------------------------- | ------------------------ | ------------------ | -------------- | --------- | ---------------- | --------------------- |
20
- | `csrf_token` | .reddit.com | Strictly necessary | before consent | Session | ✅ No | <!-- fill in --> |
21
- | `__cf_bm` | .emoji.redditmedia.com | Unknown | before consent | < 1 day | ✅ No | <!-- fill in --> |
22
- | `__cf_bm` | .w3-reporting.reddit.com | Unknown | before consent | < 1 day | ✅ No | <!-- fill in --> |
23
- | `_GRECAPTCHA` | www.google.com | Unknown | before consent | 6 months | ✅ No | <!-- fill in --> |
24
- | `csv` | .reddit.com | Unknown | before consent | 13 months | ⚠️ Yes | <!-- fill in --> |
25
- | `edgebucket` | .reddit.com | Unknown | before consent | 13 months | ✅ No | <!-- fill in --> |
26
- | `loid` | .reddit.com | Unknown | before consent | 13 months | ⚠️ Yes | <!-- fill in --> |
27
- | `reddit_translation_status` | www.reddit.com | Unknown | before consent | 12 months | ✅ No | <!-- fill in --> |
28
- | `session_tracker` | .reddit.com | Unknown | before consent | Session | ✅ No | <!-- fill in --> |
29
- | `token_v2` | .reddit.com | Unknown | before consent | 1 days | ✅ No | <!-- fill in --> |
30
-
31
- ---
32
-
33
- _Automatically generated by gdpr-cookie-scanner. Categories marked "Unknown" could not be identified automatically and should be verified manually._
package/docs/reports/reddit.com/gdpr-report-reddit.com-2026-02-22.md DELETED
@@ -1,148 +0,0 @@
1
- # GDPR Compliance Report — reddit.com
2
-
3
- > **Scan date:** 22/02/2026, 19:17:05
4
- > **Scanned URL:** https://reddit.com
5
- > **Scan duration:** 38.6s
6
- > **Tool:** gdpr-cookie-scanner v0.1.0
7
-
8
- ## Global Compliance Score
9
-
10
- ### 🔴 34/100 — Grade F
11
-
12
- | Criterion | Score | Progress | Status |
13
- | ---------------- | ---------- | ---------- | ------ |
14
- | Consent validity | 10/25 | ████░░░░░░ | ❌ |
15
- | Easy refusal | 10/25 | ████░░░░░░ | ❌ |
16
- | Transparency | 3/25 | █░░░░░░░░░ | ❌ |
17
- | Cookie behavior | 11/25 | ████░░░░░░ | ❌ |
18
- | **TOTAL** | **34/100** | | **F** |
19
-
20
- ## Executive Summary
21
-
22
- ✅ Consent modal detected (`[aria-label*='consent' i]`).
23
- ❌ **2 non-essential cookie(s)** set before any interaction (RGPD violation).
24
- ❌ **2 non-essential cookie(s)** persisting after rejection (RGPD violation).
25
- ❌ **3 tracker request(s)** fired before consent.
26
-
27
- **4 critical issue(s)** and **4 warning(s)** identified.
28
-
29
- ## 1. Consent Modal
30
-
31
- **CSS selector:** `[aria-label*='consent' i]`
32
- **Granular controls:** ❌ No
33
- **Layer count:** 1
34
- **Privacy policy link:** ✅ [https://www.reddit.com/policies/privacy-policy](https://www.reddit.com/policies/privacy-policy)
35
-
36
- ### Detected buttons
37
-
38
- | Button | Text | Visible | Font size | Contrast ratio |
39
- | ------ | ---- | ------- | --------- | -------------- |
40
-
41
- ### Screenshot
42
-
43
- ![Consent modal](modal-initial.png)
44
-
45
- ### Modal text excerpt
46
-
47
- >
48
-
49
- ## 2. Dark Patterns and Detected Issues
50
-
51
- ### ❌ Critical issues
52
-
53
- **No reject/decline option found in the consent modal**
54
-
55
- > RGPD requires refusal to be as easy as acceptance (CNIL 2022)
56
-
57
- **No reject button on first layer**
58
-
59
- > CNIL (2022) requires reject to require no more clicks than accept
60
-
61
- **2 non-essential cookie(s) deposited before any interaction**
62
-
63
- > loid (unknown), csv (unknown)
64
-
65
- **3 tracker request(s) fired before any consent**
66
-
67
- > Tracking Pixel (image)
68
-
69
- ### ⚠️ Warnings
70
-
71
- **Missing required information: "purposes"**
72
-
73
- > The consent text does not mention purposes
74
-
75
- **Missing required information: "third-parties"**
76
-
77
- > The consent text does not mention third-parties
78
-
79
- **Missing required information: "duration"**
80
-
81
- > The consent text does not mention duration
82
-
83
- **Missing required information: "withdrawal"**
84
-
85
- > The consent text does not mention withdrawal
86
-
87
- ## 3. Cookies Set Before Any Interaction
88
-
89
- | Name | Domain | Category | Expiry | Consent required |
90
- | --------------------------- | ------------------------ | ------------------ | --------- | ---------------- |
91
- | `_GRECAPTCHA` | www.google.com | unknown | 6 months | ✅ No |
92
- | `loid` | .reddit.com | unknown | 13 months | ⚠️ Yes |
93
- | `csrf_token` | .reddit.com | strictly-necessary | Session | ✅ No |
94
- | `token_v2` | .reddit.com | unknown | 1 days | ✅ No |
95
- | `csv` | .reddit.com | unknown | 13 months | ⚠️ Yes |
96
- | `edgebucket` | .reddit.com | unknown | 13 months | ✅ No |
97
- | `__cf_bm` | .emoji.redditmedia.com | unknown | < 1 day | ✅ No |
98
- | `__cf_bm` | .w3-reporting.reddit.com | unknown | < 1 day | ✅ No |
99
- | `reddit_translation_status` | www.reddit.com | unknown | 12 months | ✅ No |
100
- | `session_tracker` | .reddit.com | unknown | Session | ✅ No |
101
-
102
- ## 4. Cookies After Consent Rejection
103
-
104
- ✅ No non-essential cookie detected after rejection.
105
-
106
- _No cookies detected._
107
-
108
- ## 5. Cookies After Consent Acceptance
109
-
110
- _No cookies detected._
111
-
112
- ## 6. Network Requests — Detected Trackers
113
-
114
- ### Before interaction (3 tracker(s))
115
-
116
- | Tracker | Category | URL | Type |
117
- | ---------------------- | -------- | -------------------------------------------------------------- | ----- |
118
- | Tracking Pixel (image) | pixel | `https://alb.reddit.com/i.gif?za=5StXFRY3wvqDh-JoiRaI3yZCx...` | image |
119
- | Tracking Pixel (image) | pixel | `https://alb.reddit.com/i.gif?za=frMHcAyMwsXsELqF3U7dcfZjF...` | image |
120
- | Tracking Pixel (image) | pixel | `https://alb.reddit.com/i.gif?za=mfBCh2KQFCIvqVUd-h6GJ6Lfn...` | image |
121
-
122
- ## 7. Recommendations
123
-
124
- 1. **Add a "Reject all" button** at the first layer of the modal, requiring no more clicks than "Accept all" (CNIL 2022).
125
-
126
- 1. **Do not set any non-essential cookie before consent.** Gate the initialisation of third-party scripts on acceptance.
127
-
128
- 1. **Complete the modal information**: purposes, identity of sub-processors, retention period, right to withdraw.
129
-
130
- 1. **Remove or block non-essential cookies** after rejection, and verify consent handling server-side.
131
-
132
- ## Scan Errors and Warnings
133
-
134
- - ⚠️ Navigation timeout or error: TimeoutError: page.goto: Timeout 30000ms exceeded.
135
- Call log:
136
-  - navigating to "https://reddit.com/", waiting until "networkidle"
137
-
138
- - ⚠️ No reject button found — could not test rejection flow
139
- - ⚠️ No accept button found — could not test acceptance flow
140
-
141
- ## Legal References
142
-
143
- - **RGPD Art. 7** — Conditions for consent
144
- - **RGPD Recital 32** — Consent must result from an unambiguous positive action
145
- - **ePrivacy Directive 2002/58/EC** — Consent requirement for non-essential cookies
146
- - **CEPD Guidelines 05/2020** — Consent under the RGPD
147
- - **CEPD Guidelines 03/2022** — Dark patterns on platforms
148
- - **CNIL Recommendation 2022** — Rejection must be as easy as acceptance (same number of clicks)
package/docs/reports/stackoverflow.com/gdpr-checklist-stackoverflow.com-2026-02-22.md DELETED
@@ -1,44 +0,0 @@
1
- # GDPR Compliance Checklist — stackoverflow.com
2
-
3
- > **Scan date:** 22/02/2026, 19:24:00
4
- > **Scanned URL:** https://stackoverflow.com
5
- > **Global score:** 66/100 — Grade **C**
6
-
7
- **13 rule(s) compliant** · **3 non-compliant** · **1 warning(s)**
8
-
9
- ## Consent
10
-
11
- | Rule | Reference | Status | Detail |
12
- | ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------------------------- |
13
- | Consent modal detected | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ✅ Compliant | Detected (`#onetrust-banner-sdk`) |
14
- | No pre-ticked checkboxes | [GDPR Recital 32](https://gdpr-info.eu/recitals/no-32/) | ✅ Compliant | No pre-ticked checkbox detected |
15
- | Accept button label is unambiguous | [GDPR Art. 4(11)](https://gdpr-info.eu/art-4-gdpr/) | ✅ Compliant | Clear label: "Accept all cookies" |
16
-
17
- ## Easy refusal
18
-
19
- | Rule | Reference | Status | Detail |
20
- | ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ------------------------------- |
21
- | Reject button present at first layer | [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies) | ❌ Non-compliant | No Reject button at first layer |
22
- | Rejecting requires no more clicks than accepting | [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies) | ✅ Compliant | Cannot verify (missing buttons) |
23
- | Size symmetry between Accept and Reject | [EDPB Guidelines 03/2022](https://www.edpb.europa.eu/system/files/2022-03/edpb_03-2022_guidelines_on_dark_patterns_in_social_media_platform_interfaces_en.pdf) | ✅ Compliant | Button sizes are comparable |
24
- | Font symmetry between Accept and Reject | [EDPB Guidelines 03/2022](https://www.edpb.europa.eu/system/files/2022-03/edpb_03-2022_guidelines_on_dark_patterns_in_social_media_platform_interfaces_en.pdf) | ✅ Compliant | Font sizes are comparable |
25
-
26
- ## Transparency
27
-
28
- | Rule | Reference | Status | Detail |
29
- | ------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---------------------------------------------------------- |
30
- | Granular controls available | [EDPB Guidelines 05/2020](https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en) | ✅ Compliant | 0 checkbox(es) or preferences panel detected |
31
- | Processing purposes mentioned | [GDPR Art. 13-14](https://gdpr-info.eu/art-13-gdpr/) | ✅ Compliant | Mention found in the modal text |
32
- | Sub-processors / third parties mentioned | [GDPR Art. 13-14](https://gdpr-info.eu/art-13-gdpr/) | ✅ Compliant | Mention found in the modal text |
33
- | Retention period mentioned | [GDPR Art. 13(2)(a)](https://gdpr-info.eu/art-13-gdpr/) | ✅ Compliant | Mention found in the modal text |
34
- | Right to withdraw consent mentioned | [GDPR Art. 7(3)](https://gdpr-info.eu/art-7-gdpr/) | ✅ Compliant | Mention found in the modal text |
35
- | Privacy policy link present in the consent modal | [GDPR Art. 13](https://gdpr-info.eu/art-13-gdpr/) | ⚠️ Warning | No privacy policy link found inside the consent modal |
36
- | Privacy policy accessible from the main page | [GDPR Art. 13](https://gdpr-info.eu/art-13-gdpr/) | ✅ Compliant | Link found: https://stackoverflow.com/legal/privacy-policy |
37
-
38
- ## Cookie behavior
39
-
40
- | Rule | Reference | Status | Detail |
41
- | --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -------------------------------------------------------------------- |
42
- | No non-essential cookie before consent | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ❌ Non-compliant | 1 illegal cookie(s): `prov` (unknown) |
43
- | Non-essential cookies removed after rejection | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies) | ✅ Compliant | No non-essential cookie persisting after rejection |
44
- | No network tracker before consent | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ❌ Non-compliant | 7 tracker(s): Google Tag Manager, Google AdSense, Google DoubleClick |
package/docs/reports/stackoverflow.com/gdpr-cookies-stackoverflow.com-2026-02-22.md DELETED
@@ -1,67 +0,0 @@
1
- # Cookie Inventory — stackoverflow.com
2
-
3
- > **Scan date:** 22/02/2026, 19:24:00
4
- > **Scanned URL:** https://stackoverflow.com
5
- > **Unique cookies detected:** 44
6
-
7
- ## Instructions
8
-
9
- This table lists all cookies detected during the scan, across all phases.
10
- The **Description / Purpose** column is to be filled in by the DPO or technical owner.
11
-
12
- - **Before consent** — cookie present from page load, before any interaction
13
- - **After acceptance** — cookie set or persisting after clicking "Accept all"
14
- - **After rejection** — cookie present after clicking "Reject all"
15
-
16
- ## Cookie table
17
-
18
- | Cookie | Domain | Category | Phases | Expiry | Consent required | Description / Purpose |
19
- | ---------------------------- | ------------------- | ----------- | -------------------------------- | --------- | ---------------- | --------------------- |
20
- | `_ga` | .stackoverflow.com | Analytics | after acceptance | 13 months | ⚠️ Yes | <!-- fill in --> |
21
- | `_ga_WCZ03SZFCQ` | .stackoverflow.com | Analytics | after acceptance | 13 months | ⚠️ Yes | <!-- fill in --> |
22
- | `IDE` | .doubleclick.net | Advertising | after acceptance | 13 months | ⚠️ Yes | <!-- fill in --> |
23
- | `uid` | .criteo.com | Advertising | after acceptance | 13 months | ⚠️ Yes | <!-- fill in --> |
24
- | `__cf_bm` | .stackoverflow.com | Unknown | before consent, after acceptance | < 1 day | ✅ No | <!-- fill in --> |
25
- | `__cf_bm` | .i.sstatic.net | Unknown | before consent, after acceptance | < 1 day | ✅ No | <!-- fill in --> |
26
- | `__cf_bm` | .sstatic.net | Unknown | after acceptance | < 1 day | ✅ No | <!-- fill in --> |
27
- | `__cflb` | stackoverflow.com | Unknown | before consent, after acceptance | 1 days | ✅ No | <!-- fill in --> |
28
- | `__cflb` | cdn.sstatic.net | Unknown | after acceptance | 1 days | ✅ No | <!-- fill in --> |
29
- | `__eoi` | .stackoverflow.com | Unknown | after acceptance | 6 months | ✅ No | <!-- fill in --> |
30
- | `_cc_aud` | .crwdcntrl.net | Unknown | after acceptance | 9 months | ✅ No | <!-- fill in --> |
31
- | `_cc_cc` | .crwdcntrl.net | Unknown | after acceptance | 9 months | ✅ No | <!-- fill in --> |
32
- | `_cc_dc` | .crwdcntrl.net | Unknown | after acceptance | 9 months | ✅ No | <!-- fill in --> |
33
- | `_cc_id` | .crwdcntrl.net | Unknown | after acceptance | 9 months | ✅ No | <!-- fill in --> |
34
- | `_cc_id` | .stackoverflow.com | Unknown | after acceptance | 9 months | ✅ No | <!-- fill in --> |
35
- | `_cfuvid` | .stackoverflow.com | Unknown | before consent, after acceptance | Session | ✅ No | <!-- fill in --> |
36
- | `_cfuvid` | .i.sstatic.net | Unknown | before consent, after acceptance | Session | ✅ No | <!-- fill in --> |
37
- | `_cfuvid` | .sstatic.net | Unknown | after acceptance | Session | ✅ No | <!-- fill in --> |
38
- | `_D9J` | .flashtalking.com | Unknown | after acceptance | 12 months | ⚠️ Yes | <!-- fill in --> |
39
- | `_sharedID` | .stackoverflow.com | Unknown | after acceptance | 1 months | ✅ No | <!-- fill in --> |
40
- | `_sharedID_cst` | .stackoverflow.com | Unknown | after acceptance | 1 months | ✅ No | <!-- fill in --> |
41
- | `APC` | .doubleclick.net | Unknown | after acceptance | 6 months | ⚠️ Yes | <!-- fill in --> |
42
- | `audit` | .rubiconproject.com | Unknown | after acceptance | 12 months | ✅ No | <!-- fill in --> |
43
- | `cf_clearance` | .stackoverflow.com | Unknown | before consent, after acceptance | 12 months | ✅ No | <!-- fill in --> |
44
- | `cto_bidid` | .stackoverflow.com | Unknown | after acceptance | 13 months | ✅ No | <!-- fill in --> |
45
- | `cto_bundle` | .criteo.com | Unknown | after acceptance | 13 months | ✅ No | <!-- fill in --> |
46
- | `cto_bundle` | .stackoverflow.com | Unknown | after acceptance | 13 months | ✅ No | <!-- fill in --> |
47
- | `DotomiUser` | .dotomi.com | Unknown | after acceptance | 13 months | ✅ No | <!-- fill in --> |
48
- | `eupubconsent-v2` | .stackoverflow.com | Unknown | after acceptance | 12 months | ✅ No | <!-- fill in --> |
49
- | `flashtalkingad1` | .flashtalking.com | Unknown | after acceptance | 13 months | ✅ No | <!-- fill in --> |
50
- | `g_state` | stackoverflow.com | Unknown | before consent, after acceptance | 6 months | ✅ No | <!-- fill in --> |
51
- | `id5` | .id5-sync.com | Unknown | after acceptance | 3 months | ⚠️ Yes | <!-- fill in --> |
52
- | `khaos` | .rubiconproject.com | Unknown | after acceptance | 12 months | ✅ No | <!-- fill in --> |
53
- | `OptanonAlertBoxClosed` | .stackoverflow.com | Unknown | after acceptance | 12 months | ✅ No | <!-- fill in --> |
54
- | `OptanonConsent` | .stackoverflow.com | Unknown | before consent, after acceptance | 12 months | ✅ No | <!-- fill in --> |
55
- | `panoramaId` | .stackoverflow.com | Unknown | after acceptance | 7 days | ✅ No | <!-- fill in --> |
56
- | `panoramaId_expiry` | .stackoverflow.com | Unknown | after acceptance | 7 days | ✅ No | <!-- fill in --> |
57
- | `pbjs-unifiedid` | stackoverflow.com | Unknown | after acceptance | 2 months | ✅ No | <!-- fill in --> |
58
- | `pbjs-unifiedid_cst` | stackoverflow.com | Unknown | after acceptance | 2 months | ✅ No | <!-- fill in --> |
59
- | `prov` | .stackoverflow.com | Unknown | before consent, after acceptance | 12 months | ⚠️ Yes | <!-- fill in --> |
60
- | `receive-cookie-deprecation` | .3lift.com | Unknown | after acceptance | 3 months | ✅ No | <!-- fill in --> |
61
- | `receive-cookie-deprecation` | .dotomi.com | Unknown | after acceptance | 13 months | ✅ No | <!-- fill in --> |
62
- | `receive-cookie-deprecation` | prebid.media.net | Unknown | after acceptance | 6 months | ✅ No | <!-- fill in --> |
63
- | `receive-cookie-deprecation` | .casalemedia.com | Unknown | after acceptance | 12 months | ✅ No | <!-- fill in --> |
64
-
65
- ---
66
-
67
- _Automatically generated by gdpr-cookie-scanner. Categories marked "Unknown" could not be identified automatically and should be verified manually._