npm - @slashgear/gdpr-cookie-scanner - Versions diffs - 3.6.0 → 3.8.0 - Mend

@slashgear/gdpr-cookie-scanner 3.6.0 → 3.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (149) hide show

package/docs/reports/stackoverflow.com/gdpr-report-stackoverflow.com-2026-02-22.md DELETED Viewed

@@ -1,206 +0,0 @@
-# GDPR Compliance Report — stackoverflow.com
-> **Scan date:** 22/02/2026, 19:24:00
-> **Scanned URL:** https://stackoverflow.com
-> **Scan duration:** 12.5s
-> **Tool:** gdpr-cookie-scanner v0.1.0
-## Global Compliance Score
-### 🟠 66/100 — Grade C
-| Criterion        | Score      | Progress   | Status |
-| ---------------- | ---------- | ---------- | ------ |
-| Consent validity | 25/25      | ██████████ | ✅     |
-| Easy refusal     | 10/25      | ████░░░░░░ | ❌     |
-| Transparency     | 20/25      | ████████░░ | ✅     |
-| Cookie behavior  | 11/25      | ████░░░░░░ | ❌     |
-| **TOTAL**        | **66/100** |            | **C**  |
-## Executive Summary
-✅ Consent modal detected (`#onetrust-banner-sdk`).
-❌ **1 non-essential cookie(s)** set before any interaction (RGPD violation).
-❌ **1 non-essential cookie(s)** persisting after rejection (RGPD violation).
-❌ **7 tracker request(s)** fired before consent.
-**3 critical issue(s)** and **1 warning(s)** identified.
-## 1. Consent Modal
-**CSS selector:** `#onetrust-banner-sdk`
-**Granular controls:** ✅ Yes
-**Layer count:** 2
-**Privacy policy link:** ⚠️ Not found in the modal
-### Detected buttons
-| Button         | Text                       | Visible | Font size | Contrast ratio |
-| -------------- | -------------------------- | ------- | --------- | -------------- |
-| ❓ Unknown     | List of Partners (vendors) | ✅      | 13.12px   | 11.45:1        |
-| 🟢 Accept      | Accept all cookies         | ✅      | 13.12px   | 8.27:1         |
-| ❓ Unknown     | Necessary cookies only     | ✅      | 13.12px   | 8.27:1         |
-| ⚙️ Preferences | Customize Settings         | ✅      | 13.12px   | 8.27:1         |
-### Screenshot
-![Consent modal](modal-initial.png)
-### Modal text excerpt
-> We Care About Your PrivacyWe and our 277 partners store and access personal data, like browsing data or unique identifiers, on your device. Selecting Accept all cookies enables tracking technologies to support the purposes shown under we and our partners process data to provide. Selecting Necessary cookies only or withdrawing your consent will disable them. If trackers are disabled, some content and ads you see may not be as relevant to you. You can resurface this menu to change your choices or ...
-## 2. Dark Patterns and Detected Issues
-### ❌ Critical issues
-**No reject button on first layer**
-> CNIL (2022) requires reject to require no more clicks than accept
-**1 non-essential cookie(s) deposited before any interaction**
-> prov (unknown)
-**7 tracker request(s) fired before any consent**
-> Google Tag Manager, Google AdSense, Google DoubleClick, Google Analytics, Tracking Pixel
-### ⚠️ Warnings
-**No privacy policy link found in the consent modal**
-> GDPR Art. 13 requires the privacy policy to be accessible from the consent interface
-## 3. Cookies Set Before Any Interaction
-| Name             | Domain             | Category | Expiry    | Consent required |
-| ---------------- | ------------------ | -------- | --------- | ---------------- |
-| `prov`           | .stackoverflow.com | unknown  | 12 months | ⚠️ Yes           |
-| `__cflb`         | stackoverflow.com  | unknown  | 1 days    | ✅ No            |
-| `__cf_bm`        | .stackoverflow.com | unknown  | < 1 day   | ✅ No            |
-| `_cfuvid`        | .stackoverflow.com | unknown  | Session   | ✅ No            |
-| `__cf_bm`        | .i.sstatic.net     | unknown  | < 1 day   | ✅ No            |
-| `_cfuvid`        | .i.sstatic.net     | unknown  | Session   | ✅ No            |
-| `cf_clearance`   | .stackoverflow.com | unknown  | 12 months | ✅ No            |
-| `g_state`        | stackoverflow.com  | unknown  | 6 months  | ✅ No            |
-| `OptanonConsent` | .stackoverflow.com | unknown  | 12 months | ✅ No            |
-## 4. Cookies After Consent Rejection
-✅ No non-essential cookie detected after rejection.
-_No cookies detected._
-## 5. Cookies After Consent Acceptance
-| Name                         | Domain              | Category    | Expiry    | Consent required |
-| ---------------------------- | ------------------- | ----------- | --------- | ---------------- |
-| `prov`                       | .stackoverflow.com  | unknown     | 12 months | ⚠️ Yes           |
-| `__cflb`                     | stackoverflow.com   | unknown     | 1 days    | ✅ No            |
-| `__cf_bm`                    | .stackoverflow.com  | unknown     | < 1 day   | ✅ No            |
-| `_cfuvid`                    | .stackoverflow.com  | unknown     | Session   | ✅ No            |
-| `__cf_bm`                    | .i.sstatic.net      | unknown     | < 1 day   | ✅ No            |
-| `_cfuvid`                    | .i.sstatic.net      | unknown     | Session   | ✅ No            |
-| `cf_clearance`               | .stackoverflow.com  | unknown     | 12 months | ✅ No            |
-| `g_state`                    | stackoverflow.com   | unknown     | 6 months  | ✅ No            |
-| `OptanonAlertBoxClosed`      | .stackoverflow.com  | unknown     | 12 months | ✅ No            |
-| `_sharedID`                  | .stackoverflow.com  | unknown     | 1 months  | ✅ No            |
-| `_sharedID_cst`              | .stackoverflow.com  | unknown     | 1 months  | ✅ No            |
-| `eupubconsent-v2`            | .stackoverflow.com  | unknown     | 12 months | ✅ No            |
-| `_ga`                        | .stackoverflow.com  | analytics   | 13 months | ⚠️ Yes           |
-| `_ga_WCZ03SZFCQ`             | .stackoverflow.com  | analytics   | 13 months | ⚠️ Yes           |
-| `OptanonConsent`             | .stackoverflow.com  | unknown     | 12 months | ✅ No            |
-| `__eoi`                      | .stackoverflow.com  | unknown     | 6 months  | ✅ No            |
-| `pbjs-unifiedid`             | stackoverflow.com   | unknown     | 2 months  | ✅ No            |
-| `pbjs-unifiedid_cst`         | stackoverflow.com   | unknown     | 2 months  | ✅ No            |
-| `_cc_dc`                     | .crwdcntrl.net      | unknown     | 9 months  | ✅ No            |
-| `_cc_id`                     | .crwdcntrl.net      | unknown     | 9 months  | ✅ No            |
-| `_cc_cc`                     | .crwdcntrl.net      | unknown     | 9 months  | ✅ No            |
-| `_cc_aud`                    | .crwdcntrl.net      | unknown     | 9 months  | ✅ No            |
-| `panoramaId_expiry`          | .stackoverflow.com  | unknown     | 7 days    | ✅ No            |
-| `_cc_id`                     | .stackoverflow.com  | unknown     | 9 months  | ✅ No            |
-| `panoramaId`                 | .stackoverflow.com  | unknown     | 7 days    | ✅ No            |
-| `uid`                        | .criteo.com         | advertising | 13 months | ⚠️ Yes           |
-| `cto_bidid`                  | .stackoverflow.com  | unknown     | 13 months | ✅ No            |
-| `cto_bundle`                 | .criteo.com         | unknown     | 13 months | ✅ No            |
-| `cto_bundle`                 | .stackoverflow.com  | unknown     | 13 months | ✅ No            |
-| `__cflb`                     | cdn.sstatic.net     | unknown     | 1 days    | ✅ No            |
-| `__cf_bm`                    | .sstatic.net        | unknown     | < 1 day   | ✅ No            |
-| `_cfuvid`                    | .sstatic.net        | unknown     | Session   | ✅ No            |
-| `receive-cookie-deprecation` | .3lift.com          | unknown     | 3 months  | ✅ No            |
-| `DotomiUser`                 | .dotomi.com         | unknown     | 13 months | ✅ No            |
-| `receive-cookie-deprecation` | .dotomi.com         | unknown     | 13 months | ✅ No            |
-| `receive-cookie-deprecation` | prebid.media.net    | unknown     | 6 months  | ✅ No            |
-| `receive-cookie-deprecation` | .casalemedia.com    | unknown     | 12 months | ✅ No            |
-| `id5`                        | .id5-sync.com       | unknown     | 3 months  | ⚠️ Yes           |
-| `khaos`                      | .rubiconproject.com | unknown     | 12 months | ✅ No            |
-| `audit`                      | .rubiconproject.com | unknown     | 12 months | ✅ No            |
-| `IDE`                        | .doubleclick.net    | advertising | 13 months | ⚠️ Yes           |
-| `APC`                        | .doubleclick.net    | unknown     | 6 months  | ⚠️ Yes           |
-| `flashtalkingad1`            | .flashtalking.com   | unknown     | 13 months | ✅ No            |
-| `_D9J`                       | .flashtalking.com   | unknown     | 12 months | ⚠️ Yes           |
-## 6. Network Requests — Detected Trackers
-### Before interaction (7 tracker(s))
-| Tracker            | Category    | URL                                                            | Type   |
-| ------------------ | ----------- | -------------------------------------------------------------- | ------ |
-| Google Tag Manager | analytics   | `https://www.googletagmanager.com/gtag/js?id=G-WCZ03SZFCQ`     | script |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/tag/js/gpt.js`          | script |
-| Google DoubleClick | advertising | `https://securepubads.g.doubleclick.net/tag/js/gpt.js`         | script |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/pagead/managed/js/g...` | script |
-| Google Analytics   | analytics   | `https://region1.google-analytics.com/g/collect?v=2&tid=G-...` | fetch  |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/pagead/managed/dict...` | other  |
-| Tracking Pixel     | pixel       | `https://accounts.google.com/gsi/log?client_id=71776232868...` | xhr    |
-### After acceptance (68 tracker(s))
-| Tracker            | Category    | URL                                                            | Type     |
-| ------------------ | ----------- | -------------------------------------------------------------- | -------- |
-| Google Tag Manager | analytics   | `https://www.googletagmanager.com/gtag/js?id=G-WCZ03SZFCQ`     | script   |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/tag/js/gpt.js`          | script   |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/pagead/managed/js/g...` | script   |
-| Google DoubleClick | advertising | `https://securepubads.g.doubleclick.net/tag/js/gpt.js`         | script   |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/pagead/managed/dict...` | other    |
-| Google Analytics   | analytics   | `https://region1.google-analytics.com/g/collect?v=2&tid=G-...` | fetch    |
-| Tracking Pixel     | pixel       | `https://accounts.google.com/gsi/log?client_id=71776232868...` | xhr      |
-| Google Analytics   | analytics   | `https://region1.google-analytics.com/g/collect?v=2&tid=G-...` | fetch    |
-| Google Analytics   | analytics   | `https://region1.analytics.google.com/g/collect?v=2&tid=G-...` | fetch    |
-| Google DoubleClick | advertising | `https://stats.g.doubleclick.net/g/collect?v=2&tid=G-WCZ03...` | ping     |
-| Criteo             | advertising | `https://static.criteo.net/js/ld/publishertag.ids.js`          | script   |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/gampad/ads?pvsid=67...` | fetch    |
-| Google AdSense     | advertising | `https://d888e23a329526dc9ce3f0b7b6578905.safeframe.google...` | document |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/gampad/ads?pvsid=67...` | fetch    |
-| Google AdSense     | advertising | `https://d888e23a329526dc9ce3f0b7b6578905.safeframe.google...` | document |
-| Google AdSense     | advertising | `https://d888e23a329526dc9ce3f0b7b6578905.safeframe.google...` | document |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/bg/xBXdrLeq7aQZSZ_B...` | script   |
-| Google AdSense     | advertising | `https://tpc.googlesyndication.com/safeframe/1-0-45/js/ext.js` | script   |
-| Google AdSense     | advertising | `https://pagead2.googlesyndication.com/pagead/js/r20260218...` | script   |
-| Google AdSense     | advertising | `https://tpc.googlesyndication.com/simgad/1623626705182823...` | image    |
-_... and 48 additional request(s)._
-## 7. Recommendations
-1. **Add a "Reject all" button** at the first layer of the modal, requiring no more clicks than "Accept all" (CNIL 2022).
-1. **Do not set any non-essential cookie before consent.** Gate the initialisation of third-party scripts on acceptance.
-1. **Complete the modal information**: purposes, identity of sub-processors, retention period, right to withdraw.
-1. **Remove or block non-essential cookies** after rejection, and verify consent handling server-side.
-## Scan Errors and Warnings
-- ⚠️ No reject button found — could not test rejection flow
-## Legal References
-- **RGPD Art. 7** — Conditions for consent
-- **RGPD Recital 32** — Consent must result from an unambiguous positive action
-- **ePrivacy Directive 2002/58/EC** — Consent requirement for non-essential cookies
-- **CEPD Guidelines 05/2020** — Consent under the RGPD
-- **CEPD Guidelines 03/2022** — Dark patterns on platforms
-- **CNIL Recommendation 2022** — Rejection must be as easy as acceptance (same number of clicks)

package/docs/reports/stackoverflow.com/gdpr-report-stackoverflow.com-2026-02-22.pdf DELETED Viewed

Binary file

package/docs/reports/stackoverflow.com/modal-initial.png DELETED Viewed

Binary file

package/docs/reports/www.afp.com/after-accept.png DELETED Viewed

Binary file

package/docs/reports/www.afp.com/after-reject.png DELETED Viewed

Binary file

package/docs/reports/www.afp.com/gdpr-checklist-afp.com-2026-02-22.md DELETED Viewed

@@ -1,44 +0,0 @@
-# GDPR Compliance Checklist — www.afp.com
-> **Scan date:** 22/02/2026, 19:36:58
-> **Scanned URL:** https://www.afp.com/
-> **Global score:** 47/100 — Grade **D**
-**11 rule(s) compliant** · **3 non-compliant** · **3 warning(s)**
-## Consent
-| Rule                               | Reference                                                                                                                                           | Status       | Detail                                 |
-| ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------------------- |
-| Consent modal detected             | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ✅ Compliant | Detected (`#onetrust-banner-sdk`)      |
-| No pre-ticked checkboxes           | [GDPR Recital 32](https://gdpr-info.eu/recitals/no-32/)                                                                                             | ✅ Compliant | No pre-ticked checkbox detected        |
-| Accept button label is unambiguous | [GDPR Art. 4(11)](https://gdpr-info.eu/art-4-gdpr/)                                                                                                 | ✅ Compliant | Clear label: "Continuer sans accepter" |
-## Easy refusal
-| Rule                                             | Reference                                                                                                                                                      | Status           | Detail                          |
-| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ------------------------------- |
-| Reject button present at first layer             | [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies)                                                                   | ❌ Non-compliant | No Reject button at first layer |
-| Rejecting requires no more clicks than accepting | [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies)                                                                   | ✅ Compliant     | Cannot verify (missing buttons) |
-| Size symmetry between Accept and Reject          | [EDPB Guidelines 03/2022](https://www.edpb.europa.eu/system/files/2022-03/edpb_03-2022_guidelines_on_dark_patterns_in_social_media_platform_interfaces_en.pdf) | ✅ Compliant     | Button sizes are comparable     |
-| Font symmetry between Accept and Reject          | [EDPB Guidelines 03/2022](https://www.edpb.europa.eu/system/files/2022-03/edpb_03-2022_guidelines_on_dark_patterns_in_social_media_platform_interfaces_en.pdf) | ✅ Compliant     | Font sizes are comparable       |
-## Transparency
-| Rule                                             | Reference                                                                                                                                       | Status       | Detail                                                |
-| ------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ----------------------------------------------------- |
-| Granular controls available                      | [EDPB Guidelines 05/2020](https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en) | ✅ Compliant | 0 checkbox(es) or preferences panel detected          |
-| Processing purposes mentioned                    | [GDPR Art. 13-14](https://gdpr-info.eu/art-13-gdpr/)                                                                                            | ✅ Compliant | Mention found in the modal text                       |
-| Sub-processors / third parties mentioned         | [GDPR Art. 13-14](https://gdpr-info.eu/art-13-gdpr/)                                                                                            | ⚠️ Warning   | Information absent from the modal text                |
-| Retention period mentioned                       | [GDPR Art. 13(2)(a)](https://gdpr-info.eu/art-13-gdpr/)                                                                                         | ✅ Compliant | Mention found in the modal text                       |
-| Right to withdraw consent mentioned              | [GDPR Art. 7(3)](https://gdpr-info.eu/art-7-gdpr/)                                                                                              | ⚠️ Warning   | Information absent from the modal text                |
-| Privacy policy link present in the consent modal | [GDPR Art. 13](https://gdpr-info.eu/art-13-gdpr/)                                                                                               | ⚠️ Warning   | No privacy policy link found inside the consent modal |
-| Privacy policy accessible from the main page     | [GDPR Art. 13](https://gdpr-info.eu/art-13-gdpr/)                                                                                               | ✅ Compliant | Link found: https://www.afp.com/fr/mentions-legales   |
-## Cookie behavior
-| Rule                                          | Reference                                                                                                                                           | Status           | Detail                                                                              |
-| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ----------------------------------------------------------------------------------- |
-| No non-essential cookie before consent        | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ❌ Non-compliant | 3 illegal cookie(s): `YSC` (social), `bcookie` (advertising), `li_gc` (advertising) |
-| Non-essential cookies removed after rejection | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [CNIL Recommendation 2022](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies)      | ✅ Compliant     | No non-essential cookie persisting after rejection                                  |
-| No network tracker before consent             | [GDPR Art. 7](https://gdpr-info.eu/art-7-gdpr/) · [ePrivacy Dir. Art. 5(3)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058) | ❌ Non-compliant | 13 tracker(s): Google Tag Manager, LinkedIn Insight Tag, Microsoft Clarity          |

package/docs/reports/www.afp.com/gdpr-cookies-afp.com-2026-02-22.md DELETED Viewed

@@ -1,42 +0,0 @@
-# Cookie Inventory — www.afp.com
-> **Scan date:** 22/02/2026, 19:36:58
-> **Scanned URL:** https://www.afp.com/
-> **Unique cookies detected:** 19
-## Instructions
-This table lists all cookies detected during the scan, across all phases.
-The **Description / Purpose** column is to be filled in by the DPO or technical owner.
-- **Before consent** — cookie present from page load, before any interaction
-- **After acceptance** — cookie set or persisting after clicking "Accept all"
-- **After rejection** — cookie present after clicking "Reject all"
-## Cookie table
-| Cookie                                              | Domain        | Category    | Phases                           | Expiry    | Consent required | Description / Purpose |
-| --------------------------------------------------- | ------------- | ----------- | -------------------------------- | --------- | ---------------- | --------------------- |
-| `bcookie`                                           | .linkedin.com | Advertising | before consent, after acceptance | 12 months | ⚠️ Yes           | <!-- fill in -->      |
-| `li_gc`                                             | .linkedin.com | Advertising | before consent, after acceptance | 6 months  | ⚠️ Yes           | <!-- fill in -->      |
-| `YSC`                                               | .youtube.com  | Social      | before consent, after acceptance | Session   | ⚠️ Yes           | <!-- fill in -->      |
-| `__cf_bm`                                           | .page.afp.com | Unknown     | before consent, after acceptance | < 1 day   | ✅ No            | <!-- fill in -->      |
-| `__Secure-ROLLOUT_TOKEN`                            | .youtube.com  | Unknown     | before consent, after acceptance | 6 months  | ✅ No            | <!-- fill in -->      |
-| `__Secure-YNID`                                     | .youtube.com  | Unknown     | before consent, after acceptance | 6 months  | ✅ No            | <!-- fill in -->      |
-| `_gcl_au`                                           | .afp.com      | Unknown     | before consent, after acceptance | 3 months  | ✅ No            | <!-- fill in -->      |
-| `_mkto_trk`                                         | .afp.com      | Unknown     | before consent, after acceptance | 13 months | ✅ No            | <!-- fill in -->      |
-| `_pcid`                                             | .afp.com      | Unknown     | before consent, after acceptance | 13 months | ✅ No            | <!-- fill in -->      |
-| `_pctx`                                             | .afp.com      | Unknown     | before consent, after acceptance | 13 months | ✅ No            | <!-- fill in -->      |
-| `_pprv`                                             | .afp.com      | Unknown     | before consent, after acceptance | 13 months | ✅ No            | <!-- fill in -->      |
-| `AKA_A2`                                            | .afp.com      | Unknown     | after acceptance                 | < 1 day   | ✅ No            | <!-- fill in -->      |
-| `BIGipServer~VS65000-N117~lon08web-nginx-app_https` | page.afp.com  | Unknown     | before consent, after acceptance | Session   | ✅ No            | <!-- fill in -->      |
-| `gtmreferers`                                       | www.afp.com   | Unknown     | before consent, after acceptance | 3 months  | ✅ No            | <!-- fill in -->      |
-| `lidc`                                              | .linkedin.com | Unknown     | before consent, after acceptance | 1 days    | ✅ No            | <!-- fill in -->      |
-| `OptanonAlertBoxClosed`                             | .www.afp.com  | Unknown     | after acceptance                 | 12 months | ✅ No            | <!-- fill in -->      |
-| `OptanonConsent`                                    | .www.afp.com  | Unknown     | before consent, after acceptance | 12 months | ✅ No            | <!-- fill in -->      |
-| `VISITOR_INFO1_LIVE`                                | .youtube.com  | Unknown     | before consent, after acceptance | 6 months  | ✅ No            | <!-- fill in -->      |
-| `VISITOR_PRIVACY_METADATA`                          | .youtube.com  | Unknown     | before consent, after acceptance | 6 months  | ✅ No            | <!-- fill in -->      |
----
-_Automatically generated by gdpr-cookie-scanner. Categories marked "Unknown" could not be identified automatically and should be verified manually._

package/docs/reports/www.afp.com/gdpr-report-afp.com-2026-02-22.md DELETED Viewed

@@ -1,202 +0,0 @@
-# GDPR Compliance Report — www.afp.com
-> **Scan date:** 22/02/2026, 19:36:58
-> **Scanned URL:** https://www.afp.com/
-> **Scan duration:** 14.0s
-> **Tool:** gdpr-cookie-scanner v0.1.0
-## Global Compliance Score
-### 🔴 47/100 — Grade D
-| Criterion        | Score      | Progress   | Status |
-| ---------------- | ---------- | ---------- | ------ |
-| Consent validity | 20/25      | ████████░░ | ✅     |
-| Easy refusal     | 10/25      | ████░░░░░░ | ❌     |
-| Transparency     | 14/25      | ██████░░░░ | ⚠️     |
-| Cookie behavior  | 3/25       | █░░░░░░░░░ | ❌     |
-| **TOTAL**        | **47/100** |            | **D**  |
-## Executive Summary
-✅ Consent modal detected (`#onetrust-banner-sdk`).
-❌ **3 non-essential cookie(s)** set before any interaction (RGPD violation).
-❌ **3 non-essential cookie(s)** persisting after rejection (RGPD violation).
-❌ **13 tracker request(s)** fired before consent.
-**3 critical issue(s)** and **3 warning(s)** identified.
-## 1. Consent Modal
-**CSS selector:** `#onetrust-banner-sdk`
-**Granular controls:** ✅ Yes
-**Layer count:** 2
-**Privacy policy link:** ⚠️ Not found in the modal
-### Detected buttons
-| Button         | Text                       | Visible | Font size | Contrast ratio |
-| -------------- | -------------------------- | ------- | --------- | -------------- |
-| ⚙️ Preferences | Paramètres des cookies     | ✅      | 13.008px  | 5.2:1          |
-| ❓ Unknown     | Autoriser tous les cookies | ✅      | 13.008px  | 5.2:1          |
-| 🟢 Accept      | Continuer sans accepter    | ✅      | 11.04px   | 3.83:1         |
-### Screenshot
-![Consent modal](modal-initial.png)
-### Modal text excerpt
-> En cliquant sur « Autoriser tous les cookies », vous acceptez le stockage de cookies sur votre appareil pour améliorer la navigation sur le site, analyser son utilisation et contribuer à nos efforts de marketing. Paramètres des cookies Autoriser tous les cookiesContinuer sans accepter
-## 2. Dark Patterns and Detected Issues
-### ❌ Critical issues
-**No reject button on first layer**
-> CNIL (2022) requires reject to require no more clicks than accept
-**3 non-essential cookie(s) deposited before any interaction**
-> YSC (social), bcookie (advertising), li_gc (advertising)
-**13 tracker request(s) fired before any consent**
-> Google Tag Manager, LinkedIn Insight Tag, Microsoft Clarity, Tracking Pixel
-### ⚠️ Warnings
-**Missing required information: "third-parties"**
-> The consent text does not mention third-parties
-**Missing required information: "withdrawal"**
-> The consent text does not mention withdrawal
-**No privacy policy link found in the consent modal**
-> GDPR Art. 13 requires the privacy policy to be accessible from the consent interface
-## 3. Cookies Set Before Any Interaction
-| Name                                                | Domain        | Category    | Expiry    | Consent required |
-| --------------------------------------------------- | ------------- | ----------- | --------- | ---------------- |
-| `__Secure-YNID`                                     | .youtube.com  | unknown     | 6 months  | ✅ No            |
-| `YSC`                                               | .youtube.com  | social      | Session   | ⚠️ Yes           |
-| `__Secure-ROLLOUT_TOKEN`                            | .youtube.com  | unknown     | 6 months  | ✅ No            |
-| `VISITOR_INFO1_LIVE`                                | .youtube.com  | unknown     | 6 months  | ✅ No            |
-| `VISITOR_PRIVACY_METADATA`                          | .youtube.com  | unknown     | 6 months  | ✅ No            |
-| `_mkto_trk`                                         | .afp.com      | unknown     | 13 months | ✅ No            |
-| `_gcl_au`                                           | .afp.com      | unknown     | 3 months  | ✅ No            |
-| `gtmreferers`                                       | www.afp.com   | unknown     | 3 months  | ✅ No            |
-| `_pcid`                                             | .afp.com      | unknown     | 13 months | ✅ No            |
-| `_pctx`                                             | .afp.com      | unknown     | 13 months | ✅ No            |
-| `_pprv`                                             | .afp.com      | unknown     | 13 months | ✅ No            |
-| `OptanonConsent`                                    | .www.afp.com  | unknown     | 12 months | ✅ No            |
-| `__cf_bm`                                           | .page.afp.com | unknown     | < 1 day   | ✅ No            |
-| `bcookie`                                           | .linkedin.com | advertising | 12 months | ⚠️ Yes           |
-| `li_gc`                                             | .linkedin.com | advertising | 6 months  | ⚠️ Yes           |
-| `lidc`                                              | .linkedin.com | unknown     | 1 days    | ✅ No            |
-| `BIGipServer~VS65000-N117~lon08web-nginx-app_https` | page.afp.com  | unknown     | Session   | ✅ No            |
-## 4. Cookies After Consent Rejection
-✅ No non-essential cookie detected after rejection.
-_No cookies detected._
-## 5. Cookies After Consent Acceptance
-| Name                                                | Domain        | Category    | Expiry    | Consent required |
-| --------------------------------------------------- | ------------- | ----------- | --------- | ---------------- |
-| `AKA_A2`                                            | .afp.com      | unknown     | < 1 day   | ✅ No            |
-| `_mkto_trk`                                         | .afp.com      | unknown     | 13 months | ✅ No            |
-| `__Secure-YNID`                                     | .youtube.com  | unknown     | 6 months  | ✅ No            |
-| `YSC`                                               | .youtube.com  | social      | Session   | ⚠️ Yes           |
-| `VISITOR_INFO1_LIVE`                                | .youtube.com  | unknown     | 6 months  | ✅ No            |
-| `VISITOR_PRIVACY_METADATA`                          | .youtube.com  | unknown     | 6 months  | ✅ No            |
-| `__Secure-ROLLOUT_TOKEN`                            | .youtube.com  | unknown     | 6 months  | ✅ No            |
-| `_gcl_au`                                           | .afp.com      | unknown     | 3 months  | ✅ No            |
-| `gtmreferers`                                       | www.afp.com   | unknown     | 3 months  | ✅ No            |
-| `__cf_bm`                                           | .page.afp.com | unknown     | < 1 day   | ✅ No            |
-| `_pcid`                                             | .afp.com      | unknown     | 13 months | ✅ No            |
-| `_pctx`                                             | .afp.com      | unknown     | 13 months | ✅ No            |
-| `bcookie`                                           | .linkedin.com | advertising | 12 months | ⚠️ Yes           |
-| `li_gc`                                             | .linkedin.com | advertising | 6 months  | ⚠️ Yes           |
-| `lidc`                                              | .linkedin.com | unknown     | 1 days    | ✅ No            |
-| `BIGipServer~VS65000-N117~lon08web-nginx-app_https` | page.afp.com  | unknown     | Session   | ✅ No            |
-| `OptanonAlertBoxClosed`                             | .www.afp.com  | unknown     | 12 months | ✅ No            |
-| `OptanonConsent`                                    | .www.afp.com  | unknown     | 12 months | ✅ No            |
-| `_pprv`                                             | .afp.com      | unknown     | 13 months | ✅ No            |
-## 6. Network Requests — Detected Trackers
-### Before interaction (13 tracker(s))
-| Tracker              | Category    | URL                                                            | Type     |
-| -------------------- | ----------- | -------------------------------------------------------------- | -------- |
-| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/gtm.js?id=GTM-T4C5DKK`       | script   |
-| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/gtag/js?id=AW-1090164081...` | script   |
-| LinkedIn Insight Tag | advertising | `https://snap.licdn.com/li.lms-analytics/insight.min.js`       | script   |
-| Microsoft Clarity    | analytics   | `https://www.clarity.ms/tag/t3we3mu2lf?ref=gtm`                | script   |
-| Tracking Pixel       | pixel       | `https://www.google.com/ccm/collect?frm=0&en=page_view&dl=...` | fetch    |
-| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/static/service_worker/62...` | document |
-| Tracking Pixel       | pixel       | `https://www.google.com/ccm/collect?frm=0&en=page_view&dl=...` | fetch    |
-| Tracking Pixel       | pixel       | `https://kxgqdwd.pa-cd.com/event?s=628508&idclient=mly3a95...` | ping     |
-| Tracking Pixel       | pixel       | `https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=347975...` | image    |
-| Microsoft Clarity    | analytics   | `https://scripts.clarity.ms/0.8.54/clarity.js`                 | script   |
-| Microsoft Clarity    | analytics   | `https://y.clarity.ms/collect`                                 | xhr      |
-| Tracking Pixel       | pixel       | `https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=34797...` | image    |
-| Microsoft Clarity    | analytics   | `https://y.clarity.ms/collect`                                 | xhr      |
-### After acceptance (26 tracker(s))
-| Tracker              | Category    | URL                                                            | Type     |
-| -------------------- | ----------- | -------------------------------------------------------------- | -------- |
-| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/gtm.js?id=GTM-T4C5DKK`       | script   |
-| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/gtag/js?id=AW-1090164081...` | script   |
-| LinkedIn Insight Tag | advertising | `https://snap.licdn.com/li.lms-analytics/insight.min.js`       | script   |
-| Microsoft Clarity    | analytics   | `https://www.clarity.ms/tag/t3we3mu2lf?ref=gtm`                | script   |
-| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/a?id=GTM-T4C5DKK&v=3&t=t...` | image    |
-| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/a?id=GTM-T4C5DKK&v=3&t=t...` | image    |
-| Tracking Pixel       | pixel       | `https://www.google.com/ccm/collect?frm=0&en=page_view&dl=...` | fetch    |
-| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/a?id=GTM-T4C5DKK&v=3&t=t...` | image    |
-| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/a?id=GTM-T4C5DKK&v=3&t=t...` | image    |
-| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/a?id=GTM-T4C5DKK&v=3&t=t...` | image    |
-| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/static/service_worker/62...` | document |
-| Tracking Pixel       | pixel       | `https://www.google.com/ccm/collect?frm=0&en=page_view&dl=...` | fetch    |
-| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/a?ctid=GTM-T4C5DKK&t=s&s...` | image    |
-| Tracking Pixel       | pixel       | `https://kxgqdwd.pa-cd.com/event?s=628508&idclient=mly3ad9...` | ping     |
-| Tracking Pixel       | pixel       | `https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=347975...` | image    |
-| Microsoft Clarity    | analytics   | `https://scripts.clarity.ms/0.8.54/clarity.js`                 | script   |
-| Microsoft Clarity    | analytics   | `https://y.clarity.ms/collect`                                 | xhr      |
-| Tracking Pixel       | pixel       | `https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=34797...` | image    |
-| Google Tag Manager   | analytics   | `https://www.googletagmanager.com/a?id=GTM-T4C5DKK&v=3&t=t...` | image    |
-| Microsoft Clarity    | analytics   | `https://y.clarity.ms/collect`                                 | xhr      |
-_... and 6 additional request(s)._
-## 7. Recommendations
-1. **Add a "Reject all" button** at the first layer of the modal, requiring no more clicks than "Accept all" (CNIL 2022).
-1. **Do not set any non-essential cookie before consent.** Gate the initialisation of third-party scripts on acceptance.
-1. **Complete the modal information**: purposes, identity of sub-processors, retention period, right to withdraw.
-1. **Remove or block non-essential cookies** after rejection, and verify consent handling server-side.
-## Scan Errors and Warnings
-- ⚠️ No reject button found — could not test rejection flow
-## Legal References
-- **RGPD Art. 7** — Conditions for consent
-- **RGPD Recital 32** — Consent must result from an unambiguous positive action
-- **ePrivacy Directive 2002/58/EC** — Consent requirement for non-essential cookies
-- **CEPD Guidelines 05/2020** — Consent under the RGPD
-- **CEPD Guidelines 03/2022** — Dark patterns on platforms
-- **CNIL Recommendation 2022** — Rejection must be as easy as acceptance (same number of clicks)

package/docs/reports/www.afp.com/gdpr-report-afp.com-2026-02-22.pdf DELETED Viewed

Binary file

package/docs/reports/www.afp.com/modal-initial.png DELETED Viewed

Binary file

/package/{docs → website/public}/style.css RENAMED Viewed

File without changes