Script & Cookie Scanner
The Scripts & Cookies scanner helps you discover what your site loads (scripts + cookies) so you can categorize them and then control them with ConsentMagic rules (and generate an accurate cookie/cookies declaration for visitors).
You’ll find it in ConsentMagic Pro → Scripts & Cookies → Scanner.
What the scanner detects
After each scan, ConsentMagic lists:
- Scripts (both Pre-defined Scripts and Custom Scripts)
- Cookies set by your site and third-party tools
- A quick summary (last scan date, how many URLs scanned, how many scripts + cookies detected)
These results become the “source of truth” for:
- which items are blocked/allowed per consent category (Marketing, Analytics, Embedded Videos, etc.)
- what you display to users in your cookie policy / disclosure pages
Scan settings (top section)
Auto scan type
Choose what pages ConsentMagic checks:
- Scan key pages (recommended for most sites)
Faster scans that focus on the pages where tracking usually exists (home, product/cart/checkout, forms pages, etc.). - Scan all pages
More complete, but slower. Use it if you have scripts loaded only on specific pages/posts.
Cookie scanner URL per request
Controls how many URLs are scanned in one “batch”.
- Higher number = faster scans, but higher risk of timeouts on slower hosting.
- Lower number = safer on shared hosting / heavy sites.
Auto scan interval
How often ConsentMagic runs scans automatically (example shown: Once a week).
Tip: Weekly is a good default. If you frequently add/remove scripts (ads, pixels, embeds), keep it on.
Email after auto-scan completes
If enabled, ConsentMagic sends an email when an auto-scan finishes (useful to catch new cookies/scripts early).
Run scan now
Use Run scan now after:
- installing a new tracking plugin/pixel
- changing tag settings (Meta/Google/TikTok/etc.)
- adding new embedded content (YouTube/Vimeo)
- changing caching/minification settings (which can change how scripts load)
Scripts section (detected scripts)
This table shows each detected script and its assigned category (e.g., Marketing, Analytics, Embedded Videos, Google Fonts).
You’ll also see whether it’s:
- Pre-defined Script (known script pattern ConsentMagic recognizes automatically)
- Custom Script (something detected/added manually or via a plugin where ConsentMagic treats it as custom)
Why it matters: the category is what your consent rules and banner toggles use to decide whether the script runs.
Cookies section (detected cookies)
This section lists cookies found on the scanned pages and lets you assign each to a category using the dropdown.
- If ConsentMagic can’t recognize a cookie, it appears as Unassigned.
- The banner warning (“You have X Unassigned cookies…”) means you should categorize them so your disclosure and blocking rules remain accurate.
Use the Details link to inspect a cookie before assigning it.
Best practice: keep “Unassigned” at zero (or as close as possible), especially before going live.
Shortcodes (show scan results to visitors)
ConsentMagic provides shortcodes to display the latest scan results on your site (usually on a Cookie Policy / Cookies page):
Scripts
Embedded Videos
- Youtube embed
Analytics
- Google Analytics
- Google Ads Tag
Google Fonts
- Google fonts
Marketing
- Facebook Pixel
Cookies
Embedded_video
- YSC
- VISITOR_INFO1_LIVE
- GPS
- PREF
Analytics
- __utmd
- _gac_UA
- _utm
- _dc_gtm_UA
- UTMD_
- gtag_logged_in
- _gat_gtag_UA_
- utm_campaign
- utm_source
- _opt_expid
- _opt_utmc
- _opt_awkid
- _opt_awgid
- _opt_awmid
- _opt_awcid
- _gac_
- _gac_gb_
- _ga_
- _gaexp
- __utmxx
- __utmx
- __utmv
- __utmz
- __utmc
- __utmb
- __utmt
- __utma
- AMP_TOKEN
- _gat
- _gid
- _ga
- __gads
Unassigned
- __utm.gif
Marketing
- TAID
- AID
- google_adsense_settings
- _fbm_
- actppresence
- sb
- csm
- c_user
- datr
- _fbp
- act
- fr
- wd
- xs
- fbm
- _fbc
- _js_datr
Cookies
Embedded_video
- YSC
- VISITOR_INFO1_LIVE
- GPS
- PREF
Analytics
- __utmd
- _gac_UA
- _utm
- _dc_gtm_UA
- UTMD_
- gtag_logged_in
- _gat_gtag_UA_
- utm_campaign
- utm_source
- _opt_expid
- _opt_utmc
- _opt_awkid
- _opt_awgid
- _opt_awmid
- _opt_awcid
- _gac_
- _gac_gb_
- _ga_
- _gaexp
- __utmxx
- __utmx
- __utmv
- __utmz
- __utmc
- __utmb
- __utmt
- __utma
- AMP_TOKEN
- _gat
- _gid
- _ga
- __gads
Unassigned
- __utm.gif
Marketing
- TAID
- AID
- google_adsense_settings
- _fbm_
- actppresence
- sb
- csm
- c_user
- datr
- _fbp
- act
- fr
- wd
- xs
- fbm
- _fbc
- _js_datr
Scripts
Embedded Videos
- Youtube embed
Analytics
- Google Analytics
- Google Ads Tag
Google Fonts
- Google fonts
Marketing
- Facebook Pixel
Scripts
Embedded Videos
- Youtube embed
YouTube Embedded content is used to display YouTube videos on this website. YouTube scripts can collect data about users and how they interact with the videos.
Analytics
- Google Analytics
Google Analytics lets you measure your advertising ROI as well as track your Flash, video, and social networking sites and applications
- Google Ads Tag
Google AdSense allows websites to earn money by using a Google display tool on the website to host third-party ads that are relevant to their audience.
Google Fonts
- Google fonts
Google Fonts is a font embedding service library. Google Fonts are stored on Google\'s CDN. The Google Fonts API is designed to limit the collection, storage, and use of end-user data to only what is needed to serve fonts efficiently. Use of Google Fonts API is unauthenticated. No cookies are sent by website visitors to the Google Fonts API. Requests to the Google Fonts API are made to resource-specific domains, such as fonts.googleapis.com or fonts.gstatic.com. This means your font requests are separate from and don\'t contain any credentials you send to google.com while using other Google services that are authenticated, such as Gmail.
Marketing
- Facebook Pixel
The Facebook pixel is a piece of code that collects data that helps to track conversions from Facebook ads, optimize ads, build targeted audiences for future ads and remarket to people who have already taken some kind of action on the website.
Cookies
Embedded_video
- YSC
to Store and track interaction.
- VISITOR_INFO1_LIVE
to provide bandwidth estimations.
- GPS
to store location data.
- PREF
to store user preferences.
Analytics
- __utmd
to store and track visitor journeys through the site and classifies them into groups.
- _gac_UA
- _utm
to store and track visits across websites.
- _dc_gtm_UA
to store number of service requests.
- UTMD_
to store and count pageviews.
- gtag_logged_in
- _gat_gtag_UA_
- utm_campaign
to Provide parameters to URLs to identify the campaigns that refer traffic.
- utm_source
to Provide parameters to URLs to identify the campaigns that refer traffic.
- _opt_expid
Thrown when a redirect experiment is running. Stores the experiment ID, variation ID, and referral source to the redirected page.
- _opt_utmc
Retains the last query parameter utm_campaign.
- _opt_awkid
Used for campaigns linked to Google Ads Criteria IDs.
- _opt_awgid
Used for campaigns associated with Google Ads ad group IDs.
- _opt_awmid
Used for campaigns linked to Google Ads Campaign IDs.
- _opt_awcid
Used for campaigns that are linked to Google Ads customer IDs.
- _gac_
- _gac_gb_
- _ga_
- _gaexp
- __utmxx
Determines when the experiment in which the user participated expires.
- __utmx
Determines if the user took part in the experiment.
- __utmv
Stores data about a visitor level custom variable. Thrown when a developer uses the _setCustomVar method with a visitor-level custom variable. Also used by the _setVar method, which is no longer supported. Updated every time data is sent to Google Analytics.
- __utmz
Stores information about the source of traffic or campaign, allowing you to understand where the user came to the site from. Generated when the library is run and updated every time data is submitted to Google Analytics.
- __utmc
Not used in ga.js. Installed for interoperability with urchin.js. Previously worked in conjunction with the __utmb cookie to determine whether a user should start a new session or visit.
- __utmb
Used to define new sessions / visits. Thrown when the JavaScript library is executed if there are no existing __utmb cookies. Updated every time data is sent to Google Analytics.
- __utmt
Limits the frequency of requests.
- __utma
Allows you to distinguish between users and sessions. Thrown when the JavaScript library is executed, if there are no existing __utma cookies. Updated every time data is sent to Google Analytics.
- AMP_TOKEN
Contains a token that can be used to get the Client-ID from the AMP service. Other possible values: disabling the function, active request, or an error in obtaining the Client-ID from the AMP service.
- _gat
- _gid
Allows you to differentiate between users.
- _ga
- __gads
Unassigned
- __utm.gif
Marketing
- TAID
- AID
- google_adsense_settings
to provide ad delivery or retargeting.
- _fbm_
to store account details.
- actppresence
to store and track if the browser tab is active.
- sb
to store browser details.
- csm
to provide fraud prevention.
- c_user
to store a unique user ID.
- datr
to provide fraud prevention.
- _fbp
to store and track visits across websites.
- act
to Store logged in users.
- fr
to provide ad delivery or retargeting.
- wd
to read screen resolution.
- xs
to store a unique session ID.
- fbm
to store account details.
- _fbc
to store last visit.
- _js_datr
to store user preferences
- Youtube embed
Cookies
Embedded_video
- YSC
to Store and track interaction.
- VISITOR_INFO1_LIVE
to provide bandwidth estimations.
- GPS
to store location data.
- PREF
to store user preferences.
Analytics
- __utmd
to store and track visitor journeys through the site and classifies them into groups.
- _gac_UA
- _utm
to store and track visits across websites.
- _dc_gtm_UA
to store number of service requests.
- UTMD_
to store and count pageviews.
- gtag_logged_in
- _gat_gtag_UA_
- utm_campaign
to Provide parameters to URLs to identify the campaigns that refer traffic.
- utm_source
to Provide parameters to URLs to identify the campaigns that refer traffic.
- _opt_expid
Thrown when a redirect experiment is running. Stores the experiment ID, variation ID, and referral source to the redirected page.
- _opt_utmc
Retains the last query parameter utm_campaign.
- _opt_awkid
Used for campaigns linked to Google Ads Criteria IDs.
- _opt_awgid
Used for campaigns associated with Google Ads ad group IDs.
- _opt_awmid
Used for campaigns linked to Google Ads Campaign IDs.
- _opt_awcid
Used for campaigns that are linked to Google Ads customer IDs.
- _gac_
- _gac_gb_
- _ga_
- _gaexp
- __utmxx
Determines when the experiment in which the user participated expires.
- __utmx
Determines if the user took part in the experiment.
- __utmv
Stores data about a visitor level custom variable. Thrown when a developer uses the _setCustomVar method with a visitor-level custom variable. Also used by the _setVar method, which is no longer supported. Updated every time data is sent to Google Analytics.
- __utmz
Stores information about the source of traffic or campaign, allowing you to understand where the user came to the site from. Generated when the library is run and updated every time data is submitted to Google Analytics.
- __utmc
Not used in ga.js. Installed for interoperability with urchin.js. Previously worked in conjunction with the __utmb cookie to determine whether a user should start a new session or visit.
- __utmb
Used to define new sessions / visits. Thrown when the JavaScript library is executed if there are no existing __utmb cookies. Updated every time data is sent to Google Analytics.
- __utmt
Limits the frequency of requests.
- __utma
Allows you to distinguish between users and sessions. Thrown when the JavaScript library is executed, if there are no existing __utma cookies. Updated every time data is sent to Google Analytics.
- AMP_TOKEN
Contains a token that can be used to get the Client-ID from the AMP service. Other possible values: disabling the function, active request, or an error in obtaining the Client-ID from the AMP service.
- _gat
- _gid
Allows you to differentiate between users.
- _ga
- __gads
Unassigned
- __utm.gif
Marketing
- TAID
- AID
- google_adsense_settings
to provide ad delivery or retargeting.
- _fbm_
to store account details.
- actppresence
to store and track if the browser tab is active.
- sb
to store browser details.
- csm
to provide fraud prevention.
- c_user
to store a unique user ID.
- datr
to provide fraud prevention.
- _fbp
to store and track visits across websites.
- act
to Store logged in users.
- fr
to provide ad delivery or retargeting.
- wd
to read screen resolution.
- xs
to store a unique session ID.
- fbm
to store account details.
- _fbc
to store last visit.
- _js_datr
to store user preferences
- YSC
[cm_scan_scripts_description]– scripts + descriptions
These are the easiest way to keep your public cookie disclosure page updated without manually editing lists.
Important note about “Unassigned”
If something is Unassigned, ConsentMagic can’t confidently control or disclose it correctly until you categorize it. After you assign categories, your consent rules can block/allow those items consistently.