Overview
After inserting the osano.js
into the head of your website, Osano will automatically begin discovering and reporting the full URL of scripts attempting to load. It also identifies and reports cookies placed on your site. These discoveries help ensure compliance and enable better management of third-party scripts and cookies. However, not all discovered elements are relevant or essential, and this document will guide you through handling them.
How Osano Discovers Cookies
Cookies are managed using the document.cookie property. Osano listens for this event and discoveries the object that is written by document.cookie.
Due to this discovery methods, it is possible that cookies may be created or injected by JavaScript originating from external sources, including plugins or even infected user browsers, may be detected. Osano filters out what it can, but this type of content may still make its way through.
Recommendations for Managing
When external or unknown cookies are discovered, you have several options for handling them:
Leave in 'Discovered' & Clear: In Osano, leave these cookies in the "Discovered" section and click "Publish," followed by "Clear & Publish." This action clears the discovered section, and any one-off scripts that may have been erroneously captured won't be rediscovered.
If, after a "clear and publish" the cookie returns (ex. within 24 hours), you can be more assured that the cookie itself appears somewhere on your website and proceed to researching, blocklisting, or ignoring the cookie.
Blocklist the Cookie: If you determine that the script is unnecessary or potentially harmful, you can blocklist it. This action is similar to categorizing any other cookie, ensuring that it will never run again.
Ignore the Cookie: Using the "Ignore" button (located next to "Save to Managed" in Osano), you can remove these discoveries from the Discovered section, effectively hiding them from view.
Researching and Identifying Unknown Scripts & Cookies
It's always helpful to keep track of the tools you are using on your site, but there are times when you may not know what a particular script is or does. While Osano does its best to help you classify scripts and cookies, there may be instances where some elements remain unidentified. Below are steps you can take to identify them:
Option 1: Use Search Engines or AI Models
The easiest way to identify an unknown script or cookie is by using a search engine.
For example, searching for "_ga" would lead you to the vendor documentation for Google Analytics. Vendor documentation is the most reliable source for understanding what a cookie does and why it exists.
Similarly, LLM and AI like CoPilot and ChatGPT are adept at identifying known scripts and cookies and oftentimes will include sources in their output.
Option 2: Investigate Your Website
If search engine results don’t yield helpful information, investigate your site directly:
- Open Developer Tools: Right-click on your site and select "Inspect" or "Developer Tools."
- Check Cookies: Go to the "Application" tab, expand "Cookies," and investigate which cookies are loading on your site.
-
Use the Network Tab: In the "Network" tab, you can identify scripts responsible for placing cookies. For example, a cookie named
__hssc
may be traced back to a script from the domainhsappstatic.net
, which belongs to HubSpot.
This method may not identify every cookie or script, but it offers a solid starting point for further research.
Additional Insights
Osano’s discovery process highlights the importance of maintaining control over what runs on your site. By regularly reviewing discovered scripts and cookies and employing the options mentioned above, you can avoid potential issues caused by unwanted scripts, whether from external sources or malicious injections.