Scanner
The scanner is the part of OptSens that visits your site and records what it sets: cookies, third-party scripts, iframes and tracking requests. The results become your cookie declaration and the items you manage on the Scripts and cookies and Iframe rules pages. Scans are performed by the OptSensBot crawler, and its page covers the user agent, verification and firewall allowlisting.
What a scan detects
The scanner loads your pages in a real Chromium browser with JavaScript running, and sees what an actual visitor's browser would. During a scan it records:
- Cookies set while the page loads, including cookies set by your server
- Third-party scripts
- Iframes and other embeds
- Tracking pixels and beacon requests
- The third-party domains those resources come from
Each cookie, script and iframe is matched against the OptSens library and sorted into a category. Anything not recognized is marked unknown for you to classify.
Quick scan and full scan
| Quick scan | Full scan | |
|---|---|---|
| Pages | Your homepage only | Homepage plus discovered subpages |
| Page limit | One page | Your plan's pages-per-scan limit |
| Subpage discovery | No | Follows links found on the homepage |
| Where it runs | Public check and onboarding | Scheduled and dashboard scans |
A full scan starts at your homepage, discovers links to other pages on the same site, and visits pages up to the pages-per-scan limit of your plan. Higher plans scan more pages. The scan stays on your own domain and does not follow links to other sites. See Choose a plan for how plans scale.
How often it runs
Scan frequency follows your plan. A scan runs:
- When you add a domain at onboarding
- When you start one from the dashboard
- On a schedule, if your plan includes recurring scans
Plans with a single scan show a note on the scanner page and do not have the recurring-scan settings. On recurring plans you can:
- Auto domain scan: turn the scheduled scans on or off. When off, your domain is no longer rescanned on the plan schedule.
- Reset consent after scan: ask every visitor for consent again after a scan. Visitors then always respond to the latest detected cookies.
The scanner page shows the latest scan status, the cookie count, when it ran, and the next scheduled scan.
Reading the results
After a scan, the scanner page shows:
- Scan status with the cookies found, the scan date and the next scan
- Changes since last scan, comparing the latest scan to the previous one to show cookies that were added, removed or changed
- The detected cookies, searchable and filterable by category, with CSV export
- A scan history of every run, each opening a per-scan report
Crawl etiquette
The scanner reads your robots.txt and honors Disallow rules for the
OptSensBot user agent, which lets you keep parts of your site out of a
scan. It also honors Crawl-delay. Requests are throttled and a scan does
not put meaningful load on your site. Full details are on the
OptSensBot page.
If a scan comes back empty
The usual cause is a bot challenge or firewall serving the scanner a challenge page instead of your site. Allow OptSensBot and run the scan again. The OptSensBot page lists the allow options for Cloudflare and other providers.
Verifying your setup
Alongside cookie scans, OptSens runs an implementation check that confirms the banner is installed and consent fires, and a Consent Mode v2 check for Google tags. To confirm the banner is live on your site, see verify installation.