Unclassified cookies

Why this matters

Unknown cookie purpose weakens transparency and can hide non-essential processing. Classification is necessary for accurate disclosure and lawful consent handling.

How to verify manually

1. List all cookies set during a fresh session and after each consent action.
2. Map each cookie to the script, tag, or plugin that sets it.
3. Flag cookies with no documented owner, purpose, or category.

Typical root causes

• Legacy tags still set cookies but are no longer documented.
• CMP classification database does not recognize custom or niche cookies.
• Multiple plugins or vendors write overlapping cookies without governance.

GTM fix

1. Audit tag inventory and map each tag to explicit cookie outputs.
2. Assign purpose categories and align with consent checks.
3. Remove legacy tags that set cookies without clear business justification.

WordPress fix

1. Run a full cookie scan in your CMP plugin and review uncategorized entries.
2. Map each cookie to essential, analytics, marketing, or functional categories.
3. Publish an updated cookie declaration and re-scan after deployment.

Generic fix

1. Build a cookie register including name, provider, purpose, duration, and legal basis.
2. Default unknown non-essential cookies to blocked until reviewed.
3. Keep declarations versioned and synced with release changes.

How to confirm the fix worked

• Re-run cookie inventory after categorizing the unknown entries.
• Confirm declarations and CMP category labels match the runtime cookies.
• Run a fresh scan and confirm the number of unclassified cookies drops.