
How to Audit Cookies for GDPR Compliance in Firefox (Step-by-Step)
Firefox has always been the browser of choice for people who actually care about privacy. So if you are a developer, agency owner or privacy professional trying to verify whether a website respects GDPR, Firefox is a natural place to start. The question is not whether you should audit cookies, but how to do it without spending half a day in DevTools. This guide walks you through a complete GDPR cookie audit in Firefox — first manually, then with the ConsentScope Firefox extension so you can spot violations in seconds instead of hours.
What you are actually looking for during a GDPR cookie audit
GDPR compliance is not about counting cookies. It is about timing and purpose. A website can have fifty cookies and still be compliant, or three cookies and still break the law. The key question is: which cookies are set before the user gives explicit consent? Under GDPR and the ePrivacy Directive, only strictly necessary cookies can be stored or accessed before consent. Everything else — analytics, marketing, personalization, social media, A/B testing — must wait for a clear affirmative action.
When you audit a page in Firefox, you want to build a simple timeline. Mark the moment the page loads as t0. Mark the moment you see a non-essential cookie appear as t1. Mark the moment you click Accept on the consent banner as t2. If t1 happens before t2, you have a pre-consent violation. It really is that simple in theory. In practice, websites load dozens of scripts asynchronously, so you need a systematic approach.
Step 1: Prepare a clean Firefox session
Before you audit anything, you need a completely clean browser state. Open a new private window in Firefox. Private mode does not block cookies by default, but it starts with an empty cookie jar, which is exactly what you want. Close all other tabs and make sure you have not visited the target site recently.
If you want to be extra thorough, open the address bar, click the lock icon next to the URL after loading the page once, and clear cookies and site data. Then close the tab and reload the site. This removes any leftover state that could skew your results.
Step 2: Inspect cookies manually with Firefox Developer Tools
Firefox has excellent built-in developer tools. Press F12 to open them, then switch to the Storage tab. In the left sidebar you will see Cookies, Local Storage, Session Storage and IndexedDB. Expand the Cookies section and select the domain you are auditing. Keep this panel visible while you reload the page.
Now reload the page with Ctrl+R but do not touch the consent banner yet. Watch the cookie list. If any cookies appear before you interact with the banner, write them down. Pay special attention to domains that are not the site you are visiting. A first-party analytics cookie is still a violation if it fires before consent, but third-party cookies are usually the biggest red flag.
What to write down for each cookie
- Name of the cookie
- Domain that set it
- Value or category hint in the name
- Whether it appeared before or after consent
- Expiration date
Step 3: Check the Network tab for third-party scripts
Cookies are only half the story. The other half is scripts that fingerprint users, send data to ad networks or load tracking pixels without storing anything locally. Switch to the Network tab, reload the page and filter by JS, XHR and Img. Look for requests to domains like google-analytics.com, facebook.com, doubleclick.net, hotjar.com, clarity.ms, linkedin.com or tiktok.com.
If these requests fire before consent, that is also a GDPR problem. Even if a script does not set a cookie, it may still transmit personal data such as IP address, referrer, user agent and page URL. Under GDPR, that transmission requires a legal basis, and for marketing or analytics purposes that legal basis is almost always consent.
Step 4: Use ConsentScope to automate the audit
Manual audits are educational, but they do not scale. If you manage multiple client sites or you need evidence for a Data Protection Officer, you want a tool that records everything automatically. The ConsentScope Firefox extension is built exactly for this. It monitors cookies, localStorage, sessionStorage and third-party scripts in real time and flags pre-consent violations as soon as they happen.
- Install ConsentScope from the Firefox Add-ons store.
- Open the website you want to audit in a fresh private window.
- Click the ConsentScope icon in the Firefox toolbar.
- Reload the page and wait for the scan to complete.
- Review the violation list, cookie categories and CMP detection.
- Click a single button to export a PDF evidence report if you are on Pro.
What makes this faster than DevTools is that ConsentScope knows which cookies belong to which category and which CMP is running on the page. Instead of manually guessing whether _ga is analytics or marketing, you see it labeled immediately. Instead of reading through a banner to find the Reject button, the extension tells you whether it exists and whether pre-toggled toggles are present.
Common Firefox cookie audit findings and what they mean
| Finding | Why it matters | Typical culprit |
|---|---|---|
| Cookies set before banner loads | No consent was possible yet | Server-side analytics, preloaded marketing tags |
| No visible Reject All button | Forces users toward Accept | Poorly configured CMP |
| Pre-toggled marketing toggles | Not a clear affirmative action | Default-on CMP settings |
| Third-party scripts before consent | Data leaves browser immediately | Google Tag Manager, Meta Pixel |
| localStorage used for tracking IDs | Same legal rules as cookies | Fingerprinting libraries, session replay tools |
What to do after you find violations
Finding violations is only the first step. The real work is fixing them. Start by reviewing your Consent Management Platform configuration. Make sure marketing and analytics tags are blocked by default and only fire after the user clicks Accept. If you use Google Tag Manager, check your trigger groups. If you use a custom banner, ask a lawyer or privacy consultant to review the wording and the opt-out mechanism.
Document your findings. Screenshot the DevTools Storage tab or export a ConsentScope PDF report. If you are an agency, share the report with your client and explain exactly what needs to change. Regulators love documentation, and clients love clarity.
Why Firefox users make the best auditors
Firefox users tend to be more privacy-conscious, which means they are also more likely to notice when a website behaves badly. If your site passes a Firefox audit with ConsentScope, it will almost certainly pass a Chrome or Edge audit too. The reverse is not always true. Some sites load additional trackers only when they detect Chromium-based browsers, so testing in Firefox can sometimes reveal issues that Chrome misses.
Audit your website in Firefox today
Install the free ConsentScope Firefox extension and detect GDPR cookie violations in real time. Get Pro for PDF evidence reports, scan history and advanced CMP analysis.
Add ConsentScope to FirefoxConsentScope Team
Verified authorPrivacy Engineers & Chrome and Firefox extension Developers
We build tools that help developers, agencies and privacy advocates detect GDPR cookie violations automatically. Our team analyzes consent banners, cookie behavior and third-party scripts across thousands of websites every month.
Related articles
How to Check If Cookies Are Set Before Consent (Complete GDPR Audit Guide)
Learn how to check if cookies are set before user consent. Step-by-step GDPR audit guide for developers, agencies and privacy professionals.
Cookiebot Not Blocking Cookies? Here's How to Debug and Fix It
Cookiebot still firing cookies before consent? Learn the most common causes, step-by-step debugging and fixes that actually work.
GDPR Cookie Audit Checklist [Free PDF Download]
Download our free GDPR cookie audit checklist. Step-by-step checklist for developers, agencies and DPOs to verify cookie compliance before the next release.