Scanning a site with Transcend Consent
If you're using our Transcend Consent module in conjunction with the Web Auditor, then we will automatically run a few extra tests to ensure that your Transcend Consent is set up properly. Below is a list of these extra tests and what they mean:
| Finding Class | Severity | Meaning |
|---|---|---|
| Airgap Not Found | Informational | Transcend Consent module airgap.js was not detected on the site. Likely you have not included the script tag on your site, or maybe there was some problem with loading this script tag |
| Unregulated Cookie Stored | Informational | A cookie marked with Essential purpose was stored without being regulated by airgap. |
| Unregulated Cookie Stored | Medium | A cookie not explicitly tagged with any tracking purpose was stored without being regulated by airgap. |
| Unregulated Cookie Stored | High | A cookie that was explicitly tagged with a non-essential tracking purpose was stored without being regulated by airgap. |
| Unregulated Network Request Made | Informational | A network request was made to a domain tagged with Essential purpose without being regulated by airgap. |
| Unregulated Network Request Made | Medium | A network request not explicitly tagged with any tracking purpose was made without being regulated by airgap. |
| Unregulated Network Request Made | High | A network request that was explicitly tagged with a non-essential tracking purpose was stored without being regulated by airgap. |
"Unregulated" here means that airgap.js did not regulate the cookie/network request at all -- that is, it did not have the chance to inspect the mutation/event and make a determination to block or allow based on user consent and bundle configuration. This could happen for a variety of reasons:
- Script load order.
airgap.jscannot regulate scripts that are loaded before its initialization is completed. This may be the desired behavior if you want to prioritize the loading of site-critical assets that do not track the user prior to loading airgap. airgap.js(or any client-side JS code, for that matter) cannot detect or proactively regulate the storing of HTTPOnly Cookies. We can only regulate them on a reactive basis, such as when user consent changes, if not prevented through our network regulation. We also offer the APIsclearCookies()andclearDisallowedCookies()for you to programmatically remove any disallowed cookies, at a point in the user journey that makes sense.- A gap in our regulation capabilities. See Feature Regulation Roadmap for more details.
Please also keep in mind that our tests are conducted using the published airgap.js configuration, which may differ from your staged configuration in the dashboard. It's recommended to run an auditor scan immediately following any publishes of your airgap bundle.
- Inspect the Unregulated Cookie or Network request and tag them as Essential if they are indeed critical to your site functionality and do not track user data.
- If the Unregulated Cookie or Network request should be regulated, then revisit your script load ordering to ensure that they are loaded after
airgap.jsinitialization has completed. - For Unregulated HTTPOnly cookies, make sure to add them to your list of cookies as an exact-match entry, tagged with a non-Essential purpose. We can regulate those by blocking the network request that would have dropped those cookies, so another option here is to add the request that would've dropped those cookies to your list of Data Flows.
- Upgrade to the latest version of
airgap.js. We regulate data collection by patching the DOM APIs, which changes over time. To make sure that you're getting the latest bug fixes and regulation capabilities, please make sure to upgrade yourairgap.jsversion to the latest.
If you have questions, please don't hesitate to reach out to our team for help!