This page runs lightweight client-side probes for first-party cookie writes, web storage APIs, IndexedDB, approximated persistence quotas when exposed, plus opt-out knobs like Do Not Track and Global Privacy Control when your browser publishes them. It also counts only the cookies readable from JavaScript—not HttpOnly secrets—so developers can troubleshoot login and analytics breakage without implying full cookie inventory visibility.
🍪What Is My Cookie / Tracking Status
Cookies: what scripts can observe
HTTP cookies shuttle state between browsers and origins. Scripts access them through document.cookie, which returns cookie name/value pairs the page is allowed to read. Cookies marked HttpOnly, scoped to narrower paths, or restricted by SameSite=None; Secure rules behave differently depending on embedding context ( cross-site iframes, partitioned storage initiatives, Safari ITP-era heuristics, browser defaults in 2026).
Our temporary probe sets a uniquely named cookie on this hostname with SameSite=Lax, verifies readback, then deletes it—all without leaving lingering identifiers. Failure indicates aggressive blocking worthy of escalation for support engineers reproducing SSO bugs.
Web Storage, IndexedDB, and Cache APIs
localStorage and sessionStorage provide keyed string stores with synchronous access—ideal for feature flags yet hazardous for megabyte-scale payloads due to blocking the main thread.IndexedDB supports structured data and blobs for offline-first PWAs while remaining partitioned per security origin. Presence checks here confirm foundational APIs survive enterprise lockdown or extension interference.
DNT, GPC, and storage access APIs
Do Not Track survives as a readable string (`1`, `0`, or `unspecified`) even though regulators and vendors replaced most enforcement pathways with granular consent banners. Global Privacy Control aligns with lawful opt-outs for certain sale/share interpretations when exposed through navigator.globalPrivacyControl.
Embedded contexts optionally implement Storage Access API (hasStorageAccess, requestStorageAccess). On a top-level first-party page responses are largely informational—they matter more inside iframes that host embedded payment or authentication widgets attempting cross-site storage.
Privacy implications and QA value
Enumerating APIs does not inherently increase fingerprint entropy beyond what trackers already fingerprint, but product teams should avoid shipping giant composite diagnostics in hostile environments without user trust. Conversely, QA engineers diagnosing “works in staging, fails in hardened laptop image” crave reproducible surface checks before escalating to fleet policy admins.
Privacy note
Probing occurs entirely in-session; persistent identifiers beyond the ephemeral cookie test are avoided. Advertising and analytics on this domain follow our Privacy Policy—separate from the diagnostic summaries above.
Common questions
Are my cookies enabled?
Browsers expose `navigator.cookieEnabled` as a coarse switch, but the reliable check for this site is whether a short-lived **first-party** probe cookie can be written and read under your current settings. Privacy modes, enterprise policies, and per-site blocking can disable writes even when `cookieEnabled` is true.
Why can’t JavaScript see all of my cookies?
Cookies marked **HttpOnly** are hidden from `document.cookie` deliberately so injected scripts cannot steal session tokens. `Secure`, `SameSite`, path, and partitioned attributes also limit visibility. JavaScript therefore undercounts authentication cookies—that is normal, not evidence they are absent.
What is Global Privacy Control (GPC)?
GPC is a browser or extension signal requesting that sites exercise applicable opt-out rights (for example sale/sharing restrictions under certain US privacy laws where recognized). Detection here reads `navigator.globalPrivacyControl` where implemented; absence does not imply you lack privacy rights—you may still configure controls in Settings.
Does Do Not Track still matter?
`navigator.doNotTrack` historically requested reduced tracking but never had universal enforcement and is largely dormant. Few sites honor it formally in 2026. We surface it because support teams still encounter legacy enterprise templates that reference DNT—even though GDPR-style consent banners and CMPs replaced most practical uses.
What is the difference between this page and clearing cookies?
This page diagnoses **whether storage mechanisms operate** while you observe it; clearing cookies wipes data wholesale. Clearing helps after trackers accumulate; diagnosing explains why checkout, SSO, or A/B dashboards break when blocking is too aggressive.
Can you detect third-party cookies from this page?
Not comprehensively. Third-party semantics require embedded contexts or cross-site resource loads. Without an iframe orchestration—and partner domains—you only see signals about **your current first-party execution context** plus APIs the browser exposes globally.
Why do localStorage and sessionStorage sometimes fail?
Private browsing modes and strict storage partitioning can throw `SecurityError`, quota exhaustion returns `QuotaExceededError`, and some kiosk profiles forbid persistence outright. Separate failures from cookies: sites can persist with cookies while forbidding DOM storage—or vice versa with unusual policies.
Is this tool the same as a consent management platform?
No. CMPs enumerate vendor purposes, lawful bases, and UI toggles regulated under ePrivacy/GDPR. This diagnostic summarizes raw browser mechanics useful for QA and troubleshooting—it does not record choices to IAB strings or synchronize with advertisers.
Also Check These Tools
🌐What Is My IPInstantly see your public IPv4 and IPv6 address with ISP, city, and country details.→📡What Is My ISPSee which Internet Service Provider (ISP) or organization is associated with your public IP and connection.→🔷What Is My DNSLook up public DNS A and AAAA records using Cloudflare DNS over HTTPS, with honest labeling about resolvers.→📶What Is My LatencyMeasure HTTPS round-trip time from your browser to this site—a practical “ping” when ICMP is not available in the web sandbox.→🛜What Is My Network TypeDetect whether you are on Wi-Fi, cellular, or ethernet, with effective speed class and estimated bandwidth from the Network Information API.→🔐What Is My VPN / Am I Leaking?Compare your HTTP-visible public IP with WebRTC ICE reflexive addresses to spot possible IP leaks, plus plain-language DNS leak context.→⚡Internet Speed TestTest your download and upload speeds with a fast, accurate in-browser speed test.→🖥️What Is My BrowserDetect your browser name, version, engine, and operating system in one click.→🔍What Is My User AgentSee the full user agent string your browser sends to websites and servers.→📐What Is My Screen ResolutionCheck your screen resolution, color depth, pixel ratio, and viewport size.→🎮What Is My WebGL / GPUDetect your GPU renderer, vendor, WebGL version, and key graphics capabilities directly from your browser — no plugins required.→📍What Is My LocationDiscover your approximate location based on your IP address including city and country.→🕐What Is My TimezoneFind your current timezone, UTC offset, and local time with DST status.→🔌What Is My Open PortsCheck which TCP ports are open, closed, or filtered on your public IP address — no software needed.→