Skip to content
ProductScannerEnterprisePricingTrustDocsBlog
Back to Documentation

COKIQ docs

Evidence Reports

Understand COKIQ Evidence Reports for scan baseline, scanner-synced policy inventory, consent receipts, regulation profiles, GPC signals, banner and policy versions, blocker evidence, and exports.

Best for

Agencies, compliance teams, marketing operations, legal reviewers, leadership, and buyers checking what COKIQ can prove today.

What the report shows

These are the product-side evidence areas COKIQ can surface when the site has the required scan, banner, consent log, and blocker data.

Scan baseline

Latest scan status, health score, risk score, policy sync metadata, and cookie/script findings where available.

Policy inventory

Scanner-synced cookie and policy records that show which website evidence was reviewed instead of relying on manual copy alone.

Consent receipts

Visitor choice evidence including country/profile context, category choices, consent timestamp, banner version, and policy version where captured.

GPC and opt-out signals

Global Privacy Control and opt-out related evidence when the visitor/browser signal is present and relevant to the configured profile.

Blocker proof

Tracker and iframe blocking evidence showing what COKIQ held back before consent and what was released after consent.

Export pack

Authenticated report exports in JSON/PDF-style output, plus dashboard CSV for operational and agency handoff.

Setup steps

Step 1

Start with a fresh scan baseline

Run or review the latest website scan so the report begins with real detected cookies, scripts, policy links, and risk signals.

Step 2

Review scanner-synced policy inventory

Confirm the cookie and policy inventory reflects what the scanner found, then flag unknown providers or review-needed items before exporting.

Step 3

Confirm consent receipt evidence

Check that accept, reject, and custom choices are recorded with the right country/profile context, category choices, banner version, and policy version.

Step 4

Check GPC and blocker evidence

Review whether GPC/opt-out signals and tracker or iframe blocking evidence exist for the tested sessions and configured profiles.

Step 5

Export for the right audience

Use dashboard reports, JSON/PDF-style exports, or CSV evidence depending on whether the recipient is an agency client, marketer, leadership team, or legal reviewer.

Step 6

Keep the legal boundary visible

Use the report as proof of operational setup and product behavior, then hand legal interpretation and country-specific policy review to qualified counsel.

Implementation checklist

  • Latest scan date and scan status available
  • Policy inventory records present
  • Consent logs show country/profile/category choices
  • Banner version and policy version shown where captured
  • GPC or opt-out signal evidence reviewed
  • Blocked and released tracker evidence reviewed
  • Authenticated export access tested
  • Open legal-review items listed clearly

Important boundaries

  • COKIQ evidence reports are product-side operational evidence, not legal certification.
  • Country-specific legal conclusions, privacy policy wording, DPA negotiation, data-transfer review, and counsel sign-off remain customer/legal-team responsibilities.
  • COKIQ does not claim Google CMP certification, IAB TCF certification, SOC 2, ISO certification, or attorney-reviewed compliance unless those items are separately completed and documented.
  • Missing GPC evidence in a report can simply mean no GPC signal was observed for that visitor/session; it does not mean the product has no GPC support.

FAQ

What does an Evidence Report include?

It brings together scan baseline, policy inventory, consent receipts, regulation profile context, GPC signals where observed, banner and policy versions, blocker evidence, and export-ready report data.

Are Evidence Reports legal advice?

No. Reports organize operational evidence and product behavior. Legal conclusions, country-specific policy wording, and regulatory interpretation require qualified review.

Why might GPC evidence be empty?

GPC evidence appears when the visitor or test browser sends the signal and the configured profile records it. Empty evidence usually means the signal was not observed in that test session.

Can agencies use Evidence Reports with clients?

Yes. Agencies can use reports for recurring scan review, consent proof, blocker evidence, policy inventory handoff, and client action planning. White-label report branding remains Beta.

Are exports public?

No. Evidence exports are authenticated because they can contain domain, consent, and operational evidence. Public docs explain the output, but report data stays protected.