Gitbook failing compliance scans for our organization (Tracking cookies on login page)

[andretheronsa]

Our organization is audited by the EU - our publicly available (but SSO login required) wiki has 2 high risk flags against it that we need to resolve. I think this scan only tests the login page. Gitbook should comply with these on the Login page at least?

Placement of cookies
Technical name of this technology: HTTP cookies
High risk Marketing cookies are placed without consent of the visitor. The visitor of the site did not choose to receive these cookies which makes placing them unlawful is most countries. The attached cookie overview shows which cookies have been placed with marketing purpose, these are highlighted with a warning. There you'll also find other information about the cookie, for example the product that places it.
🍪🍪🍪 View known cookies Show measured data Learn what this means
Extended explanation of this test
Using the attributes of a cookie (name, path and others) a match is made on product and purpose. Details about cookies are documented by their vendor or are implied by the type of product. The cookie metrics are based on the cookies received without user consent, which means placing marketing cookies is illegal in most countries. It's possible to manually verify these metrics by using a browser without an ad blocker and visiting the website: on the developer pane of the browser all received cookies are listed. Given all browsers deal with (tracking) cookies differently, additional settings might be required before receiving all cookies.

Website respects your privacy
Technical name of this technology: Tracking requests / Tracking cookies
Medium risk A visit to this website is being shared with companies that track users in order to make money. Usually this doesn't happen out of bad faith, but because using services from some web-companies are just easy to add when developing a website. Developers of websites usually need things such as usage statistics, therefore a wide range of alternative privacy-friendly tracking tools exist: Matomo, GoAccess, OpenWebAnalytics, AwStats, Plausible and many more. For developers: The links below contain a booklet on how to build privacy respecting websites.
Show measured data Learn what this means
Extended explanation of this test
A visit to a website has to happen in confidence: a third party should not be able to know you're visiting the site. Yet, there are many companies out there that make money by providing neat services to builders of websites for a very low fee or free: this is sometimes paid for by with the privacy of the visitor. We expect that a visit to a site is not being shared with companies that actively track you (and use that knowledge against you).

Alternatively, if Gitbook provides an explanation of these cookies I can dispute the negative findings