AbbVie

abbvie.com

Compare

https://abbvie.com

Scanned Apr 15, 2026 · 37.1s

Your website score is

0/100
Critical

Grade

F0

Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 60 user data leaks before consent on abbvie.com, including Advertising Tracker, Google Ads, Twitter/X Pixel and 15 more.

Security Headers

3/6 present

Strict-Transport-Security

max-age=63072000; includeSubdomains;

Content-Security-Policy

Add a Content-Security-Policy header to prevent XSS and code injection attacks

X-Frame-Options

SAMEORIGIN

X-Content-Type-Options

nosniff

Referrer-Policy

Set a Referrer-Policy header to control how much referrer information is shared

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

Not Detected

Google Consent Mode v2 was not found on this page. GCM v2 allows Google's tags to adjust their behavior based on user consent, and is required for compliant advertising measurement in the EU. Without it, your Google Ads and GA4 conversions may be impacted after consent is declined.

GTM container detected (GTM-53KLF8, GTM-TGXMQFF, GTM-WDVH3GS) but no consent mode initialisation found. Add gtag('consent', 'default', ...) before your GTM snippet.

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

1 vendor

Consent Mode

Not Detected

GTM Load

692ms pre-consent

Google Tag Manager(GTM-53KLF8)

Loaded 692ms after page load — before the consent banner was detected (banner appeared at 7872ms). Per a 2022 German court ruling, GTM itself transmits the user's IP to Google pre-consent.

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

Vendors firing after rejection (1)

VendorCategoryTimingURL
TikTok — TikTok Pixeladvertising23055msanalytics.tiktok.com

Consent Record Audit

Issues detected

Consent record stored after interaction

GDPR Art. 7(1)

Found: OptanonConsent (OneTrust)

Record contains timestamp

Art. 7(1)

Timestamp field detected

Record contains consent state

Art. 7(1)

Accept/reject state detected

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

No way for users to withdraw consent found on page

No cookie settings link, footer link, or floating consent button was detected. GDPR requires users to withdraw consent as easily as they gave it.

Why this matters

Under GDPR Article 7, controllers must be able to demonstrate that consent was given (Art. 7(1)) and ensure users can withdraw consent at any time, as easily as giving it (Art. 7(3)). Sites with no consent record or no withdrawal mechanism cannot legally rely on consent as a lawful basis.

Tracker categories detected

Advertising9 vendors
Analytics6 vendors
Marketing4 vendors
Security3
Functional3 vendors
Tag Management1 vendor
Critical53
TikTok Pixel
TikTok Pixel7 findingsID tracked

analytics.tiktok.com, analytics-ipv6.tiktokw.us, _ttp, _tt_enable_cookie, tt_sessionId, tt_appInfo, tt_pixel_session_index

TikTok Pixel
criticalNetworkAdvertisingTikTok Pixel

TikTok Pixel (TikTok) loaded before consent: Sends event data to TikTok for ad measurement

ID: CPQ4VK3C77U1C0R4OC8GHost: analytics.tiktok.comFired: 2594ms after load
TikTok Pixel
criticalNetworkAdvertisingTikTok Pixel

TikTok Pixel (TikTok) loaded before consent: TikTok Pixel IPv6 enrichment and data collection

Host: analytics-ipv6.tiktokw.usFired: 4455ms after load
TikTok Pixel
criticalCookieAdvertisingTikTok Pixel

TikTok Pixel cookie "_ttp" set before consent

Cookie: _ttpDomain: .tiktok.com
TikTok Pixel
criticalCookieAdvertisingTikTok Pixel

TikTok Pixel cookie "_tt_enable_cookie" set before consent

Cookie: _tt_enable_cookieDomain: .abbvie.com
TikTok Pixel
criticalStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_sessionId" to sessionStorage before consent

Key: tt_sessionIdType: sessionStorageFired: 4399ms after load
TikTok Pixel
criticalStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_appInfo" to sessionStorage before consent

Key: tt_appInfoType: sessionStorageFired: 4409ms after load
TikTok Pixel
criticalStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_pixel_session_index" to sessionStorage before consent

Key: tt_pixel_session_indexType: sessionStorageFired: 4411ms after load
Microsoft Clarity
Microsoft Clarity3 findingsID tracked

www.clarity.ms, scripts.clarity.ms, i.clarity.ms

Microsoft Clarity
criticalNetworkAnalyticsMicrosoft Clarity

Microsoft Clarity (Microsoft) loaded before consent: Session recording and heatmap analytics

ID: jqwvtn5kg8Host: www.clarity.msFired: 2705ms after load
Microsoft Clarity
criticalNetworkAnalyticsMicrosoft Clarity

Microsoft Clarity (Microsoft) loaded before consent: Session recording and heatmap analytics

Host: scripts.clarity.msFired: 3511ms after load
Microsoft Clarity
criticalNetworkAnalyticsMicrosoft Clarity

Microsoft Clarity (Microsoft) loaded before consent: Session recording and heatmap analytics

Host: i.clarity.msFired: 3930ms after load
Google Analytics
Google Analytics9 findingsID tracked

region1.google-analytics.com, _ga_C7VF4WXV2K, _ga, _ga_5LEXD56YGK, _ga_0RYKSV1NRX, _ga_X88ZKK166D, FPID, FPLC, _ga_6B9GBDE9EC

GA4
criticalNetworkAnalyticsGA4

GA4 (Google) loaded before consent: Sends pageview and event data to Google Analytics

ID: G-C7VF4WXV2KHost: region1.google-analytics.comFired: 3022ms after load
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_C7VF4WXV2K" set before consent

Cookie: _ga_C7VF4WXV2KDomain: .abbvie.com
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga" set before consent

Cookie: _gaDomain: .abbvie.com
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_5LEXD56YGK" set before consent

Cookie: _ga_5LEXD56YGKDomain: .abbvie.com
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_0RYKSV1NRX" set before consent

Cookie: _ga_0RYKSV1NRXDomain: .abbvie.com
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_X88ZKK166D" set before consent

Cookie: _ga_X88ZKK166DDomain: .abbvie.com
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "FPID" set before consent — Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.

Cookie: FPIDDomain: .abbvie.comRetention: session
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "FPLC" set before consent — This FPLC cookie is the cross-domain linker cookie hashed from the FPID cookie. It’s not HttpOnly, which means it can be read with JavaScript. It has a relatively short lifetime, just 20 hours.

Cookie: FPLCDomain: .abbvie.comRetention: session
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_6B9GBDE9EC" set before consent

Cookie: _ga_6B9GBDE9ECDomain: .abbvie.com
Twitter/X Pixel
Twitter/X Pixel2 findingsID tracked

t.co, static.ads-twitter.com

Twitter/X Pixel
criticalNetworkAdvertisingTwitter/X Pixel

Twitter/X Pixel (X (Twitter)) loaded before consent: Twitter/X ad conversion tracking endpoint

ID: twHost: t.coFired: 3075ms after load
Twitter/X Pixel
criticalNetworkAdvertisingTwitter/X Pixel

Twitter/X Pixel (X (Twitter)) loaded before consent: Loads Twitter/X conversion tracking script

Host: static.ads-twitter.comFired: 2594ms after load
Meta Pixel
Meta Pixel3 findingsID tracked

www.facebook.com, connect.facebook.net, _fbp

Meta Pixel
criticalNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded before consent: Meta Pixel tracking endpoint

ID: 347300242308462Host: www.facebook.comFired: 3763ms after load
Meta Pixel
criticalNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded before consent: Sends user data to Meta for ad targeting and conversion tracking

Host: connect.facebook.netFired: 2594ms after load
Meta Pixel
criticalCookieAdvertisingMeta Pixel

Meta Pixel cookie "_fbp" set before consent

Cookie: _fbpDomain: .abbvie.com
Advertising Tracker
Advertising Tracker3 findings

rum.hlx.page, metrics.brightcove.com, analytics.silktide.com

Advertising Tracker
criticalNetworkAdvertisingAdvertising Tracker

advertising tracker at rum.hlx.page loaded before consent

Host: rum.hlx.pageFired: 542ms after load
Advertising Tracker
criticalNetworkAdvertisingAdvertising Tracker

advertising tracker at metrics.brightcove.com loaded before consent

Host: metrics.brightcove.comFired: 1452ms after load
Advertising Tracker
criticalNetworkAdvertisingAdvertising Tracker

advertising tracker at analytics.silktide.com loaded before consent

Host: analytics.silktide.comFired: 2705ms after load
Google Ads
Google Ads3 findings

www.google.com, _gcl_au, _gcl_ls

Google Ads
criticalNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded before consent: Google Consent Mode data collection for ad measurement

Host: www.google.comFired: 1936ms after load
Google Ads
criticalCookieAdvertisingGoogle Ads

Google Ads cookie "_gcl_au" set before consent

Cookie: _gcl_auDomain: .abbvie.com
Google Ads
criticalStorageAdvertisingGoogle Ads

Google Ads (Google) wrote "_gcl_ls" to localStorage before consent

Key: _gcl_lsType: localStorageFired: 1877ms after load
reddit (Advertising Tracker)
criticalNetworkAdvertisingreddit (Advertising Tracker)

reddit (advertising) loaded before consent

Host: www.redditstatic.comFired: 2594ms after load
LinkedIn Insight Tag
criticalNetworkAdvertisingLinkedIn Insight Tag

LinkedIn Insight Tag (LinkedIn) loaded before consent: Tracks conversions and enables LinkedIn audience targeting

Host: snap.licdn.comFired: 2703ms after load
SiteImprove (Analytics Tracker)
SiteImprove (Analytics Tracker)2 findings

siteimproveanalytics.com, 3407.global.siteimproveanalytics.io

SiteImprove (Analytics Tracker)
criticalNetworkAnalyticsSiteImprove (Analytics Tracker)

SiteImprove (analytics) loaded before consent

Host: siteimproveanalytics.comFired: 2705ms after load
SiteImprove (Analytics Tracker)
criticalNetworkAnalyticsSiteImprove (Analytics Tracker)

SiteImprove (analytics) loaded before consent

Host: 3407.global.siteimproveanalytics.ioFired: 3646ms after load
The Trade Desk (Tracker Tracker)
The Trade Desk (Tracker Tracker)3 findings

js.adsrvr.org, insight.adsrvr.org, match.adsrvr.org

The Trade Desk (Tracker Tracker)
criticalNetworkThe Trade Desk (Tracker Tracker)

The Trade Desk (tracker) loaded before consent

Host: js.adsrvr.orgFired: 2705ms after load
The Trade Desk (Tracker Tracker)
criticalNetworkThe Trade Desk (Tracker Tracker)

The Trade Desk (tracker) loaded before consent

Host: insight.adsrvr.orgFired: 3094ms after load
The Trade Desk (Tracker Tracker)
criticalNetworkThe Trade Desk (Tracker Tracker)

The Trade Desk (tracker) loaded before consent

Host: match.adsrvr.orgFired: 3157ms after load
Reddit Pixel
Reddit Pixel2 findings

alb.reddit.com, _rdt_uuid

Reddit Pixel
criticalNetworkAdvertisingReddit Pixel

Reddit Pixel (Reddit) loaded before consent: Reddit conversion tracking pixel

Host: alb.reddit.comFired: 3145ms after load
Reddit Pixel
criticalCookieAdvertisingReddit Pixel

Reddit Pixel cookie "_rdt_uuid" set before consent

Cookie: _rdt_uuidDomain: .abbvie.com
Google (Tracker Tracker)
Google (Tracker Tracker)4 findings

ad.doubleclick.net, 4169376.fls.doubleclick.net, 14801756.fls.doubleclick.net, adservice.google.com

Google (Tracker Tracker)
criticalNetworkGoogle (Tracker Tracker)

Google (tracker) loaded before consent

Host: ad.doubleclick.netFired: 4135ms after load
Google (Tracker Tracker)
criticalNetworkGoogle (Tracker Tracker)

Google (tracker) loaded before consent

Host: 4169376.fls.doubleclick.netFired: 4146ms after load
Google (Tracker Tracker)
criticalNetworkGoogle (Tracker Tracker)

Google (tracker) loaded before consent

Host: 14801756.fls.doubleclick.netFired: 4238ms after load
Google (Tracker Tracker)
criticalNetworkGoogle (Tracker Tracker)

Google (tracker) loaded before consent

Host: adservice.google.comFired: 4497ms after load
Youtube
Youtube3 findings

VISITOR_INFO1_LIVE, VISITOR_PRIVACY_METADATA, __Secure-ROLLOUT_TOKEN

Youtube
criticalCookieMarketingYoutube

Youtube cookie "VISITOR_INFO1_LIVE" set before consent — Tries to estimate the users' bandwidth on pages with integrated YouTube videos. Also used for marketing

Cookie: VISITOR_INFO1_LIVEDomain: .youtube.comRetention: 179 days
Youtube
criticalCookieMarketingYoutube

Youtube cookie "VISITOR_PRIVACY_METADATA" set before consent — Youtube visitor privacy metadata cookie

Cookie: VISITOR_PRIVACY_METADATADomain: .youtube.comRetention: 180 days
Youtube
criticalCookieMarketingYoutube

Youtube cookie "__Secure-ROLLOUT_TOKEN" set before consent — Registers a unique ID to keep statistics of what videos from YouTube the user has seen.

Cookie: __Secure-ROLLOUT_TOKENDomain: .youtube.comRetention: 180 days
X2 findings

muc_ads, personalization_id

criticalCookieMarketingX

X cookie "muc_ads" set before consent — These cookies are placed when you come to our website via X. A cookie from X is also placed on our website, with which we can later show a relevant offer on X

Cookie: muc_adsDomain: .t.coRetention: 24 months
criticalCookieMarketingX

X cookie "personalization_id" set before consent — Unique value with which users can be identified by X. Collected information is used to be personalize X services, including X trends, stories, ads and suggestions.

Cookie: personalization_idDomain: .twitter.comRetention: 2 years
criticalCookieAnalyticsSiteimprove

Siteimprove cookie "nmstat" set before consent — This cookie is used to help record the visitor's use of the website. It is used to collect statistics about site usage such as when the visitor last visited the site. This information is then used to improve the user experience on the website. This Siteimprove Analytics cookie contains a randomly generated ID used to recognize the browser when a visitor reads a page. The cookie contains no personal information and is used only for web analytics. It is also used to track the sequence of pages a visitor looks at during a visit to the site. This information can be used to reduce user journeys, and enable visitors to find relevant information quicker.

Cookie: nmstatDomain: .abbvie.comRetention: 3 years
TikTok
TikTok2 findings

ttcsid, ttcsid_CPQ4VK3C77U1C0R4OC8G

TikTok
criticalCookieMarketingTikTok

TikTok cookie "ttcsid" set before consent — The TikTok cookie ttcsid likely serves as a session identifier, helping to maintain user sessions and track interactions across the platform. Its purpose is probably to manage user authentication or personalize content based on activity, similar to other session-related cookies used by TikTok.

Cookie: ttcsidDomain: .abbvie.comRetention: 1 year
TikTok
criticalCookieMarketingTikTok

TikTok cookie "ttcsid_CPQ4VK3C77U1C0R4OC8G" set before consent — The TikTok cookie ttcsid likely serves as a session identifier, helping to maintain user sessions and track interactions across the platform. Its purpose is probably to manage user authentication or personalize content based on activity, similar to other session-related cookies used by TikTok.

Cookie: ttcsid_CPQ4VK3C77U1C0R4OC8GDomain: .abbvie.comRetention: 1 year
TikTok — TikTok Pixel
criticalPost-RejectionAdvertisingTikTok — TikTok Pixel

TikTok — TikTok Pixel fires after user rejected consent

Fired: 23055ms after load
criticalConsent Record

No recognizable consent withdrawal mechanism detected — GDPR Article 7(3) requires users can withdraw consent as easily as giving it (cookie settings link or floating button expected)

Warnings9
Google Tag Manager
Google Tag Manager2 findingsID tracked

www.googletagmanager.com

Google Tag Manager
warningNetworkTag ManagementGoogle Tag Manager

Google Tag Manager (Google) loaded before consent: Loads the GTM container which may trigger other tags

ID: GTM-53KLF8Host: www.googletagmanager.comFired: 542ms after load
Google Tag Manager
warningGTMTag ManagementGoogle Tag Manager

GTM loaded before consent banner — IP address transmitted to Google pre-consent (container: GTM-53KLF8)

Twitter (Social Tracker)
warningNetworkTwitter (Social Tracker)

Twitter (social) loaded before consent

ID: nuwxzHost: analytics.twitter.comFired: 3075ms after load
reddit (Social Tracker)
warningNetworkreddit (Social Tracker)

reddit (social) loaded before consent

Host: pixel-config.reddit.comFired: 3145ms after load
GA4 (server-side proxy)
warningNetworkGA4 (server-side proxy)

Possible server-side tag proxy at corpgcp.abbvie.com — analytics data may be forwarded to third parties before consent. Browser scanning cannot verify downstream recipients; audit your GTM Server-side or CNAME configuration.

Host: corpgcp.abbvie.comFired: 3616ms after load
vendor logo
warningNetwork

Unknown third-party request to app.bowencraggs.com before consent

Host: app.bowencraggs.comFired: 2594ms after load
vendor logo
warningNetwork

Unknown third-party request to www.7-groupoperation.com before consent

Host: www.7-groupoperation.comFired: 3108ms after load
warningStorage

localStorage key "popupTags" written before consent

Key: popupTagsType: localStorageFired: 1776ms after load
warningStorage

localStorage key "lastExternalReferrer" written before consent

Key: lastExternalReferrerType: localStorageFired: 3724ms after load
Info13
Google (Cdn)
infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: www.youtube.comFired: 545ms after load
Adobe (Cdn)
infoNetworkAdobe (Cdn)

Adobe (cdn) loaded before consent

Host: abbvie.scene7.comFired: 545ms after load
Brightcove (Cdn)
Brightcove (Cdn)3 findings

players.brightcove.net, vjs.zencdn.net, edge.api.brightcove.com

Brightcove (Cdn)
infoNetworkBrightcove (Cdn)

Brightcove (cdn) loaded before consent

Host: players.brightcove.netFired: 665ms after load
Brightcove (Cdn)
infoNetworkBrightcove (Cdn)

Brightcove (cdn) loaded before consent

Host: vjs.zencdn.netFired: 1452ms after load
Brightcove (Cdn)
infoNetworkBrightcove (Cdn)

Brightcove (cdn) loaded before consent

Host: edge.api.brightcove.comFired: 1452ms after load
Cloudflare Web Analytics
infoNetworkAnalyticsCloudflare Web Analytics

Cloudflare Web Analytics (Cloudflare) loaded before consent: Cloudflare Web Analytics beacon — privacy-focused, no cookies

Host: static.cloudflareinsights.comFired: 1219ms after load
OneTrust
OneTrust2 findings

cdn.cookielaw.org, OptanonConsent

OneTrust
infoNetworkConsent MgmtOneTrust

OneTrust (OneTrust) loaded before consent: OneTrust cookie consent management

Host: cdn.cookielaw.orgFired: 1646ms after load
OneTrust
infoCookieConsent MgmtOneTrust

OneTrust cookie "OptanonConsent" set before consent

Cookie: OptanonConsentDomain: .abbvie.com
OneTrust CMP
infoNetworkConsent MgmtOneTrust CMP

OneTrust CMP (OneTrust) loaded before consent: OneTrust geo-lookup — determines which consent banner to show based on user location

Host: geolocation.onetrust.comFired: 2073ms after load
Google
infoCookieFunctionalGoogle

Google cookie "__Secure-YNID" set before consent — It's a YouTube cookie used to enhance user experience by storing video player preferences and aiding in secure log-ins and spam detectio

Cookie: __Secure-YNIDDomain: .youtube.comRetention: 180 days
Youtube
infoCookieFunctionalYoutube

Youtube cookie "YSC" set before consent — Registers a unique ID to keep statistics of what videos from YouTube the user has seen.

Cookie: YSCDomain: .youtube.comRetention: Session
DoubleClick/Google Marketing
infoCookieFunctionalDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "test_cookie" set before consent — This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor's browser supports cookies.

Cookie: test_cookieDomain: .doubleclick.netRetention: 1 year
infoCookieFunctional

Cloudflare bot management — necessary for site operation

Cookie: __cf_bmDomain: .abbvie.com
Compliant3
OneTrust
CompliantCookieConsent MgmtOneTrust

OneTrust cookie "OptanonAlertBoxClosed" set correctly after consent

Cookie: OptanonAlertBoxClosedDomain: .abbvie.com
Google Analytics
CompliantCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_789M7EKDQ5" set correctly after consent

Cookie: _ga_789M7EKDQ5Domain: .abbvie.com
DoubleClick/Google Marketing
CompliantCookieMarketingDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "IDE" set correctly after consent

Cookie: IDEDomain: .doubleclick.netRetention: 2 years

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan abbvie.com

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com