athenahealth Cookie Compliance Report

athenahealth

athenahealth.com

Compare

https://athenahealth.com

Scanned Apr 15, 2026 · 38.4s

Your website score is

0/100

Critical

Grade

BannerConsent Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 12 user data leaks before consent on athenahealth.com, including Coveo (Advertising Tracker), Salesforce (Advertising Tracker), Marfeel.

Security Headers

3/6 present

Strict-Transport-Security

max-age=15768000

Content-Security-Policy

Add a Content-Security-Policy header to prevent XSS and code injection attacks

X-Frame-Options

SAMEORIGIN

X-Content-Type-Options

nosniff

Referrer-Policy

Set a Referrer-Policy header to control how much referrer information is shared

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

Not Detected

Google Consent Mode v2 was not found on this page. GCM v2 allows Google's tags to adjust their behavior based on user consent, and is required for compliant advertising measurement in the EU. Without it, your Google Ads and GA4 conversions may be impacted after consent is declined.

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

11 vendors

Consent Mode

Not Detected

GTM Load

Not detected

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

Vendors firing after rejection (11)

Vendor	Category	Timing	URL
Google — GA4	analytics	18142ms	www.googletagmanager.com
LinkedIn — LinkedIn Insight Tag	advertising	18142ms	snap.licdn.com
X (Twitter) — Twitter/X Pixel	advertising	18142ms	static.ads-twitter.com
Meta — Meta Pixel	advertising	18150ms	connect.facebook.net
Reddit — Reddit Pixel	advertising	19184ms	alb.reddit.com
X (Twitter) — Twitter/X Pixel	advertising	19290ms	t.co
Google — Google Ads	advertising	20206ms	www.googleadservices.com
Google — Google Ads	advertising	20206ms	www.google.com
Microsoft — Microsoft Ads	advertising	21641ms	bat.bing.com
Google — Google Ads	advertising	21843ms	googleads.g.doubleclick.net
Meta — Meta Pixel	advertising	22335ms	www.facebook.com

Consent Record Audit

Pass

Consent record stored after interaction

GDPR Art. 7(1)

Found: OptanonConsent (OneTrust)

Record contains timestamp

Art. 7(1)

Timestamp field detected

Record contains consent state

Art. 7(1)

Accept/reject state detected

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

Cookie settings link / floating button found

Consent record and withdrawal mechanism are both correctly implemented

Tracker categories detected

Advertising8 vendors

Analytics3 vendors

Marketing3 vendors

Security3

Functional1 vendor

Critical10

criticalNetworkAdvertisingCoveo (Advertising Tracker)

Coveo (advertising) loaded before consent

Host: athenahealthprod.analytics.orghipaa.coveo.comFired: 2084ms after load

criticalNetworkAdvertisingSalesforce (Advertising Tracker)

Salesforce (advertising) loaded before consent

Host: athenahealth.us-4.evergage.comFired: 3963ms after load

criticalCookieAnalyticsMarfeel

Marfeel cookie "_sfid_65d4" set before consent — This cookie is used to store for temporary session

Cookie: _sfid_65d4Domain: .www.athenahealth.comRetention: Session

criticalPost-RejectionAnalyticsGoogle — GA4

Google — GA4 fires after user rejected consent

Fired: 18142ms after load

criticalPost-RejectionAdvertisingLinkedIn — LinkedIn Insight Tag

LinkedIn — LinkedIn Insight Tag fires after user rejected consent

Fired: 18142ms after load

criticalPost-RejectionAdvertisingX (Twitter) — Twitter/X Pixel

X (Twitter) — Twitter/X Pixel fires after user rejected consent

Fired: 18142ms after load

criticalPost-RejectionAdvertisingMeta — Meta Pixel

Meta — Meta Pixel fires after user rejected consent

Fired: 18150ms after load

criticalPost-RejectionAdvertisingReddit — Reddit Pixel

Reddit — Reddit Pixel fires after user rejected consent

Fired: 19184ms after load

criticalPost-RejectionAdvertisingGoogle — Google Ads

Google — Google Ads fires after user rejected consent

Fired: 20206ms after load

criticalPost-RejectionAdvertisingMicrosoft — Microsoft Ads

Microsoft — Microsoft Ads fires after user rejected consent

Fired: 21641ms after load

Warnings9

warningNetwork

Unknown third-party request to assets.adobedtm.com before consent

Host: assets.adobedtm.comFired: 564ms after load

warningNetwork

Unknown third-party request to athenahealth.my.site.com before consent

Host: athenahealth.my.site.comFired: 4965ms after load

warningNetwork

Unknown third-party request to athenahealth.my.salesforce-scrt.com before consent

Host: athenahealth.my.salesforce-scrt.comFired: 5481ms after load

warningStorage

localStorage key "visitorId" written before consent

Key: visitorIdType: localStorageFired: 1536ms after load

warningStorage

localStorage key "__coveo.analytics.history" written before consent

Key: __coveo.analytics.historyType: localStorageFired: 2067ms after load

warningStorage

sessionStorage key "com.adobe.reactor.core.visitorTracking.landingPage" written before consent

Key: com.adobe.reactor.core.visitorTracking.landingPageType: sessionStorageFired: 2131ms after load

warningStorage

sessionStorage key "com.adobe.reactor.core.visitorTracking.trafficSource" written before consent

Key: com.adobe.reactor.core.visitorTracking.trafficSourceType: sessionStorageFired: 2131ms after load

warningStorage

localStorage key "com.adobe.reactor.dataElements.OneTrust | Active Groups" written before consent

Key: com.adobe.reactor.dataElements.OneTrust | Active GroupsType: localStorageFired: 4595ms after load

warningStorage

localStorage key "00DA0000000HrDQ_WEB_STORAGE" written before consent

Key: 00DA0000000HrDQ_WEB_STORAGEType: localStorageFired: 6551ms after load

Info10

Google (Cdn)2 findings

fonts.googleapis.com, fonts.gstatic.com

infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: fonts.googleapis.comFired: 540ms after load

infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: fonts.gstatic.comFired: 997ms after load

Brightcove (Cdn)2 findings

players.brightcove.net, edge.api.brightcove.com

infoNetworkBrightcove (Cdn)

Brightcove (cdn) loaded before consent

Host: players.brightcove.netFired: 2070ms after load

infoNetworkBrightcove (Cdn)

Brightcove (cdn) loaded before consent

Host: edge.api.brightcove.comFired: 3867ms after load

OneTrust2 findings

cdn.cookielaw.org, OptanonConsent

infoNetworkConsent MgmtOneTrust

OneTrust (OneTrust) loaded before consent: OneTrust cookie consent management

Host: cdn.cookielaw.orgFired: 2258ms after load

infoCookieConsent MgmtOneTrust

OneTrust cookie "OptanonConsent" set before consent

Cookie: OptanonConsentDomain: .athenahealth.com

infoNetworkSalesforce (Cdn)

Salesforce (cdn) loaded before consent

Host: cdn.evgnet.comFired: 2261ms after load

infoNetworkConsent MgmtOneTrust CMP

OneTrust CMP (OneTrust) loaded before consent: OneTrust geo-lookup — determines which consent banner to show based on user location

Host: geolocation.onetrust.comFired: 4284ms after load

infoStorageFunctionallocalStorage availability probe

localStorage availability probe (null) wrote "__storage_test__" to localStorage before consent

Key: __storage_test__Type: localStorageFired: 1534ms after load

infoCookieFunctional

AWS Application Load Balancer — necessary for infrastructure

Cookie: AWSALBTGCORSDomain: athenahealth.us-4.evergage.com

Compliant10

CompliantCookieConsent MgmtOneTrust

OneTrust cookie "OptanonAlertBoxClosed" set correctly after consent

Cookie: OptanonAlertBoxClosedDomain: .athenahealth.com

Adobe Audience Manager3 findings

demdex, AMCVS_5E9E381753ABFD030A490D4B%40AdobeOrg, dpm

CompliantCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "demdex" set correctly after consent

Cookie: demdexDomain: .demdex.netRetention: 180 days after last activity or 10 years when opting out

CompliantCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "AMCVS_5E9E381753ABFD030A490D4B%40AdobeOrg" set correctly after consent

Cookie: AMCVS_5E9E381753ABFD030A490D4B%40AdobeOrgDomain: .athenahealth.comRetention: Session

CompliantCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "dpm" set correctly after consent

Cookie: dpmDomain: .dpm.demdex.netRetention: 180 days

CompliantCookieMarketingAdobe Advertising

Adobe Advertising cookie "everest_g_v2" set correctly after consent

Cookie: everest_g_v2Domain: .everesttech.netRetention: 2 years

Adobe Analytics5 findings

s_ecid, AMCV_5E9E381753ABFD030A490D4B%40AdobeOrg, s_tp, s_ppv, s_sq

CompliantCookieMarketingAdobe Analytics

Adobe Analytics cookie "s_ecid" set correctly after consent

Cookie: s_ecidDomain: .athenahealth.comRetention: 2 years

CompliantCookieAnalyticsAdobe Analytics

Adobe Analytics cookie "AMCV_5E9E381753ABFD030A490D4B%40AdobeOrg" set correctly after consent

Cookie: AMCV_5E9E381753ABFD030A490D4B%40AdobeOrgDomain: .athenahealth.com

CompliantCookieAnalyticsAdobe Analytics

Adobe Analytics cookie "s_tp" set correctly after consent

Cookie: s_tpDomain: .athenahealth.comRetention: session

CompliantCookieAnalyticsAdobe Analytics

Adobe Analytics cookie "s_ppv" set correctly after consent

Cookie: s_ppvDomain: .athenahealth.comRetention: session

CompliantCookieAnalyticsAdobe Analytics

Adobe Analytics cookie "s_sq" set correctly after consent

Cookie: s_sqDomain: .athenahealth.com

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan athenahealth.com →

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com