Coursera

coursera.org

Compare

https://coursera.org

Scanned Apr 15, 2026 · 38.6s

Your website score is

0/100
Critical

Grade

F0

Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 67 user data leaks before consent on coursera.org, including Google Ads, Impact (Advertising Tracker), Meta Pixel and 14 more.

Security Headers

3/6 present

Strict-Transport-Security

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Add a Content-Security-Policy header to prevent XSS and code injection attacks

X-Frame-Options

SAMEORIGIN

X-Content-Type-Options

nosniff

Referrer-Policy

Set a Referrer-Policy header to control how much referrer information is shared

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

V2
70/100
GTM Containers:GTM-5JKLVK

Consent Parameters

ParameterDefaultUpdated
Ad Storagenot_setgranted
Ad User Datanot_setgranted
Ad Personalizationnot_setgranted
Analytics Storagenot_setgranted
Functionality Storagenot_setgranted
Personalization Storagenot_setgranted
Security Storagenot_setgranted

Issues (1)

No default consent call detected — consent mode may not be initialised correctly

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

1 vendor

Consent Mode

Not Detected

GTM Load

2114ms pre-consent

Google Tag Manager(GTM-5JKLVK)

Loaded 2114ms after page load — before the consent banner was detected (banner appeared at 8189ms). Per a 2022 German court ruling, GTM itself transmits the user's IP to Google pre-consent.

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

✓ gtag('consent', 'update') call detected on rejection

Vendors firing after rejection (1)

VendorCategoryTimingURL
TikTok — TikTok Pixeladvertising17080msanalytics.tiktok.com

Consent Record Audit

Issues detected

Consent record stored after interaction

GDPR Art. 7(1)

Found: OptanonConsent (OneTrust)

Record contains timestamp

Art. 7(1)

Timestamp field detected

Record contains consent state

Art. 7(1)

Accept/reject state detected

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

No way for users to withdraw consent found on page

No cookie settings link, footer link, or floating consent button was detected. GDPR requires users to withdraw consent as easily as they gave it.

Why this matters

Under GDPR Article 7, controllers must be able to demonstrate that consent was given (Art. 7(1)) and ensure users can withdraw consent at any time, as easily as giving it (Art. 7(3)). Sites with no consent record or no withdrawal mechanism cannot legally rely on consent as a lawful basis.

Tracker categories detected

Advertising13 vendors
Analytics5 vendors
Marketing4 vendors
Security3
Functional1 vendor
Tag Management1 vendor
Critical36
TikTok Pixel
TikTok Pixel7 findingsID tracked

analytics.tiktok.com, analytics-ipv6.tiktokw.us, _ttp, _tt_enable_cookie, tt_sessionId, tt_appInfo, tt_pixel_session_index

TikTok Pixel
criticalNetworkAdvertisingTikTok Pixel

TikTok Pixel (TikTok) loaded before consent: Sends event data to TikTok for ad measurement

ID: CTIORPRC77UDE4D3R2FGHost: analytics.tiktok.comFired: 3822ms after load
TikTok Pixel
criticalNetworkAdvertisingTikTok Pixel

TikTok Pixel (TikTok) loaded before consent: TikTok Pixel IPv6 enrichment and data collection

Host: analytics-ipv6.tiktokw.usFired: 5109ms after load
TikTok Pixel
criticalCookieAdvertisingTikTok Pixel

TikTok Pixel cookie "_ttp" set before consent

Cookie: _ttpDomain: .tiktok.com
TikTok Pixel
criticalCookieAdvertisingTikTok Pixel

TikTok Pixel cookie "_tt_enable_cookie" set before consent

Cookie: _tt_enable_cookieDomain: .coursera.org
TikTok Pixel
criticalStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_sessionId" to sessionStorage before consent

Key: tt_sessionIdType: sessionStorageFired: 5055ms after load
TikTok Pixel
criticalStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_appInfo" to sessionStorage before consent

Key: tt_appInfoType: sessionStorageFired: 5067ms after load
TikTok Pixel
criticalStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_pixel_session_index" to sessionStorage before consent

Key: tt_pixel_session_indexType: sessionStorageFired: 5069ms after load
Meta Pixel
Meta Pixel3 findingsID tracked

www.facebook.com, connect.facebook.net, _fbp

Meta Pixel
criticalNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded before consent: Meta Pixel tracking endpoint

ID: 946401778754875Host: www.facebook.comFired: 4907ms after load
Meta Pixel
criticalNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded before consent: Sends user data to Meta for ad targeting and conversion tracking

Host: connect.facebook.netFired: 3822ms after load
Meta Pixel
criticalCookieAdvertisingMeta Pixel

Meta Pixel cookie "_fbp" set before consent

Cookie: _fbpDomain: .coursera.org
Google Ads
Google Ads3 findings

googleads.g.doubleclick.net, _gcl_au, _gcl_ls

Google Ads
criticalNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded before consent: Sends conversion data to Google Ads

Host: googleads.g.doubleclick.netFired: 3815ms after load
Google Ads
criticalCookieAdvertisingGoogle Ads

Google Ads cookie "_gcl_au" set before consent

Cookie: _gcl_auDomain: .coursera.org
Google Ads
criticalStorageAdvertisingGoogle Ads

Google Ads (Google) wrote "_gcl_ls" to localStorage before consent

Key: _gcl_lsType: localStorageFired: 3531ms after load
Impact (Advertising Tracker)
criticalNetworkAdvertisingImpact (Advertising Tracker)

Impact (advertising) loaded before consent

Host: utt.impactcdn.comFired: 3822ms after load
Microsoft Ads
Microsoft Ads3 findings

bat.bing.com, _uetsid, _uetvid

Microsoft Ads
criticalNetworkAdvertisingMicrosoft Ads

Microsoft Ads (Microsoft) loaded before consent: Microsoft Ads (Bing) UET conversion tracking

Host: bat.bing.comFired: 3822ms after load
Microsoft Ads
criticalCookieAdvertisingMicrosoft Ads

Microsoft Ads cookie "_uetsid" set before consent

Cookie: _uetsidDomain: .coursera.org
Microsoft Ads
criticalCookieAdvertisingMicrosoft Ads

Microsoft Ads cookie "_uetvid" set before consent

Cookie: _uetvidDomain: .coursera.org
reddit (Advertising Tracker)
criticalNetworkAdvertisingreddit (Advertising Tracker)

reddit (advertising) loaded before consent

Host: www.redditstatic.comFired: 3822ms after load
Amplitude
criticalNetworkAnalyticsAmplitude

Amplitude (Amplitude) loaded before consent: Amplitude product analytics

Host: cdn.amplitude.comFired: 3823ms after load
Quora (Advertising Tracker)
criticalNetworkAdvertisingQuora (Advertising Tracker)

Quora (advertising) loaded before consent

Host: a.quora.comFired: 3823ms after load
Kargo (Advertising Tracker)
Kargo (Advertising Tracker)2 findings

storage.cloud.kargo.com, kds-pixel.kargo.com

Kargo (Advertising Tracker)
criticalNetworkAdvertisingKargo (Advertising Tracker)

Kargo (advertising) loaded before consent

Host: storage.cloud.kargo.comFired: 3823ms after load
Kargo (Advertising Tracker)
criticalNetworkAdvertisingKargo (Advertising Tracker)

Kargo (advertising) loaded before consent

Host: kds-pixel.kargo.comFired: 5238ms after load
Reddit Pixel
Reddit Pixel2 findings

alb.reddit.com, _rdt_uuid

Reddit Pixel
criticalNetworkAdvertisingReddit Pixel

Reddit Pixel (Reddit) loaded before consent: Reddit conversion tracking pixel

Host: alb.reddit.comFired: 4053ms after load
Reddit Pixel
criticalCookieAdvertisingReddit Pixel

Reddit Pixel cookie "_rdt_uuid" set before consent

Cookie: _rdt_uuidDomain: .coursera.org
Quora Pixel
criticalNetworkAdvertisingQuora Pixel

Quora Pixel (Quora) loaded before consent: Quora conversion tracking pixel

Host: q.quora.comFired: 4406ms after load
Advertising Tracker
criticalNetworkAdvertisingAdvertising Tracker

advertising tracker at bat.bing.net loaded before consent

Host: bat.bing.netFired: 4970ms after load
Amplitude (Analytics Tracker)
Amplitude (Analytics Tracker)2 findings

sr-client-cfg.amplitude.com, api-sr.amplitude.com

Amplitude (Analytics Tracker)
criticalNetworkAnalyticsAmplitude (Analytics Tracker)

Amplitude (analytics) loaded before consent

Host: sr-client-cfg.amplitude.comFired: 5154ms after load
Amplitude (Analytics Tracker)
criticalNetworkAnalyticsAmplitude (Analytics Tracker)

Amplitude (analytics) loaded before consent

Host: api-sr.amplitude.comFired: 5944ms after load
Google Analytics
Google Analytics2 findings

_ga_7GZ59JSFWQ, _ga

Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_7GZ59JSFWQ" set before consent

Cookie: _ga_7GZ59JSFWQDomain: .coursera.org
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga" set before consent

Cookie: _gaDomain: .coursera.org
DoubleClick/Google Marketing
criticalCookieMarketingDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "IDE" set before consent — This cookie is used for targeting, analyzing and optimisation of ad campaigns in DoubleClick/Google Marketing Suite

Cookie: IDEDomain: .doubleclick.netRetention: 2 years
Bing / Microsoft
criticalCookieMarketingBing / Microsoft

Bing / Microsoft cookie "MUID" set before consent — Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes.

Cookie: MUIDDomain: .bing.comRetention: 1 year
TikTok
TikTok2 findings

ttcsid, ttcsid_CTIORPRC77UDE4D3R2FG

TikTok
criticalCookieMarketingTikTok

TikTok cookie "ttcsid" set before consent — The TikTok cookie ttcsid likely serves as a session identifier, helping to maintain user sessions and track interactions across the platform. Its purpose is probably to manage user authentication or personalize content based on activity, similar to other session-related cookies used by TikTok.

Cookie: ttcsidDomain: .coursera.orgRetention: 1 year
TikTok
criticalCookieMarketingTikTok

TikTok cookie "ttcsid_CTIORPRC77UDE4D3R2FG" set before consent — The TikTok cookie ttcsid likely serves as a session identifier, helping to maintain user sessions and track interactions across the platform. Its purpose is probably to manage user authentication or personalize content based on activity, similar to other session-related cookies used by TikTok.

Cookie: ttcsid_CTIORPRC77UDE4D3R2FGDomain: .coursera.orgRetention: 1 year
TikTok — TikTok Pixel
criticalPost-RejectionAdvertisingTikTok — TikTok Pixel

TikTok — TikTok Pixel fires after user rejected consent

Fired: 17080ms after load
criticalConsent Record

No recognizable consent withdrawal mechanism detected — GDPR Article 7(3) requires users can withdraw consent as easily as giving it (cookie settings link or floating button expected)

Warnings33
Google Tag Manager
Google Tag Manager2 findingsID tracked

www.googletagmanager.com

Google Tag Manager
warningNetworkTag ManagementGoogle Tag Manager

Google Tag Manager loads before consent — this is expected and required for GCM v2 to initialise consent defaults before any tags fire

ID: GTM-5JKLVKHost: www.googletagmanager.comFired: 1953ms after load
Google Tag Manager
warningGTMTag ManagementGoogle Tag Manager

GTM loaded before consent banner — IP address transmitted to Google pre-consent (container: GTM-5JKLVK)

reddit (Social Tracker)
warningNetworkreddit (Social Tracker)

reddit (social) loaded before consent

Host: pixel-config.reddit.comFired: 4053ms after load
GA4 (server-side proxy)
warningNetworkGA4 (server-side proxy)

Possible server-side tag proxy at tags.coursera.org — analytics data may be forwarded to third parties before consent. Browser scanning cannot verify downstream recipients; audit your GTM Server-side or CNAME configuration.

Host: tags.coursera.orgFired: 4174ms after load
vendor logo
warningNetwork

Unknown third-party request to www.google.com before consent

Host: www.google.comFired: 3815ms after load
vendor logo
warningNetwork

Unknown third-party request to accounts.google.com before consent

Host: accounts.google.comFired: 4712ms after load
vendor logo
warningNetwork

Unknown third-party request to google.com before consent

Host: google.comFired: 5225ms after load
warningStorage

localStorage key "__test__store__" written before consent

Key: __test__store__Type: localStorageFired: 1767ms after load
warningStorage

localStorage key "__localStorageEx__" written before consent

Key: __localStorageEx__Type: localStorageFired: 1769ms after load
warningStorage

localStorage key "sequence-number-key" written before consent

Key: sequence-number-keyType: localStorageFired: 1772ms after load
warningStorage

localStorage key "__storejs__" written before consent

Key: __storejs__Type: localStorageFired: 1833ms after load
warningStorage

localStorage key "400batching" written before consent

Key: 400batchingType: localStorageFired: 2301ms after load
warningStorage

localStorage key "tracking.__index__" written before consent

Key: tracking.__index__Type: localStorageFired: 2776ms after load
warningStorage

localStorage key "tracking.session" written before consent

Key: tracking.sessionType: localStorageFired: 2776ms after load
warningStorage

localStorage key "tracking.device" written before consent

Key: tracking.deviceType: localStorageFired: 2777ms after load
warningStorage

localStorage key "__analytics_campaign__" written before consent

Key: __analytics_campaign__Type: localStorageFired: 2783ms after load
warningStorage

localStorage key "statsig.stable_id.2301460881" written before consent

Key: statsig.stable_id.2301460881Type: localStorageFired: 2822ms after load
warningStorage

sessionStorage key "__sessionStorageEx__" written before consent

Key: __sessionStorageEx__Type: sessionStorageFired: 2839ms after load
warningStorage

localStorage key "recently-viewed" written before consent

Key: recently-viewedType: localStorageFired: 2878ms after load
warningStorage

localStorage key "recent-searches" written before consent

Key: recent-searchesType: localStorageFired: 2882ms after load
warningStorage

localStorage key "lohp-view-timestamp" written before consent

Key: lohp-view-timestampType: localStorageFired: 3231ms after load
warningStorage

localStorage key "400batching-inflight" written before consent

Key: 400batching-inflightType: localStorageFired: 3388ms after load
warningStorage

localStorage key "statsig.session_id.2301460881" written before consent

Key: statsig.session_id.2301460881Type: localStorageFired: 3390ms after load
warningStorage

localStorage key "lastExternalReferrer" written before consent

Key: lastExternalReferrerType: localStorageFired: 4865ms after load
warningStorage

localStorage key "_uetsid" written before consent

Key: _uetsidType: localStorageFired: 4944ms after load
warningStorage

localStorage key "_uetsid_exp" written before consent

Key: _uetsid_expType: localStorageFired: 4945ms after load
warningStorage

localStorage key "_uetvid" written before consent

Key: _uetvidType: localStorageFired: 4946ms after load
warningStorage

localStorage key "_uetvid_exp" written before consent

Key: _uetvid_expType: localStorageFired: 4947ms after load
warningStorage

localStorage key "tracking.batch" written before consent

Key: tracking.batchType: localStorageFired: 5124ms after load
warningStorage

sessionStorage key "__sak" written before consent

Key: __sakType: sessionStorageFired: 5204ms after load
warningStorage

sessionStorage key "krg_px_session_id" written before consent

Key: krg_px_session_idType: sessionStorageFired: 5225ms after load
warningStorage

localStorage key "krg_px_data" written before consent

Key: krg_px_dataType: localStorageFired: 5226ms after load
warningStorage

localStorage key "AMP_remote_config_9f370ddd42" written before consent

Key: AMP_remote_config_9f370ddd42Type: localStorageFired: 5371ms after load
Info9
Amazon (Cdn)
Amazon (Cdn)2 findings

d3njjcbhbojbot.cloudfront.net, coursera_assets.s3.amazonaws.com

Amazon (Cdn)
infoNetworkAmazon (Cdn)

Amazon (cdn) loaded before consent

Host: d3njjcbhbojbot.cloudfront.netFired: 844ms after load
Amazon (Cdn)
infoNetworkAmazon (Cdn)

Amazon (cdn) loaded before consent

Host: coursera_assets.s3.amazonaws.comFired: 1149ms after load
Sentry
Sentry2 findings

browser.sentry-cdn.com, o75955.ingest.sentry.io

Sentry
infoNetworkAnalyticsSentry

Sentry (Sentry) loaded before consent: Sentry error monitoring and performance tracking

Host: browser.sentry-cdn.comFired: 998ms after load
Sentry
infoNetworkAnalyticsSentry

Sentry (Sentry) loaded before consent: Sentry error reporting endpoint

Host: o75955.ingest.sentry.ioFired: 1037ms after load
OneTrust
OneTrust2 findings

cdn.cookielaw.org, OptanonConsent

OneTrust
infoNetworkConsent MgmtOneTrust

OneTrust (OneTrust) loaded before consent: OneTrust cookie consent management

Host: cdn.cookielaw.orgFired: 2187ms after load
OneTrust
infoCookieConsent MgmtOneTrust

OneTrust cookie "OptanonConsent" set before consent

Cookie: OptanonConsentDomain: .coursera.org
OneTrust CMP
infoNetworkConsent MgmtOneTrust CMP

OneTrust CMP (OneTrust) loaded before consent: OneTrust geo-lookup — determines which consent banner to show based on user location

Host: geolocation.onetrust.comFired: 2427ms after load
Google (Cdn)
infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: www.google.nlFired: 4782ms after load
infoCookieFunctional

Cross-site request forgery token — security mechanism

Cookie: CSRF3-TokenDomain: .coursera.org
Compliant9
Google Analytics
Google Analytics4 findingsID tracked

region1.analytics.google.com, FPID, FPLC, _ga_ZCE2Q9YZ3F

GA4
CompliantNetworkAnalyticsGA4

GA4 (Google) loaded correctly after consent

ID: G-ZCE2Q9YZ3FHost: region1.analytics.google.comFired: 2696ms after load
Google Analytics
CompliantCookieAnalyticsGoogle Analytics

Google Analytics cookie "FPID" set correctly after consent

Cookie: FPIDDomain: .coursera.orgRetention: session
Google Analytics
CompliantCookieAnalyticsGoogle Analytics

Google Analytics cookie "FPLC" set correctly after consent

Cookie: FPLCDomain: .coursera.orgRetention: session
Google Analytics
CompliantCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_ZCE2Q9YZ3F" set correctly after consent

Cookie: _ga_ZCE2Q9YZ3FDomain: .coursera.org
LinkedIn Insight Tag
CompliantNetworkAdvertisingLinkedIn Insight Tag

LinkedIn Insight Tag (LinkedIn) loaded correctly after consent

Host: snap.licdn.comFired: 2317ms after load
OneTrust
CompliantCookieConsent MgmtOneTrust

OneTrust cookie "OptanonAlertBoxClosed" set correctly after consent

Cookie: OptanonAlertBoxClosedDomain: .coursera.org
LinkedIn
LinkedIn3 findings

bcookie, li_gc, lidc

LinkedIn
CompliantCookieMarketingLinkedIn

LinkedIn cookie "bcookie" set correctly after consent

Cookie: bcookieDomain: .linkedin.comRetention: 1 year
LinkedIn
CompliantCookieFunctionalLinkedIn

LinkedIn cookie "li_gc" set correctly after consent

Cookie: li_gcDomain: .linkedin.comRetention: 2 years
LinkedIn
CompliantCookieMarketingLinkedIn

LinkedIn cookie "lidc" set correctly after consent

Cookie: lidcDomain: .linkedin.comRetention: 1 day

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan coursera.org

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com