https://dsw.com
Scanned Apr 17, 2026 · 37.1s
Your website score is
Grade
BannerConsent Banner
No
Regulatory Compliance
Multi-regulation overview — click any regulation for details
Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.
Tag Leak detected 27 user data leaks before consent on dsw.com, including Optimizely, Signifyd (Tracker Tracker), Advertising Tracker and 1 more.
Security Headers
0/6 presentStrict-Transport-Security
Add HSTS header to enforce HTTPS connections and prevent downgrade attacks
Content-Security-Policy
Add a Content-Security-Policy header to prevent XSS and code injection attacks
X-Frame-Options
Add X-Frame-Options header to prevent clickjacking attacks
X-Content-Type-Options
Set X-Content-Type-Options to 'nosniff' to prevent MIME type sniffing
Referrer-Policy
Set a Referrer-Policy header to control how much referrer information is shared
Permissions-Policy
Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation
Google Consent Mode
Not DetectedGoogle Consent Mode v2 was not found on this page. GCM v2 allows Google's tags to adjust their behavior based on user consent, and is required for compliant advertising measurement in the EU. Without it, your Google Ads and GA4 conversions may be impacted after consent is declined.
Post-Rejection Audit
Reject Button
Missing
Post-Rejection Fires
0 vendors
Consent Mode
Not Detected
GTM Load
Not detected
Consent Mode V2: Not Detected
Google Consent Mode was not detected on this site.
Consent Record Audit
PassConsent record stored after interaction
GDPR Art. 7(1)Found: OptanonConsent (OneTrust)
Record contains timestamp
Art. 7(1)Timestamp field detected
Record contains consent state
Art. 7(1)Accept/reject state detected
Record contains consent categories
Art. 7(1)Consent categories (analytics, marketing, etc.) not found in record
Consent withdrawal mechanism accessible
GDPR Art. 7(3)Cookie settings link / floating button found
Tracker categories detected
Critical10
Data was transmitted to a third-party or storage was written on the user’s device before consent. This is a GDPR/ePrivacy violation, not just a script load.
Optimizely2 findingscdn.optimizely.com, logx.optimizely.com
cdn.optimizely.com, logx.optimizely.com
Optimizely (Optimizely) loaded before consent: Optimizely experimentation and A/B testing
Optimizely (Optimizely) loaded before consent: Optimizely event logging endpoint
Signifyd (Tracker Tracker)2 findingscdn-scripts.signifyd.com, dp.signifyd.com
cdn-scripts.signifyd.com, dp.signifyd.com
Signifyd (tracker) loaded before consent
Signifyd (tracker) loaded before consent
advertising tracker at imgs.signifyd.com loaded before consent
RELX (Tracker Tracker)3 findingsh.online-metrix.net, h64.online-metrix.net, w2txo5aasxrqhysv76nli3n3yi3ymeajgsywmn3sc2804d48b5f57943am1.e.aa.online-metrix.net
h.online-metrix.net, h64.online-metrix.net, w2txo5aasxrqhysv76nli3n3yi3ymeajgsywmn3sc2804d48b5f57943am1.e.aa.online-metrix.net
RELX (tracker) loaded before consent
RELX (tracker) loaded before consent
RELX (tracker) loaded before consent
No consent banner detected — all cookies and tags fire without user consent
No "reject all" option found — users cannot refuse non-essential cookies (ICO guidance requires this)
Warnings18
A tag container or script loaded before consent but tags appear correctly gated (e.g. GTM with Consent Mode v2). Not a violation on its own — review to confirm downstream tags stay blocked.
Unknown third-party request to js.braintreegateway.com before consent
Unknown third-party request to a40.usablenet.com before consent
Unknown third-party request to product-initjs.prod.rfksrv.com before consent
Unknown third-party request to prod-east-alweb-mt.rfksrv.com before consent
Unknown third-party request to applepay.cdn-apple.com before consent
Unknown third-party request to assets.designerbrands.com before consent
sessionStorage key "sentryReplaySession" written before consent
sessionStorage key "statusFrameState.previewVisitorContext" written before consent
sessionStorage key "visualSearchState" written before consent
sessionStorage key "sameDayDeliveryState" written before consent
sessionStorage key "isPdpReloaded" written before consent
sessionStorage key "signifydId" written before consent
localStorage key "__test__localStorage__" written before consent
localStorage key "__paypal_storage__" written before consent
localStorage key "ed73f20edbf2b74" written before consent
localStorage key "active_experiments" written before consent
sessionStorage key "paymentState" written before consent
localStorage key "fs_optly_pending_events" written before consent
Info4
Neutral observations — activity we detected that isn’t a violation but is useful context (e.g. essential cookies, CMP initialisation).
Paypal (cdn) loaded before consent
Sentry (Sentry) loaded before consent: Sentry error reporting endpoint
AfterPay (cdn) loaded before consent
DataDome bot protection — necessary for site security
Compliant41
Tags that fired only after the user gave consent — working as intended.
Snapchat cookie "X-AB" set correctly after consent
Adobe Audience Manager3 findingsdemdex, AMCVS_A8683BC75245AF560A490D4D%40AdobeOrg, dpm
demdex, AMCVS_A8683BC75245AF560A490D4D%40AdobeOrg, dpm
Adobe Audience Manager cookie "demdex" set correctly after consent
Adobe Audience Manager cookie "AMCVS_A8683BC75245AF560A490D4D%40AdobeOrg" set correctly after consent
Adobe Audience Manager cookie "dpm" set correctly after consent
Adform2 findingsuid, c
uid, c
Adform cookie "uid" set correctly after consent
Adform cookie "c" set correctly after consent
TikTok Pixel5 findings_ttp, _tt_enable_cookie, tt_sessionId, tt_appInfo, tt_pixel_session_index
_ttp, _tt_enable_cookie, tt_sessionId, tt_appInfo, tt_pixel_session_index
TikTok Pixel cookie "_ttp" set correctly after consent
TikTok Pixel cookie "_tt_enable_cookie" set correctly after consent
TikTok Pixel (TikTok) wrote "tt_sessionId" to sessionStorage correctly after consent
TikTok Pixel (TikTok) wrote "tt_appInfo" to sessionStorage correctly after consent
TikTok Pixel (TikTok) wrote "tt_pixel_session_index" to sessionStorage correctly after consent
Adobe Advertising cookie "everest_g_v2" set correctly after consent
Adobe Analytics2 findingss_ecid, AMCV_A8683BC75245AF560A490D4D%40AdobeOrg
s_ecid, AMCV_A8683BC75245AF560A490D4D%40AdobeOrg
Adobe Analytics cookie "s_ecid" set correctly after consent
Adobe Analytics cookie "AMCV_A8683BC75245AF560A490D4D%40AdobeOrg" set correctly after consent
Snapchat Pixel2 findings_scid, _scid_r
_scid, _scid_r
Snapchat Pixel cookie "_scid" set correctly after consent
Snapchat Pixel cookie "_scid_r" set correctly after consent
Amazon Web Services cookie "AWSALBCORS" set correctly after consent
LinkedIn cookie "brwsr" set correctly after consent
Snowplow3 findings_sp_ses.77b1, _sp_id.77b1, sp
_sp_ses.77b1, _sp_id.77b1, sp
Snowplow cookie "_sp_ses.77b1" set correctly after consent
Snowplow cookie "_sp_id.77b1" set correctly after consent
Snowplow cookie "sp" set correctly after consent
Reddit Pixel cookie "_rdt_uuid" set correctly after consent
Neustar cookie "ab" set correctly after consent
Braze2 findingsab.storage.sessionId.e48d56a6-2d88-46de-bc1a-bccd8f79536a, ab.storage.deviceId.e48d56a6-2d88-46de-bc1a-bccd8f79536a
ab.storage.sessionId.e48d56a6-2d88-46de-bc1a-bccd8f79536a, ab.storage.deviceId.e48d56a6-2d88-46de-bc1a-bccd8f79536a
Braze cookie "ab.storage.sessionId.e48d56a6-2d88-46de-bc1a-bccd8f79536a" set correctly after consent
Braze cookie "ab.storage.deviceId.e48d56a6-2d88-46de-bc1a-bccd8f79536a" set correctly after consent
PayPal cookie "ts" set correctly after consent
CreativeCDN cookie "g" set correctly after consent
Meta Pixel cookie "_fbp" set correctly after consent
DoubleClick/Google Marketing2 findingsar_debug, IDE
ar_debug, IDE
DoubleClick/Google Marketing cookie "ar_debug" set correctly after consent
DoubleClick/Google Marketing cookie "IDE" set correctly after consent
Pinterest Tag cookie "_pin_unauth" set correctly after consent
Microsoft Ads2 findings_uetsid, _uetvid
_uetsid, _uetvid
Microsoft Ads cookie "_uetsid" set correctly after consent
Microsoft Ads cookie "_uetvid" set correctly after consent
Bing / Microsoft cookie "MUID" set correctly after consent
Pinterest cookie "_pinterest_ct_ua" set correctly after consent
OneTrust cookie "OptanonConsent" set correctly after consent
Xandr3 findingsXANDR_PANID, uuid2, anj
XANDR_PANID, uuid2, anj
Xandr cookie "XANDR_PANID" set correctly after consent
Xandr cookie "uuid2" set correctly after consent
Xandr cookie "anj" set correctly after consent
TikTok2 findingsttcsid, ttcsid_C85RVFVV9S6R0CDU8610
ttcsid, ttcsid_C85RVFVV9S6R0CDU8610
TikTok cookie "ttcsid" set correctly after consent
TikTok cookie "ttcsid_C85RVFVV9S6R0CDU8610" set correctly after consent
Is this your site?
Run a full multi-page scan with monitoring and get detailed remediation steps
Scan dsw.com →This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com