GEICO

geico.com

Compare

https://geico.com

Scanned Apr 15, 2026 · 38.6s

Your website score is

0/100
Critical

Grade

F0

Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 43 user data leaks before consent on geico.com, including QuantumMetric (Analytics Tracker), GA4, Meta Pixel and 11 more.

Security Headers

4/6 present

Strict-Transport-Security

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

report-uri /public/php/csp.php; frame-ancestors 'self' ; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.amazonaws.com *.geico.com *.cloud.geico.net *.google.com *.googleapis.com *.gstatic.com *.omtrdc.net *.qualaroo.com *.ringcentral.com *.youtube.com https://*.amazon-adsystem.com https://*.bing.com https://*.branch.io https://*.clarity.ms https://*.cookielaw.org https://*.demdex.net https://*.doubleclick.net https://*.evergage.com https://*.facebook.com https://*.force.com https://*.google-analytics.com https://*.instagram.com https://*.onetrust.com https://*.qualtrics.com https://*.quantummetric.com https://*.radar.com https://*.radar.io https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.twitter.com https://*.typekit.net https://agtchtui-api-dv.geico.net https://agtchtui-api-in.geico.net https://agtchtui-api-ut.geico.net https://agtchtui-api-ut.geico.com https://agtchtui-api-lt1.geico.net https://agtchtui-api-lt8.geico.net https://agtchtui-api-ft.geico.net https://agtchtui-api-pd.geico.com https://agtchtui-api-pd1.geico.com https://agtchtui-api-pd8.geico.com https://api.statsig.com https://api.statsigcdn.com https://assets.bugcrowdusercontent.com https://assetsconfigcdn.org https://app.link https://beyondwickedmapping.org https://bugcrowd.com https://cdn.ampproject.org https://cdn.evgnet.com https://cdn.jsdelivr.net https://cloudflare-dns.com https://cm.everesttech.net https://connect.facebook.net https://ct.pinterest.com https://events.statsigapi.net https://featureassets.org https://featuregates.org https://gateway.zscalerthree.net https://geicoinsurance.my.site.com https://geicoinsurance--hotfix.sandbox.my.site.com https://geicoinsurance--botsdev.sandbox.my.site.com https://geicoinsurance--perftest.sandbox.my.site.com https://geicoinsurance--sit.sandbox.my.site.com https://geicoinsurance--uat2.sandbox.my.site.com https://i.ytimg.com https://insight.adsrvr.org https://maxcdn.bootstrapcdn.com https://prodregistryv2.org https://rts.persado.com https://s.w.org https://*.sc-static.net https://sealserver.trustwave.com https://static.cdn-apple.com https://statsigapi.net https://*.snapchat.com https://www.googleadservices.com https://www.googletagmanager.com https://www.paypalobjects.com https://*.tapad.com https://*.linkedin.com ;

X-Frame-Options

sameorigin

X-Content-Type-Options

nosniff

Referrer-Policy

Set a Referrer-Policy header to control how much referrer information is shared

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

Not Detected

Google Consent Mode v2 was not found on this page. GCM v2 allows Google's tags to adjust their behavior based on user consent, and is required for compliant advertising measurement in the EU. Without it, your Google Ads and GA4 conversions may be impacted after consent is declined.

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

4 vendors

Consent Mode

Not Detected

GTM Load

Not detected

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

Vendors firing after rejection (4)

VendorCategoryTimingURL
OneTrust — OneTrustconsent_management18685mscdn.cookielaw.org
Meta — Meta Pixeladvertising18688msconnect.facebook.net
OneTrust — OneTrust CMPconsent_management18713msgeolocation.onetrust.com
Snapchat — Snapchat Pixeladvertising19055mstr.snapchat.com

Consent Record Audit

Pass

Consent record stored after interaction

GDPR Art. 7(1)

Found: OptanonConsent (OneTrust)

Record contains timestamp

Art. 7(1)

Timestamp field detected

Record contains consent state

Art. 7(1)

Accept/reject state detected

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

Cookie settings link / floating button found

Consent record and withdrawal mechanism are both correctly implemented

Tracker categories detected

Advertising7 vendors
Analytics4 vendors
Marketing3 vendors
Security2
Functional2 vendors
Critical34
Pinterest Tag
criticalNetworkAdvertisingPinterest Tag

Pinterest Tag (Pinterest) loaded before consent: Pinterest conversion tracking

ID: 2615812981079Host: ct.pinterest.comFired: 1836ms after load
Google Analytics
Google Analytics5 findingsID tracked

region1.analytics.google.com, www.googletagmanager.com, _ga_session, _ga_91H6GD762W, _ga

GA4
criticalNetworkAnalyticsGA4

GA4 (Google) loaded before consent: Sends pageview and event data to Google Analytics

ID: G-91H6GD762WHost: region1.analytics.google.comFired: 2229ms after load
GA4
criticalNetworkAnalyticsGA4

GA4 (Google) loaded before consent: Google Analytics gtag.js library

Host: www.googletagmanager.comFired: 1814ms after load
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_session" set before consent

Cookie: _ga_sessionDomain: .geico.com
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_91H6GD762W" set before consent

Cookie: _ga_91H6GD762WDomain: .geico.com
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga" set before consent

Cookie: _gaDomain: .geico.com
Google (Tracker Tracker)
Google (Tracker Tracker)4 findingsID tracked

stats.g.doubleclick.net, ad.doubleclick.net, 2992003.fls.doubleclick.net, adservice.google.com

Google (Tracker Tracker)
criticalNetworkGoogle (Tracker Tracker)

Google (tracker) loaded before consent

ID: G-91H6GD762WHost: stats.g.doubleclick.netFired: 2229ms after load
Google (Tracker Tracker)
criticalNetworkGoogle (Tracker Tracker)

Google (tracker) loaded before consent

Host: ad.doubleclick.netFired: 2551ms after load
Google (Tracker Tracker)
criticalNetworkGoogle (Tracker Tracker)

Google (tracker) loaded before consent

Host: 2992003.fls.doubleclick.netFired: 2551ms after load
Google (Tracker Tracker)
criticalNetworkGoogle (Tracker Tracker)

Google (tracker) loaded before consent

Host: adservice.google.comFired: 2681ms after load
Meta Pixel
Meta Pixel3 findingsID tracked

www.facebook.com, connect.facebook.net, _fbp

Meta Pixel
criticalNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded before consent: Meta Pixel tracking endpoint

ID: 980746741982743Host: www.facebook.comFired: 2669ms after load
Meta Pixel
criticalNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded before consent: Sends user data to Meta for ad targeting and conversion tracking

Host: connect.facebook.netFired: 1814ms after load
Meta Pixel
criticalCookieAdvertisingMeta Pixel

Meta Pixel cookie "_fbp" set before consent

Cookie: _fbpDomain: .geico.com
QuantumMetric (Analytics Tracker)
QuantumMetric (Analytics Tracker)3 findings

cdn.quantummetric.com, ingest.quantummetric.com, rl.quantummetric.com

QuantumMetric (Analytics Tracker)
criticalNetworkAnalyticsQuantumMetric (Analytics Tracker)

QuantumMetric (analytics) loaded before consent

Host: cdn.quantummetric.comFired: 663ms after load
QuantumMetric (Analytics Tracker)
criticalNetworkAnalyticsQuantumMetric (Analytics Tracker)

QuantumMetric (analytics) loaded before consent

Host: ingest.quantummetric.comFired: 3578ms after load
QuantumMetric (Analytics Tracker)
criticalNetworkAnalyticsQuantumMetric (Analytics Tracker)

QuantumMetric (analytics) loaded before consent

Host: rl.quantummetric.comFired: 5010ms after load
Amazon (Advertising Tracker)
criticalNetworkAdvertisingAmazon (Advertising Tracker)

Amazon (advertising) loaded before consent

Host: s.amazon-adsystem.comFired: 1836ms after load
The Trade Desk (Tracker Tracker)
criticalNetworkThe Trade Desk (Tracker Tracker)

The Trade Desk (tracker) loaded before consent

Host: insight.adsrvr.orgFired: 1836ms after load
Snapchat Pixel
Snapchat Pixel4 findings

tr.snapchat.com, sc-static.net, _scid, _scid_r

Snapchat Pixel
criticalNetworkAdvertisingSnapchat Pixel

Snapchat Pixel (Snapchat) loaded before consent: Snapchat pixel tracking endpoint

Host: tr.snapchat.comFired: 2041ms after load
Snapchat Pixel
criticalNetworkAdvertisingSnapchat Pixel

Snapchat Pixel (Snapchat) loaded before consent: Loads Snapchat conversion tracking script

Host: sc-static.netFired: 2393ms after load
Snapchat Pixel
criticalCookieAdvertisingSnapchat Pixel

Snapchat Pixel cookie "_scid" set before consent

Cookie: _scidDomain: .geico.com
Snapchat Pixel
criticalCookieAdvertisingSnapchat Pixel

Snapchat Pixel cookie "_scid_r" set before consent

Cookie: _scid_rDomain: .geico.com
Google Ads
Google Ads3 findings

www.google.com, _gcl_au, _gcl_ls

Google Ads
criticalNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded before consent: Google Consent Mode data collection for ad measurement

Host: www.google.comFired: 2554ms after load
Google Ads
criticalCookieAdvertisingGoogle Ads

Google Ads cookie "_gcl_au" set before consent

Cookie: _gcl_auDomain: .geico.com
Google Ads
criticalStorageAdvertisingGoogle Ads

Google Ads (Google) wrote "_gcl_ls" to localStorage before consent

Key: _gcl_lsType: localStorageFired: 2527ms after load
DoubleClick/Google Marketing
criticalCookieMarketingDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "ar_debug" set before consent — Store and track conversions

Cookie: ar_debugDomain: .pinterest.comRetention: Persistent
Pinterest
criticalCookieMarketingPinterest

Pinterest cookie "_pinterest_ct_ua" set before consent — This cookieis a third party cookie which groups actions for users who cannot be identified by Pinterest.

Cookie: _pinterest_ct_uaDomain: .ct.pinterest.comRetention: session
Amazon
Amazon2 findings

ad-id, ad-privacy

Amazon
criticalCookieMarketingAmazon

Amazon cookie "ad-id" set before consent — Clickthroughs to Amazon websites: Noting how the user got to Amazon via this website

Cookie: ad-idDomain: .amazon-adsystem.comRetention: 190 days
Amazon
criticalCookieMarketingAmazon

Amazon cookie "ad-privacy" set before consent — Provided by amazon-adsystem.com for tracking user actions on other websites to provide targeted content to the users.

Cookie: ad-privacyDomain: .amazon-adsystem.comRetention: 5 years
Marfeel
criticalCookieAnalyticsMarfeel

Marfeel cookie "_screload" set before consent — This cookie is used to store for temporary session

Cookie: _screloadDomain: .geico.comRetention: Session
OneTrust — OneTrust
criticalPost-RejectionConsent MgmtOneTrust — OneTrust

OneTrust — OneTrust fires after user rejected consent

Fired: 18685ms after load
Meta — Meta Pixel
criticalPost-RejectionAdvertisingMeta — Meta Pixel

Meta — Meta Pixel fires after user rejected consent

Fired: 18688ms after load
OneTrust — OneTrust CMP
criticalPost-RejectionConsent MgmtOneTrust — OneTrust CMP

OneTrust — OneTrust CMP fires after user rejected consent

Fired: 18713ms after load
Snapchat — Snapchat Pixel
criticalPost-RejectionAdvertisingSnapchat — Snapchat Pixel

Snapchat — Snapchat Pixel fires after user rejected consent

Fired: 19055ms after load
Warnings13
Analytics proxy
Analytics proxy2 findings

tags.geico.com, tagsdata.geico.com

Analytics proxy
warningNetworkAnalytics proxy

Possible server-side tag proxy at tags.geico.com — analytics data may be forwarded to third parties before consent. Browser scanning cannot verify downstream recipients; audit your GTM Server-side or CNAME configuration.

Host: tags.geico.comFired: 664ms after load
Analytics proxy
warningNetworkAnalytics proxy

Possible server-side tag proxy at tagsdata.geico.com — analytics data may be forwarded to third parties before consent. Browser scanning cannot verify downstream recipients; audit your GTM Server-side or CNAME configuration.

Host: tagsdata.geico.comFired: 1814ms after load
warningStorage

localStorage key "sequenceNumber" written before consent

Key: sequenceNumberType: localStorageFired: 1789ms after load
warningStorage

localStorage key "u_sclid" written before consent

Key: u_sclidType: localStorageFired: 1969ms after load
warningStorage

localStorage key "u_sclid_r" written before consent

Key: u_sclid_rType: localStorageFired: 1969ms after load
warningStorage

sessionStorage key "u_scsid" written before consent

Key: u_scsidType: sessionStorageFired: 1969ms after load
warningStorage

sessionStorage key "u_scsid_r" written before consent

Key: u_scsid_rType: sessionStorageFired: 1969ms after load
warningStorage

localStorage key "lastExternalReferrer" written before consent

Key: lastExternalReferrerType: localStorageFired: 2622ms after load
warningStorage

sessionStorage key "qualtricssessionstoragetestkey" written before consent

Key: qualtricssessionstoragetestkeyType: sessionStorageFired: 3410ms after load
warningStorage

sessionStorage key "QSI_HistorySession" written before consent

Key: QSI_HistorySessionType: sessionStorageFired: 3890ms after load
warningStorage

sessionStorage key "QSI_ActionSetHistory" written before consent

Key: QSI_ActionSetHistoryType: sessionStorageFired: 4569ms after load
warningStorage

localStorage key "qsi_test_local_storage" written before consent

Key: qsi_test_local_storageType: localStorageFired: 4572ms after load
warningStorage

localStorage key "Q_INTER" written before consent

Key: Q_INTERType: localStorageFired: 4580ms after load
Info9
Google (Cdn)
Google (Cdn)2 findingsID tracked

www.google.nl, fonts.gstatic.com

Google (Cdn)
infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

ID: G-91H6GD762WHost: www.google.nlFired: 2233ms after load
Google (Cdn)
infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: fonts.gstatic.comFired: 7674ms after load
OneTrust
OneTrust2 findings

cdn.cookielaw.org, OptanonConsent

OneTrust
infoNetworkConsent MgmtOneTrust

OneTrust (OneTrust) loaded before consent: OneTrust cookie consent management

Host: cdn.cookielaw.orgFired: 1814ms after load
OneTrust
infoCookieConsent MgmtOneTrust

OneTrust cookie "OptanonConsent" set before consent

Cookie: OptanonConsentDomain: .geico.com
OneTrust CMP
infoNetworkConsent MgmtOneTrust CMP

OneTrust CMP (OneTrust) loaded before consent: OneTrust geo-lookup — determines which consent banner to show based on user location

Host: geolocation.onetrust.comFired: 2036ms after load
Qualtrics (Cdn)
infoNetworkQualtrics (Cdn)

Qualtrics (cdn) loaded before consent

Host: zn0thecsujsizknzd-geico.siteintercept.qualtrics.comFired: 3414ms after load
Wix.com2 findings

TS01dc4fc6, TS01963090

infoCookieFunctionalWix.com

Wix.com cookie "TS01dc4fc6" set before consent — Used for security and anti-fraud reasons

Cookie: TS01dc4fc6Domain: www.geico.comRetention: session
infoCookieFunctionalWix.com

Wix.com cookie "TS01963090" set before consent — Used for security and anti-fraud reasons

Cookie: TS01963090Domain: .geico.comRetention: session
DoubleClick/Google Marketing
infoCookieFunctionalDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "test_cookie" set before consent — This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor's browser supports cookies.

Cookie: test_cookieDomain: .doubleclick.netRetention: 1 year
Compliant2
OneTrust
CompliantCookieConsent MgmtOneTrust

OneTrust cookie "OptanonAlertBoxClosed" set correctly after consent

Cookie: OptanonAlertBoxClosedDomain: .geico.com
DoubleClick/Google Marketing
CompliantCookieMarketingDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "IDE" set correctly after consent

Cookie: IDEDomain: .doubleclick.netRetention: 2 years

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan geico.com

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com