Marks & Spencer

marksandspencer.com

Compare

https://marksandspencer.com

Scanned Apr 15, 2026 · 42.9s

Your website score is

0/100
Critical

Grade

F0

Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 65 user data leaks before consent on marksandspencer.com, including Optimizely (Advertising Tracker), Optimizely, Tealium (Tracker Tracker) and 11 more.

Security Headers

1/6 present

Strict-Transport-Security

max-age=15768000

Content-Security-Policy

Add a Content-Security-Policy header to prevent XSS and code injection attacks

X-Frame-Options

Add X-Frame-Options header to prevent clickjacking attacks

X-Content-Type-Options

Set X-Content-Type-Options to 'nosniff' to prevent MIME type sniffing

Referrer-Policy

Set a Referrer-Policy header to control how much referrer information is shared

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

V2
55/100

Consent Parameters

ParameterDefaultUpdated
Ad Storagegrantedgranted
Ad User Datagrantedgranted
Ad Personalizationgrantedgranted
Analytics Storagegrantedgranted
Functionality Storagenot_setnot_set
Personalization Storagenot_setnot_set
Security Storagenot_setnot_set

Issues (5)

ad_storage defaults to "granted" — should default to "denied" for GDPR compliance

ad_user_data defaults to "granted" — should default to "denied" for GDPR compliance

ad_personalization defaults to "granted" — should default to "denied" for GDPR compliance

analytics_storage defaults to "granted" — should default to "denied" for GDPR compliance

No GTM container detected — consent mode works best with Google Tag Manager

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

4 vendors

Consent Mode

Not Detected

GTM Load

Not detected

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

✓ gtag('consent', 'update') call detected on rejection

Vendors firing after rejection (4)

VendorCategoryTimingURL
Google — GA4analytics19609mswww.googletagmanager.com
Google — Google Adsadvertising20085mswww.googleadservices.com
Google — Google Adsadvertising20087mswww.google.com
Google — Google Adsadvertising20151msgoogleads.g.doubleclick.net

Consent Record Audit

Pass

Consent record stored after interaction

GDPR Art. 7(1)

Found: OptanonConsent (OneTrust)

Record contains timestamp

Art. 7(1)

Timestamp field detected

Record contains consent state

Art. 7(1)

Accept/reject state detected

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

Cookie settings link / floating button found

Consent record and withdrawal mechanism are both correctly implemented

Tracker categories detected

Advertising10 vendors
Analytics9 vendors
Marketing8 vendors
Security5
Functional4 vendors
Critical25
Meta Pixel
Meta Pixel2 findingsID tracked

www.facebook.com, connect.facebook.net

Meta Pixel
criticalNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded before consent: Meta Pixel tracking endpoint

ID: 532532436920970Host: www.facebook.comFired: 9311ms after load
Meta Pixel
criticalNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded before consent: Sends user data to Meta for ad targeting and conversion tracking

Host: connect.facebook.netFired: 7366ms after load
Optimizely (Advertising Tracker)
Optimizely (Advertising Tracker)2 findings

cdn-pci.optimizely.com, a22021240096.cdn-pci.optimizely.com

Optimizely (Advertising Tracker)
criticalNetworkAdvertisingOptimizely (Advertising Tracker)

Optimizely (advertising) loaded before consent

Host: cdn-pci.optimizely.comFired: 372ms after load
Optimizely (Advertising Tracker)
criticalNetworkAdvertisingOptimizely (Advertising Tracker)

Optimizely (advertising) loaded before consent

Host: a22021240096.cdn-pci.optimizely.comFired: 1261ms after load
Optimizely
criticalNetworkAnalyticsOptimizely

Optimizely (Optimizely) loaded before consent: Optimizely experimentation and A/B testing

Host: cdn.optimizely.comFired: 1250ms after load
Tealium (Tracker Tracker)
criticalNetworkTealium (Tracker Tracker)

Tealium (tracker) loaded before consent

Host: tags.tiqcdn.comFired: 3431ms after load
Dynatrace (Analytics Tracker)
criticalNetworkAnalyticsDynatrace (Analytics Tracker)

Dynatrace (analytics) loaded before consent

Host: bf94809uzh.bf.dynatrace.comFired: 3520ms after load
OneTrust (Tracker Tracker)
criticalNetworkOneTrust (Tracker Tracker)

OneTrust (tracker) loaded before consent

Host: cdn-ukwest.onetrust.comFired: 5141ms after load
CHEQ (Tracker Tracker)
CHEQ (Tracker Tracker)2 findings

euob.iseaskies.com, obseu.iseaskies.com

CHEQ (Tracker Tracker)
criticalNetworkCHEQ (Tracker Tracker)

CHEQ (tracker) loaded before consent

Host: euob.iseaskies.comFired: 5141ms after load
CHEQ (Tracker Tracker)
criticalNetworkCHEQ (Tracker Tracker)

CHEQ (tracker) loaded before consent

Host: obseu.iseaskies.comFired: 6537ms after load
AppsFlyer
criticalNetworkAdvertisingAppsFlyer

AppsFlyer (AppsFlyer) loaded before consent: AppsFlyer mobile attribution and marketing analytics

Host: websdk.appsflyer.comFired: 5356ms after load
mParticle
criticalNetworkAnalyticsmParticle

mParticle (mParticle) loaded before consent: mParticle customer data platform

Host: jssdkcdns.mparticle.comFired: 6580ms after load
Microsoft Ads
criticalNetworkAdvertisingMicrosoft Ads

Microsoft Ads (Microsoft) loaded before consent: Microsoft Ads (Bing) UET conversion tracking

Host: bat.bing.comFired: 7377ms after load
Google Ads
Google Ads2 findings

www.googleadservices.com, googleads.g.doubleclick.net

Google Ads
criticalNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded before consent: Google Ads conversion tracking

Host: www.googleadservices.comFired: 7479ms after load
Google Ads
criticalNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded before consent: Sends conversion data to Google Ads

Host: googleads.g.doubleclick.netFired: 7535ms after load
Rokt (Analytics Tracker)
Rokt (Analytics Tracker)2 findings

identity.mparticle.com, jssdks.mparticle.com

Rokt (Analytics Tracker)
criticalNetworkAnalyticsRokt (Analytics Tracker)

Rokt (analytics) loaded before consent

Host: identity.mparticle.comFired: 7685ms after load
Rokt (Analytics Tracker)
criticalNetworkAnalyticsRokt (Analytics Tracker)

Rokt (analytics) loaded before consent

Host: jssdks.mparticle.comFired: 8717ms after load
Advertising Tracker
criticalNetworkAdvertisingAdvertising Tracker

advertising tracker at bat.bing.net loaded before consent

Host: bat.bing.netFired: 8812ms after load
Dynatrace
Dynatrace5 findings

rxVisitor, dtSa, dtCookie, rxvt, dtPC

Dynatrace
criticalCookieAnalyticsDynatrace

Dynatrace cookie "rxVisitor" set before consent — This cookie is used by RUM API, Dynatrace Real User Monitoring (RUM) gives you the power to know your customers by providing performance analysis in real time.

Cookie: rxVisitorDomain: .marksandspencer.comRetention: Session
Dynatrace
criticalCookieAnalyticsDynatrace

Dynatrace cookie "dtSa" set before consent — This cookie is used by RUM API, Dynatrace Real User Monitoring (RUM) gives you the power to know your customers by providing performance analysis in real time.

Cookie: dtSaDomain: .marksandspencer.comRetention: Session
Dynatrace
criticalCookieAnalyticsDynatrace

Dynatrace cookie "dtCookie" set before consent — This cookie is used by RUM API, Dynatrace Real User Monitoring (RUM) gives you the power to know your customers by providing performance analysis in real time.

Cookie: dtCookieDomain: .marksandspencer.comRetention: Session
Dynatrace
criticalCookieAnalyticsDynatrace

Dynatrace cookie "rxvt" set before consent — This cookie is used by RUM API, Dynatrace Real User Monitoring (RUM) gives you the power to know your customers by providing performance analysis in real time.

Cookie: rxvtDomain: .marksandspencer.comRetention: Session
Dynatrace
criticalCookieAnalyticsDynatrace

Dynatrace cookie "dtPC" set before consent — This cookie is used by RUM API, Dynatrace Real User Monitoring (RUM) gives you the power to know your customers by providing performance analysis in real time.

Cookie: dtPCDomain: .marksandspencer.comRetention: Session
Google — GA4
criticalPost-RejectionAnalyticsGoogle — GA4

Google — GA4 fires after user rejected consent

Fired: 19609ms after load
Google — Google Ads
criticalPost-RejectionAdvertisingGoogle — Google Ads

Google — Google Ads fires after user rejected consent

Fired: 20085ms after load
Warnings42
vendor logo
warningNetwork

Unknown third-party request to assets.digitalcontent.marksandspencer.app before consent

Host: assets.digitalcontent.marksandspencer.appFired: 1763ms after load
vendor logo
warningNetwork

Unknown third-party request to images.ctfassets.net before consent

Host: images.ctfassets.netFired: 1763ms after load
vendor logo
warningNetwork

Unknown third-party request to www.google.com before consent

Host: www.google.comFired: 7686ms after load
warningStorage

localStorage key "optimizely_data$$17762888736971241434$$23116130417$$tracker_optimizely" written before consent

Key: optimizely_data$$17762888736971241434$$23116130417$$tracker_optimizelyType: localStorageFired: 966ms after load
warningStorage

localStorage key "optimizely_data$$17762888736971241434$$23116130417$$layer_states" written before consent

Key: optimizely_data$$17762888736971241434$$23116130417$$layer_statesType: localStorageFired: 967ms after load
warningStorage

localStorage key "optimizely_data$$17762888736971241434$$23116130417$$session_state" written before consent

Key: optimizely_data$$17762888736971241434$$23116130417$$session_stateType: localStorageFired: 967ms after load
warningStorage

localStorage key "optimizely_data$$17762888736971241434$$23116130417$$visitor_profile" written before consent

Key: optimizely_data$$17762888736971241434$$23116130417$$visitor_profileType: localStorageFired: 967ms after load
warningStorage

localStorage key "optimizely_data$$17762888736971241434$$23116130417$$variation_map" written before consent

Key: optimizely_data$$17762888736971241434$$23116130417$$variation_mapType: localStorageFired: 967ms after load
warningStorage

localStorage key "optimizely_data$$17762888736971241434$$23116130417$$layer_map" written before consent

Key: optimizely_data$$17762888736971241434$$23116130417$$layer_mapType: localStorageFired: 967ms after load
warningStorage

localStorage key "optimizely_data$$17762888736971241434$$23116130417$$contextual_mab" written before consent

Key: optimizely_data$$17762888736971241434$$23116130417$$contextual_mabType: localStorageFired: 969ms after load
warningStorage

sessionStorage key "rxVisitor" written before consent

Key: rxVisitorType: sessionStorageFired: 1111ms after load
warningStorage

sessionStorage key "rxvisitid" written before consent

Key: rxvisitidType: sessionStorageFired: 1113ms after load
warningStorage

sessionStorage key "rxvt" written before consent

Key: rxvtType: sessionStorageFired: 1119ms after load
warningStorage

sessionStorage key "dtSa" written before consent

Key: dtSaType: sessionStorageFired: 1149ms after load
warningStorage

localStorage key "dtCFG_y9v2g88q_03d0fec4ecab1d80" written before consent

Key: dtCFG_y9v2g88q_03d0fec4ecab1d80Type: localStorageFired: 1187ms after load
warningStorage

sessionStorage key "dtTAB_y9v2g88q" written before consent

Key: dtTAB_y9v2g88qType: sessionStorageFired: 1189ms after load
warningStorage

localStorage key "experimentsFirstPath" written before consent

Key: experimentsFirstPathType: localStorageFired: 3229ms after load
warningStorage

localStorage key "user-session-start-time" written before consent

Key: user-session-start-timeType: localStorageFired: 3230ms after load
warningStorage

sessionStorage key "onyx-dynatrace" written before consent

Key: onyx-dynatraceType: sessionStorageFired: 3267ms after load
warningStorage

sessionStorage key "onyx-event-data" written before consent

Key: onyx-event-dataType: sessionStorageFired: 3269ms after load
warningStorage

localStorage key "optimizely_data$$17762888736971241434$$23116130417$$event_queue" written before consent

Key: optimizely_data$$17762888736971241434$$23116130417$$event_queueType: localStorageFired: 3332ms after load
warningStorage

localStorage key "nextauth.message" written before consent

Key: nextauth.messageType: localStorageFired: 4969ms after load
warningStorage

sessionStorage key "analytics_entry_ref" written before consent

Key: analytics_entry_refType: sessionStorageFired: 5076ms after load
warningStorage

sessionStorage key "analytics_entry_extid" written before consent

Key: analytics_entry_extidType: sessionStorageFired: 5076ms after load
warningStorage

sessionStorage key "cwv" written before consent

Key: cwvType: sessionStorageFired: 5326ms after load
warningStorage

sessionStorage key "dtCookie" written before consent

Key: dtCookieType: sessionStorageFired: 5815ms after load
warningStorage

localStorage key "_cq_check" written before consent

Key: _cq_checkType: localStorageFired: 5851ms after load
warningStorage

sessionStorage key "_cq_tuid" written before consent

Key: _cq_tuidType: sessionStorageFired: 6524ms after load
warningStorage

sessionStorage key "analytics_prev_pagename" written before consent

Key: analytics_prev_pagenameType: sessionStorageFired: 6556ms after load
warningStorage

sessionStorage key "analytics_prev_pagetype" written before consent

Key: analytics_prev_pagetypeType: sessionStorageFired: 6556ms after load
warningStorage

sessionStorage key "analytics_prev_pagedetail" written before consent

Key: analytics_prev_pagedetailType: sessionStorageFired: 6556ms after load
warningStorage

sessionStorage key "AF_BANNERS_SESSION_ID" written before consent

Key: AF_BANNERS_SESSION_IDType: sessionStorageFired: 6589ms after load
warningStorage

localStorage key "_cq_cdr" written before consent

Key: _cq_cdrType: localStorageFired: 7350ms after load
warningStorage

localStorage key "_cq_p_tg" written before consent

Key: _cq_p_tgType: localStorageFired: 7350ms after load
warningStorage

localStorage key "_cq_p_tt" written before consent

Key: _cq_p_ttType: localStorageFired: 7350ms after load
warningStorage

localStorage key "_cq_p_ai" written before consent

Key: _cq_p_aiType: localStorageFired: 7351ms after load
warningStorage

localStorage key "_cq_p_ven" written before consent

Key: _cq_p_venType: localStorageFired: 7351ms after load
warningStorage

localStorage key "mparticle" written before consent

Key: mparticleType: localStorageFired: 7596ms after load
warningStorage

localStorage key "mprtcl-v4_FCDBA4DA-id-cache" written before consent

Key: mprtcl-v4_FCDBA4DA-id-cacheType: localStorageFired: 7600ms after load
warningStorage

localStorage key "mprtcl-tos-FCDBA4DA" written before consent

Key: mprtcl-tos-FCDBA4DAType: localStorageFired: 7668ms after load
warningStorage

sessionStorage key "mprtcl-v4_FCDBA4DA-events" written before consent

Key: mprtcl-v4_FCDBA4DA-eventsType: sessionStorageFired: 8598ms after load
warningStorage

localStorage key "lastExternalReferrer" written before consent

Key: lastExternalReferrerType: localStorageFired: 9094ms after load
Info14
Dynatrace (Cdn)
infoNetworkDynatrace (Cdn)

Dynatrace (cdn) loaded before consent

Host: js-cdn.dynatrace.comFired: 372ms after load
Google (Cdn)
infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: www.google.nlFired: 7880ms after load
Azure / Microsoft
Azure / Microsoft2 findings

ASLBSA, ASLBSACORS

Azure / Microsoft
infoCookieFunctionalAzure / Microsoft

Azure / Microsoft cookie "ASLBSA" set before consent — Microsoft App Service and Front Door Affinity Cookies. These cookies are used to direct your browser to use the appropriate backend server.

Cookie: ASLBSADomain: www.marksandspencer.comRetention: Session
Azure / Microsoft
infoCookieFunctionalAzure / Microsoft

Azure / Microsoft cookie "ASLBSACORS" set before consent — Microsoft App Service and Front Door Affinity Cookies. These cookies are used to direct your browser to use the appropriate backend server.

Cookie: ASLBSACORSDomain: www.marksandspencer.comRetention: Session
CHEQ AI Technologies2 findings

_cq_duid, _cq_suid

infoCookieFunctionalCHEQ AI Technologies

CHEQ AI Technologies cookie "_cq_duid" set before consent — Used by the website to protect against fraud in relation to its referral system.

Cookie: _cq_duidDomain: .marksandspencer.comRetention: 3 months
infoCookieFunctionalCHEQ AI Technologies

CHEQ AI Technologies cookie "_cq_suid" set before consent — This cookie is used to distinguish between humans and bots.

Cookie: _cq_suidDomain: .marksandspencer.comRetention: 3 months
DoubleClick/Google Marketing
infoCookieFunctionalDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "test_cookie" set before consent — This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor's browser supports cookies.

Cookie: test_cookieDomain: .doubleclick.netRetention: 1 year
infoCookieFunctionalNextAuth.js

NextAuth.js cookie "__Secure-next-auth.callback-url" set before consent — Used to store the callback URL which the user should be redirected to after login.

Cookie: __Secure-next-auth.callback-urlDomain: www.marksandspencer.comRetention: session
OneTrust
infoCookieConsent MgmtOneTrust

OneTrust cookie "OptanonConsent" set before consent

Cookie: OptanonConsentDomain: .marksandspencer.com
infoCookieFunctional

Akamai bot management session — necessary for site protection

Cookie: ak_bmscDomain: .marksandspencer.com
infoCookieFunctional

Cross-site request forgery token — security mechanism

Cookie: __Host-next-auth.csrf-tokenDomain: www.marksandspencer.com
infoCookieFunctional

Java session identifier — necessary for site operation

Cookie: JSESSIONIDDomain: www.marksandspencer.com
infoCookieFunctional

Akamai bot manager — necessary for site protection

Cookie: _abckDomain: .marksandspencer.com
infoCookieFunctional

Akamai bot management — necessary for site protection

Cookie: bm_svDomain: .marksandspencer.com
Compliant37
TikTok Pixel
TikTok Pixel6 findingsID tracked

analytics.tiktok.com, _ttp, _tt_enable_cookie, tt_sessionId, tt_appInfo, tt_pixel_session_index

TikTok Pixel
CompliantNetworkAdvertisingTikTok Pixel

TikTok Pixel (TikTok) loaded correctly after consent

ID: C65RF9P6C8J57OP84M40Host: analytics.tiktok.comFired: 5530ms after load
TikTok Pixel
CompliantCookieAdvertisingTikTok Pixel

TikTok Pixel cookie "_ttp" set correctly after consent

Cookie: _ttpDomain: .tiktok.com
TikTok Pixel
CompliantCookieAdvertisingTikTok Pixel

TikTok Pixel cookie "_tt_enable_cookie" set correctly after consent

Cookie: _tt_enable_cookieDomain: .marksandspencer.com
TikTok Pixel
CompliantStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_sessionId" to sessionStorage correctly after consent

Key: tt_sessionIdType: sessionStorageFired: -21770ms after load
TikTok Pixel
CompliantStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_appInfo" to sessionStorage correctly after consent

Key: tt_appInfoType: sessionStorageFired: -21755ms after load
TikTok Pixel
CompliantStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_pixel_session_index" to sessionStorage correctly after consent

Key: tt_pixel_session_indexType: sessionStorageFired: -21753ms after load
Optimizely
CompliantNetworkAnalyticsOptimizely

Optimizely (Optimizely) loaded correctly after consent

Host: logx.optimizely.comFired: 774ms after load
GA4
CompliantNetworkAnalyticsGA4

GA4 (Google) loaded correctly after consent

Host: www.googletagmanager.comFired: 5459ms after load
Pinterest Tag
Pinterest Tag2 findings

s.pinimg.com, _pin_unauth

Pinterest Tag
CompliantNetworkAdvertisingPinterest Tag

Pinterest Tag (Pinterest) loaded correctly after consent

Host: s.pinimg.comFired: 5530ms after load
Pinterest Tag
CompliantCookieAdvertisingPinterest Tag

Pinterest Tag cookie "_pin_unauth" set correctly after consent

Cookie: _pin_unauthDomain: .marksandspencer.com
Reddit Pixel
Reddit Pixel2 findings

alb.reddit.com, _rdt_uuid

Reddit Pixel
CompliantNetworkAdvertisingReddit Pixel

Reddit Pixel (Reddit) loaded correctly after consent

Host: alb.reddit.comFired: 6267ms after load
Reddit Pixel
CompliantCookieAdvertisingReddit Pixel

Reddit Pixel cookie "_rdt_uuid" set correctly after consent

Cookie: _rdt_uuidDomain: .marksandspencer.com
Meta Pixel
CompliantCookieAdvertisingMeta Pixel

Meta Pixel cookie "_fbp" set correctly after consent

Cookie: _fbpDomain: .marksandspencer.com
OneTrust
CompliantCookieConsent MgmtOneTrust

OneTrust cookie "OptanonAlertBoxClosed" set correctly after consent

Cookie: OptanonAlertBoxClosedDomain: .marksandspencer.com
Microsoft Ads
Microsoft Ads2 findings

_uetsid, _uetvid

Microsoft Ads
CompliantCookieAdvertisingMicrosoft Ads

Microsoft Ads cookie "_uetsid" set correctly after consent

Cookie: _uetsidDomain: .marksandspencer.com
Microsoft Ads
CompliantCookieAdvertisingMicrosoft Ads

Microsoft Ads cookie "_uetvid" set correctly after consent

Cookie: _uetvidDomain: .marksandspencer.com
Adobe Audience Manager
Adobe Audience Manager3 findings

demdex, AMCVS_1E4022CE527845D10A490D4D%40AdobeOrg, dpm

Adobe Audience Manager
CompliantCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "demdex" set correctly after consent

Cookie: demdexDomain: .demdex.netRetention: 180 days after last activity or 10 years when opting out
Adobe Audience Manager
CompliantCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "AMCVS_1E4022CE527845D10A490D4D%40AdobeOrg" set correctly after consent

Cookie: AMCVS_1E4022CE527845D10A490D4D%40AdobeOrgDomain: .marksandspencer.comRetention: Session
Adobe Audience Manager
CompliantCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "dpm" set correctly after consent

Cookie: dpmDomain: .dpm.demdex.netRetention: 180 days
ContentSquare
ContentSquare4 findings

_cs_mk_aa, _cs_c, _cs_s, _cs_id

ContentSquare
CompliantCookieAnalyticsContentSquare

ContentSquare cookie "_cs_mk_aa" set correctly after consent

Cookie: _cs_mk_aaDomain: .marksandspencer.comRetention: 30 minutes
ContentSquare
CompliantCookieAnalyticsContentSquare

ContentSquare cookie "_cs_c" set correctly after consent

Cookie: _cs_cDomain: .marksandspencer.comRetention: 13 months
ContentSquare
CompliantCookieAnalyticsContentSquare

ContentSquare cookie "_cs_s" set correctly after consent

Cookie: _cs_sDomain: .marksandspencer.comRetention: 1 Year
ContentSquare
CompliantCookieAnalyticsContentSquare

ContentSquare cookie "_cs_id" set correctly after consent

Cookie: _cs_idDomain: .marksandspencer.comRetention: 13 months
Bing / Microsoft
CompliantCookieMarketingBing / Microsoft

Bing / Microsoft cookie "MUID" set correctly after consent

Cookie: MUIDDomain: .bing.comRetention: 1 year
Adobe Advertising
CompliantCookieMarketingAdobe Advertising

Adobe Advertising cookie "everest_g_v2" set correctly after consent

Cookie: everest_g_v2Domain: .everesttech.netRetention: 2 years
Adobe Analytics
Adobe Analytics5 findings

s_tp, s_ppv, s_ecid, AMCV_1E4022CE527845D10A490D4D%40AdobeOrg, s_cc

Adobe Analytics
CompliantCookieAnalyticsAdobe Analytics

Adobe Analytics cookie "s_tp" set correctly after consent

Cookie: s_tpDomain: .marksandspencer.comRetention: session
Adobe Analytics
CompliantCookieAnalyticsAdobe Analytics

Adobe Analytics cookie "s_ppv" set correctly after consent

Cookie: s_ppvDomain: .marksandspencer.comRetention: session
Adobe Analytics
CompliantCookieMarketingAdobe Analytics

Adobe Analytics cookie "s_ecid" set correctly after consent

Cookie: s_ecidDomain: .marksandspencer.comRetention: 2 years
Adobe Analytics
CompliantCookieAnalyticsAdobe Analytics

Adobe Analytics cookie "AMCV_1E4022CE527845D10A490D4D%40AdobeOrg" set correctly after consent

Cookie: AMCV_1E4022CE527845D10A490D4D%40AdobeOrgDomain: .marksandspencer.com
Adobe Analytics
CompliantCookieAnalyticsAdobe Analytics

Adobe Analytics cookie "s_cc" set correctly after consent

Cookie: s_ccDomain: .marksandspencer.com
DoubleClick/Google Marketing
CompliantCookieMarketingDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "ar_debug" set correctly after consent

Cookie: ar_debugDomain: .pinterest.comRetention: Persistent
Google Ads
Google Ads2 findings

_gcl_au, _gcl_ls

Google Ads
CompliantCookieAdvertisingGoogle Ads

Google Ads cookie "_gcl_au" set correctly after consent

Cookie: _gcl_auDomain: .marksandspencer.com
Google Ads
CompliantStorageAdvertisingGoogle Ads

Google Ads (Google) wrote "_gcl_ls" to localStorage correctly after consent

Key: _gcl_lsType: localStorageFired: -21491ms after load
Pinterest
CompliantCookieMarketingPinterest

Pinterest cookie "_pinterest_ct_ua" set correctly after consent

Cookie: _pinterest_ct_uaDomain: .ct.pinterest.comRetention: session
CompliantCookieMarketingAwin

Awin cookie "lantern" set correctly after consent

Cookie: lanternDomain: .marksandspencer.comRetention: Awin
TikTok
TikTok2 findings

ttcsid, ttcsid_C65RF9P6C8J57OP84M40

TikTok
CompliantCookieMarketingTikTok

TikTok cookie "ttcsid" set correctly after consent

Cookie: ttcsidDomain: .marksandspencer.comRetention: 1 year
TikTok
CompliantCookieMarketingTikTok

TikTok cookie "ttcsid_C65RF9P6C8J57OP84M40" set correctly after consent

Cookie: ttcsid_C65RF9P6C8J57OP84M40Domain: .marksandspencer.comRetention: 1 year

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan marksandspencer.com

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com