MetLife Cookie Compliance Report

MetLife

metlife.com

Compare

https://metlife.com

Scanned Apr 15, 2026 · 34.8s

Your website score is

5/100

Critical

Grade

BannerConsent Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 11 user data leaks before consent on metlife.com, including Osano (Tracker Tracker), Adobe (Tracker Tracker), Adobe Audience Manager and 1 more.

Security Headers

5/6 present

Strict-Transport-Security

max-age=63172000; includeSubdomains;

Content-Security-Policy

frame-ancestors 'self' metlife.pathfactory.com qa.dentalprovider.metlife.com dentalprovider.metlife.com; upgrade-insecure-requests

X-Frame-Options

SAMEORIGIN

X-Content-Type-Options

nosniff

Referrer-Policy

no-referrer-when-downgrade

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

90/100

Consent Parameters

ParameterDefaultUpdated

Ad Storagedeniedgranted

Ad User Datadeniedgranted

Ad Personalizationdeniedgranted

Analytics Storagedeniedgranted

Functionality Storagegrantedgranted

Personalization Storagedeniedgranted

Security Storagegrantedgranted

Issues (2)

functionality_storage defaults to "granted" — consider defaulting to "denied"

No GTM container detected — consent mode works best with Google Tag Manager

Post-Rejection Audit

Reject Button

Missing

Post-Rejection Fires

0 vendors

Consent Mode

Not Detected

GTM Load

Not detected

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

Consent Record Audit

Issues detected

Consent record stored after interaction

GDPR Art. 7(1)

Found: localStorage:osano_consentmanager_tattles

Record contains timestamp

Art. 7(1)

No timestamp found in consent record

Record contains consent state

Art. 7(1)

Consent state (accepted/rejected) not found in record

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

No way for users to withdraw consent found on page

No cookie settings link, footer link, or floating consent button was detected. GDPR requires users to withdraw consent as easily as they gave it.

Why this matters

Under GDPR Article 7, controllers must be able to demonstrate that consent was given (Art. 7(1)) and ensure users can withdraw consent at any time, as easily as giving it (Art. 7(3)). Sites with no consent record or no withdrawal mechanism cannot legally rely on consent as a lawful basis.

Tracker categories detected

Advertising1 vendor

Analytics3 vendors

Marketing4 vendors

Security1

Functional2 vendors

Critical7

criticalNetworkOsano (Tracker Tracker)

Osano (tracker) loaded before consent

Host: cmp.osano.comFired: 896ms after load

criticalNetworkAdobe (Tracker Tracker)

Adobe (tracker) loaded before consent

Host: adobedc.demdex.netFired: 2061ms after load

Adobe Audience Manager2 findings

demdex, mbox

criticalCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "demdex" set before consent — Unique value with which Audience Manager can identify a user. Used, among others, for identification, segmentation, modeling and reporting purposes.

Cookie: demdexDomain: .demdex.netRetention: 180 days after last activity or 10 years when opting out

criticalCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "mbox" set before consent — Adobe Target uses cookies to give website operators the ability to test which online content and offers are more relevant to visitors.

Cookie: mboxDomain: .metlife.comRetention: 2 years

criticalCookieAnalyticsAdobe Analytics

Adobe Analytics cookie "AMCV_DD8D65EC5717A8FA7F000101%40AdobeOrg" set before consent

Cookie: AMCV_DD8D65EC5717A8FA7F000101%40AdobeOrgDomain: .metlife.com

criticalConsent

No "reject all" option found — users cannot refuse non-essential cookies (ICO guidance requires this)

criticalConsent Record

No recognizable consent withdrawal mechanism detected — GDPR Article 7(3) requires users can withdraw consent as easily as giving it (cookie settings link or floating button expected)

Warnings6

warningNetwork

Unknown third-party request to assets.adobedtm.com before consent

Host: assets.adobedtm.comFired: 896ms after load

warningStorage

sessionStorage key "mlSessionUUID" written before consent

Key: mlSessionUUIDType: sessionStorageFired: 1422ms after load

warningStorage

sessionStorage key "com.adobe.reactor.core.visitorTracking.landingPage" written before consent

Key: com.adobe.reactor.core.visitorTracking.landingPageType: sessionStorageFired: 2043ms after load

warningStorage

sessionStorage key "com.adobe.reactor.core.visitorTracking.trafficSource" written before consent

Key: com.adobe.reactor.core.visitorTracking.trafficSourceType: sessionStorageFired: 2044ms after load

warningStorage

localStorage key "_1776282798195" written before consent

Key: _1776282798195Type: localStorageFired: 3206ms after load

warningStorage

sessionStorage key "__sak" written before consent

Key: __sakType: sessionStorageFired: 3419ms after load

Info2

Google (Cdn)2 findings

maps.googleapis.com, maps.gstatic.com

infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: maps.googleapis.comFired: 1209ms after load

infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: maps.gstatic.comFired: 3449ms after load

Compliant13

CompliantNetworkAnalyticsAdobe Analytics

Adobe Analytics (Adobe) loaded correctly after consent

Host: edge.adobedc.netFired: 1689ms after load

Marketo2 findings

munchkin.marketo.net, _mkto_trk

CompliantNetworkMarketingMarketo

Marketo (Adobe) loaded correctly after consent

Host: munchkin.marketo.netFired: 2773ms after load

CompliantCookieMarketingMarketo

Marketo cookie "_mkto_trk" set correctly after consent

Cookie: _mkto_trkDomain: .metlife.com

CompliantNetworkAnalyticsGA4

GA4 (Google) loaded correctly after consent

Host: www.googletagmanager.comFired: 3189ms after load

Google Ads3 findings

www.google.com, _gcl_au, _gcl_ls

CompliantNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded correctly after consent

Host: www.google.comFired: 3464ms after load

CompliantCookieAdvertisingGoogle Ads

Google Ads cookie "_gcl_au" set correctly after consent

Cookie: _gcl_auDomain: .metlife.com

CompliantStorageAdvertisingGoogle Ads

Google Ads (Google) wrote "_gcl_ls" to localStorage correctly after consent

Key: _gcl_lsType: localStorageFired: -18527ms after load

Osano2 findings

osano_consentmanager_uuid, osano_consentmanager

CompliantCookieFunctionalOsano

Osano cookie "osano_consentmanager_uuid" set correctly after consent

Cookie: osano_consentmanager_uuidDomain: .metlife.comRetention: 1 year

CompliantCookieFunctionalOsano

Osano cookie "osano_consentmanager" set correctly after consent

Cookie: osano_consentmanagerDomain: .metlife.comRetention: 1 year

DoubleClick/Google Marketing2 findings

test_cookie, IDE

CompliantCookieFunctionalDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "test_cookie" set correctly after consent

Cookie: test_cookieDomain: .doubleclick.netRetention: 1 year

CompliantCookieMarketingDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "IDE" set correctly after consent

Cookie: IDEDomain: .doubleclick.netRetention: 2 years

CompliantCookieAnalyticsLinkedIn

LinkedIn cookie "vid" set correctly after consent

Cookie: vidDomain: .metlife.comRetention: 1 year

CompliantCookieMarketingLiveIntent

LiveIntent cookie "lidid" set correctly after consent

Cookie: lididDomain: .liadm.comRetention: 2 years

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan metlife.com →

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com