Salesforce Cookie Compliance Report

Salesforce

salesforce.com

Compare

https://salesforce.com

Scanned Apr 15, 2026 · 41.5s

Your website score is

0/100

Critical

Grade

BannerConsent Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 16 user data leaks before consent on salesforce.com, including Akamai (Analytics Tracker).

Security Headers

4/6 present

Strict-Transport-Security

max-age=86400

Content-Security-Policy

Add a Content-Security-Policy header to prevent XSS and code injection attacks

X-Frame-Options

SAMEORIGIN

X-Content-Type-Options

nosniff

Referrer-Policy

strict-origin-when-cross-origin

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

70/100

GTM Containers:GTM-WRXS6THGTM-N4QVCLK

Consent Parameters

ParameterDefaultUpdated

Ad Storagenot_setgranted

Ad User Datanot_setgranted

Ad Personalizationnot_setgranted

Analytics Storagenot_setgranted

Functionality Storagenot_setnot_set

Personalization Storagenot_setgranted

Security Storagenot_setnot_set

Issues (1)

No default consent call detected — consent mode may not be initialised correctly

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

0 vendors

Consent Mode

Not Detected

GTM Load

1108ms pre-consent

Google Tag Manager(GTM-WRXS6TH)

Loaded 1108ms after page load — before the consent banner was detected (banner appeared at 8199ms). Per a 2022 German court ruling, GTM itself transmits the user's IP to Google pre-consent.

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

✓ gtag('consent', 'update') call detected on rejection

No tracking vendors detected firing after rejection

Consent Record Audit

Issues detected

Consent record stored after interaction

GDPR Art. 7(1)

Found: OptanonConsent (OneTrust)

Record contains timestamp

Art. 7(1)

Timestamp field detected

Record contains consent state

Art. 7(1)

Accept/reject state detected

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

No way for users to withdraw consent found on page

No cookie settings link, footer link, or floating consent button was detected. GDPR requires users to withdraw consent as easily as they gave it.

Why this matters

Under GDPR Article 7, controllers must be able to demonstrate that consent was given (Art. 7(1)) and ensure users can withdraw consent at any time, as easily as giving it (Art. 7(3)). Sites with no consent record or no withdrawal mechanism cannot legally rely on consent as a lawful basis.

Tracker categories detected

Advertising3 vendors

Analytics4 vendors

Marketing6 vendors

Security2

Functional5 vendors

Tag Management1 vendor

Critical3

Akamai (Analytics Tracker)2 findings

s.go-mpulse.net, c.go-mpulse.net

criticalNetworkAnalyticsAkamai (Analytics Tracker)

Akamai (analytics) loaded before consent

Host: s.go-mpulse.netFired: 992ms after load

criticalNetworkAnalyticsAkamai (Analytics Tracker)

Akamai (analytics) loaded before consent

Host: c.go-mpulse.netFired: 2505ms after load

criticalConsent Record

No recognizable consent withdrawal mechanism detected — GDPR Article 7(3) requires users can withdraw consent as easily as giving it (cookie settings link or floating button expected)

Warnings14

Google Tag Manager2 findingsID tracked

www.googletagmanager.com

warningNetworkTag ManagementGoogle Tag Manager

Google Tag Manager loads before consent — this is expected and required for GCM v2 to initialise consent defaults before any tags fire

ID: GTM-WRXS6THHost: www.googletagmanager.comFired: 976ms after load

warningGTMTag ManagementGoogle Tag Manager

GTM loaded before consent banner — IP address transmitted to Google pre-consent (container: GTM-WRXS6TH)

warningNetwork

Unknown third-party request to a.sfdcstatic.com before consent

Host: a.sfdcstatic.comFired: 817ms after load

warningNetwork

Unknown third-party request to wp.sfdcdigital.com before consent

Host: wp.sfdcdigital.comFired: 830ms after load

warningNetwork

Unknown third-party request to play.vidyard.com before consent

Host: play.vidyard.comFired: 2684ms after load

warningNetwork

Unknown third-party request to cdn.vidyard.com before consent

Host: cdn.vidyard.comFired: 2824ms after load

warningNetwork

Unknown third-party request to trial-eum-clientnsv4-s.akamaihd.net before consent

Host: trial-eum-clientnsv4-s.akamaihd.netFired: 3971ms after load

warningNetwork

Unknown third-party request to trial-eum-clienttons-s.akamaihd.net before consent

Host: trial-eum-clienttons-s.akamaihd.netFired: 3972ms after load

warningNetwork

Unknown third-party request to 209-38-97-45_s-96-16-53-155_ts-1776280787-clienttons-s.akamaihd.net before consent

Host: 209-38-97-45_s-96-16-53-155_ts-1776280787-clienttons-s.akamaihd.netFired: 4002ms after load

warningNetwork

Unknown third-party request to 2etgclk7mvfnk2o74tjq-pauh0y-36258ae27-clientnsv4-s.akamaihd.net before consent

Host: 2etgclk7mvfnk2o74tjq-pauh0y-36258ae27-clientnsv4-s.akamaihd.netFired: 4010ms after load

warningStorage

localStorage key "_boomr_clss" written before consent

Key: _boomr_clssType: localStorageFired: 1356ms after load

warningStorage

sessionStorage key "usessid" written before consent

Key: usessidType: sessionStorageFired: 1527ms after load

warningStorage

localStorage key "page_builder_miaw_ui_WEB_STORAGE" written before consent

Key: page_builder_miaw_ui_WEB_STORAGEType: localStorageFired: 2259ms after load

warningStorage

localStorage key "_boomr_akamaiXhrRetry" written before consent

Key: _boomr_akamaiXhrRetryType: localStorageFired: 3760ms after load

Info5

infoNetworkConsent MgmtOneTrust CMP

OneTrust CMP (OneTrust) loaded before consent: OneTrust geo-lookup — determines which consent banner to show based on user location

Host: geolocation.onetrust.comFired: 1304ms after load

infoCookieFunctionalAkamai

Akamai cookie "AKA_A2" set before consent — Used for Akamai's Advanced Acceleration feature, intended to improve web performance

Cookie: AKA_A2Domain: .salesforce.comRetention: 1 hour or longer

infoCookieConsent MgmtOneTrust

OneTrust cookie "OptanonConsent" set before consent

Cookie: OptanonConsentDomain: .salesforce.com

infoStorageFunctionallocalStorage availability probe

localStorage availability probe (null) wrote "__storage_test__" to localStorage before consent

Key: __storage_test__Type: localStorageFired: 3118ms after load

infoCookieFunctional

Akamai bot manager — necessary for site protection

Cookie: _abckDomain: .salesforce.com

Compliant30

Google Analytics2 findingsID tracked

region1.analytics.google.com, www.google-analytics.com

CompliantNetworkAnalyticsGA4

GA4 (Google) loaded correctly after consent

ID: G-3VHBZ2DJWPHost: region1.analytics.google.comFired: 5942ms after load

CompliantNetworkAnalyticsGA4

GA4 (Google) loaded correctly after consent

Host: www.google-analytics.comFired: 3792ms after load

Optimizely4 findings

cdn.optimizely.com, a10681260716.cdn.optimizely.com, logx.optimizely.com, optimizelyEndUserId

CompliantNetworkAnalyticsOptimizely

Optimizely (Optimizely) loaded correctly after consent

Host: cdn.optimizely.comFired: 1179ms after load

CompliantNetworkAnalyticsOptimizely

Optimizely (Optimizely) loaded correctly after consent

Host: a10681260716.cdn.optimizely.comFired: 2610ms after load

CompliantNetworkAnalyticsOptimizely

Optimizely (Optimizely) loaded correctly after consent

Host: logx.optimizely.comFired: 3911ms after load

CompliantCookieAnalyticsOptimizely

Optimizely cookie "optimizelyEndUserId" set correctly after consent

Cookie: optimizelyEndUserIdDomain: .salesforce.com

CompliantNetworkAdvertisingLinkedIn Insight Tag

LinkedIn Insight Tag (LinkedIn) loaded correctly after consent

Host: snap.licdn.comFired: 3792ms after load

Google Ads4 findings

www.google.com, googleads.g.doubleclick.net, _gcl_au, _gcl_ls

CompliantNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded correctly after consent

Host: www.google.comFired: 3799ms after load

CompliantNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded correctly after consent

Host: googleads.g.doubleclick.netFired: 4995ms after load

CompliantCookieAdvertisingGoogle Ads

Google Ads cookie "_gcl_au" set correctly after consent

Cookie: _gcl_auDomain: .salesforce.com

CompliantStorageAdvertisingGoogle Ads

Google Ads (Google) wrote "_gcl_ls" to localStorage correctly after consent

Key: _gcl_lsType: localStorageFired: 3517ms after load

Reddit Pixel2 findings

alb.reddit.com, _rdt_uuid

CompliantNetworkAdvertisingReddit Pixel

Reddit Pixel (Reddit) loaded correctly after consent

Host: alb.reddit.comFired: 5963ms after load

CompliantCookieAdvertisingReddit Pixel

Reddit Pixel cookie "_rdt_uuid" set correctly after consent

Cookie: _rdt_uuidDomain: .salesforce.com

CompliantCookieConsent MgmtOneTrust

OneTrust cookie "OptanonAlertBoxClosed" set correctly after consent

Cookie: OptanonAlertBoxClosedDomain: .salesforce.com

LinkedIn3 findings

lidc, bcookie, li_gc

CompliantCookieMarketingLinkedIn

LinkedIn cookie "lidc" set correctly after consent

Cookie: lidcDomain: .linkedin.comRetention: 1 day

CompliantCookieMarketingLinkedIn

LinkedIn cookie "bcookie" set correctly after consent

Cookie: bcookieDomain: .linkedin.comRetention: 1 year

CompliantCookieFunctionalLinkedIn

LinkedIn cookie "li_gc" set correctly after consent

Cookie: li_gcDomain: .linkedin.comRetention: 2 years

CompliantCookieMarketingPlatform161

Platform161 cookie "tuuid" set correctly after consent

Cookie: tuuidDomain: .company-target.comRetention: 13 months

CompliantCookieMarketingbidswitch.net

bidswitch.net cookie "tuuid_lu" set correctly after consent

Cookie: tuuid_luDomain: .company-target.comRetention: 3 months

Casale Media3 findings

CMID, CMPS, CMPRO

CompliantCookieMarketingCasale Media

Casale Media cookie "CMID" set correctly after consent

Cookie: CMIDDomain: .casalemedia.comRetention: 1 day

CompliantCookieMarketingCasale Media

Casale Media cookie "CMPS" set correctly after consent

Cookie: CMPSDomain: .casalemedia.comRetention: 1 day

CompliantCookieMarketingCasale Media

Casale Media cookie "CMPRO" set correctly after consent

Cookie: CMPRODomain: .casalemedia.comRetention: 1 day

Magnite2 findings

tvid, tv_UIDM

CompliantCookieMarketingMagnite

Magnite cookie "tvid" set correctly after consent

Cookie: tvidDomain: .tremorhub.comRetention: 1 year

CompliantCookieMarketingMagnite

Magnite cookie "tv_UIDM" set correctly after consent

Cookie: tv_UIDMDomain: .tremorhub.comRetention: 30 days

ContentSquare3 findings

_cs_c, _cs_id, _cs_s

CompliantCookieAnalyticsContentSquare

ContentSquare cookie "_cs_c" set correctly after consent

Cookie: _cs_cDomain: .salesforce.comRetention: 13 months

CompliantCookieAnalyticsContentSquare

ContentSquare cookie "_cs_id" set correctly after consent

Cookie: _cs_idDomain: .salesforce.comRetention: 13 months

CompliantCookieAnalyticsContentSquare

ContentSquare cookie "_cs_s" set correctly after consent

Cookie: _cs_sDomain: .salesforce.comRetention: 1 Year

CompliantCookieFunctionalTripadvisor

Tripadvisor cookie "RT" set correctly after consent

Cookie: RTDomain: .www.salesforce.comRetention: 399 days

CompliantCookieFunctionalSalesforce

Salesforce cookie "webact" set correctly after consent

Cookie: webactDomain: .salesforce.comRetention: 1 year

CompliantCookieMarketingDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "IDE" set correctly after consent

Cookie: IDEDomain: .doubleclick.netRetention: 2 years

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan salesforce.com →

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com