Sanofi Cookie Compliance Report

Sanofi

sanofi.com

Compare

https://sanofi.com

Scanned Apr 15, 2026 · 36.7s

Your website score is

65/100

Needs Work

Grade

C65

BannerConsent Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 8 user data leaks before consent on sanofi.com.

Security Headers

5/6 present

Strict-Transport-Security

max-age=31536000

Content-Security-Policy

default-src https: 'unsafe-eval' 'unsafe-inline' 'self' ws: data:; worker-src blob:; object-src 'none'; frame-ancestors 'none'

X-Frame-Options

SAMEORIGIN

X-Content-Type-Options

nosniff

Referrer-Policy

strict-origin-when-cross-origin

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

70/100

GTM Containers:GTM-N67QVH3GTM-W5BRX7C2

Consent Parameters

ParameterDefaultUpdated

Ad Storagenot_setgranted

Ad User Datanot_setgranted

Ad Personalizationnot_setgranted

Analytics Storagenot_setgranted

Functionality Storagenot_setnot_set

Personalization Storagenot_setnot_set

Security Storagenot_setnot_set

Issues (1)

No default consent call detected — consent mode may not be initialised correctly

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

0 vendors

Consent Mode

Not Detected

GTM Load

1995ms pre-consent

Google Tag Manager(GTM-N67QVH3)

Loaded 1995ms after page load — before the consent banner was detected (banner appeared at 7624ms). Per a 2022 German court ruling, GTM itself transmits the user's IP to Google pre-consent.

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

✓ gtag('consent', 'update') call detected on rejection

No tracking vendors detected firing after rejection

Consent Record Audit

Issues detected

Consent record stored after interaction

GDPR Art. 7(1)

Found: OptanonConsent (OneTrust)

Record contains timestamp

Art. 7(1)

Timestamp field detected

Record contains consent state

Art. 7(1)

Accept/reject state detected

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

No way for users to withdraw consent found on page

No cookie settings link, footer link, or floating consent button was detected. GDPR requires users to withdraw consent as easily as they gave it.

Why this matters

Under GDPR Article 7, controllers must be able to demonstrate that consent was given (Art. 7(1)) and ensure users can withdraw consent at any time, as easily as giving it (Art. 7(3)). Sites with no consent record or no withdrawal mechanism cannot legally rely on consent as a lawful basis.

Tracker categories detected

Advertising5 vendors

Analytics3 vendors

Marketing1 vendor

Security1

Tag Management1 vendor

Critical1

criticalConsent Record

No recognizable consent withdrawal mechanism detected — GDPR Article 7(3) requires users can withdraw consent as easily as giving it (cookie settings link or floating button expected)

Warnings8

Google Tag Manager2 findingsID tracked

www.googletagmanager.com

warningNetworkTag ManagementGoogle Tag Manager

Google Tag Manager loads before consent — this is expected and required for GCM v2 to initialise consent defaults before any tags fire

ID: GTM-N67QVH3Host: www.googletagmanager.comFired: 1880ms after load

warningGTMTag ManagementGoogle Tag Manager

GTM loaded before consent banner — IP address transmitted to Google pre-consent (container: GTM-N67QVH3)

LaunchDarkly2 findings

app.launchdarkly.com, events.launchdarkly.com

warningNetworkAnalyticsLaunchDarkly

LaunchDarkly (LaunchDarkly) loaded before consent: LaunchDarkly feature flag management

Host: app.launchdarkly.comFired: 1913ms after load

warningNetworkAnalyticsLaunchDarkly

LaunchDarkly (LaunchDarkly) loaded before consent: LaunchDarkly event tracking endpoint

Host: events.launchdarkly.comFired: 3064ms after load

warningNetwork

Unknown third-party request to cdn.prod.accelerator.sanofi before consent

Host: cdn.prod.accelerator.sanofiFired: 1445ms after load

warningNetwork

Unknown third-party request to clientstream.launchdarkly.com before consent

Host: clientstream.launchdarkly.comFired: 2726ms after load

warningStorage

localStorage key "ld:63779209b9abad1176b1c8de:$diagnostics" written before consent

Key: ld:63779209b9abad1176b1c8de:$diagnosticsType: localStorageFired: 3056ms after load

warningStorage

sessionStorage key "__sak" written before consent

Key: __sakType: sessionStorageFired: 6352ms after load

Info6

Google (Cdn)2 findings

maps.googleapis.com, fonts.googleapis.com

infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: maps.googleapis.comFired: 1110ms after load

infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: fonts.googleapis.comFired: 1310ms after load

OneTrust2 findings

cdn.cookielaw.org, OptanonConsent

infoNetworkConsent MgmtOneTrust

OneTrust (OneTrust) loaded before consent: OneTrust cookie consent management

Host: cdn.cookielaw.orgFired: 1880ms after load

infoCookieConsent MgmtOneTrust

OneTrust cookie "OptanonConsent" set before consent

Cookie: OptanonConsentDomain: .www.sanofi.com

infoNetworkConsent MgmtOneTrust CMP

OneTrust CMP (OneTrust) loaded before consent: OneTrust geo-lookup — determines which consent banner to show based on user location

Host: geolocation.onetrust.comFired: 3064ms after load

infoNetworkVimeo (Cdn)

Vimeo (cdn) loaded before consent

Host: extend.vimeocdn.comFired: 3276ms after load

Compliant25

TikTok Pixel6 findingsID tracked

analytics.tiktok.com, _ttp, _tt_enable_cookie, tt_sessionId, tt_appInfo, tt_pixel_session_index

CompliantNetworkAdvertisingTikTok Pixel

TikTok Pixel (TikTok) loaded correctly after consent

ID: CSRP4P3C77U9T3GK1F80Host: analytics.tiktok.comFired: 3706ms after load

CompliantCookieAdvertisingTikTok Pixel

TikTok Pixel cookie "_ttp" set correctly after consent

Cookie: _ttpDomain: .tiktok.com

CompliantCookieAdvertisingTikTok Pixel

TikTok Pixel cookie "_tt_enable_cookie" set correctly after consent

Cookie: _tt_enable_cookieDomain: .sanofi.com

CompliantStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_sessionId" to sessionStorage correctly after consent

Key: tt_sessionIdType: sessionStorageFired: -22653ms after load

CompliantStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_appInfo" to sessionStorage correctly after consent

Key: tt_appInfoType: sessionStorageFired: -22642ms after load

CompliantStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_pixel_session_index" to sessionStorage correctly after consent

Key: tt_pixel_session_indexType: sessionStorageFired: -22641ms after load

Meta Pixel3 findingsID tracked

www.facebook.com, connect.facebook.net, _fbp

CompliantNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded correctly after consent

ID: 582098904580633Host: www.facebook.comFired: 4169ms after load

CompliantNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded correctly after consent

Host: connect.facebook.netFired: 3706ms after load

CompliantCookieAdvertisingMeta Pixel

Meta Pixel cookie "_fbp" set correctly after consent

Cookie: _fbpDomain: .sanofi.com

Mouseflow3 findings

cdn.mouseflow.com, mf_user, mf_9222af95-fe63-4cf0-a5a5-eadce27a5cee

CompliantNetworkAnalyticsMouseflow

Mouseflow (Mouseflow) loaded correctly after consent

Host: cdn.mouseflow.comFired: 3706ms after load

CompliantCookieAnalyticsMouseflow

Mouseflow cookie "mf_user" set correctly after consent

Cookie: mf_userDomain: .sanofi.com

CompliantCookieAnalyticsMouseflow

Mouseflow cookie "mf_9222af95-fe63-4cf0-a5a5-eadce27a5cee" set correctly after consent

Cookie: mf_9222af95-fe63-4cf0-a5a5-eadce27a5ceeDomain: .sanofi.com

CompliantNetworkAdvertisingLinkedIn Insight Tag

LinkedIn Insight Tag (LinkedIn) loaded correctly after consent

Host: snap.licdn.comFired: 3706ms after load

Google Ads3 findings

www.google.com, _gcl_au, _gcl_ls

CompliantNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded correctly after consent

Host: www.google.comFired: 3790ms after load

CompliantCookieAdvertisingGoogle Ads

Google Ads cookie "_gcl_au" set correctly after consent

Cookie: _gcl_auDomain: .sanofi.com

CompliantStorageAdvertisingGoogle Ads

Google Ads (Google) wrote "_gcl_ls" to localStorage correctly after consent

Key: _gcl_lsType: localStorageFired: 3601ms after load

Reddit Pixel2 findings

alb.reddit.com, _rdt_uuid

CompliantNetworkAdvertisingReddit Pixel

Reddit Pixel (Reddit) loaded correctly after consent

Host: alb.reddit.comFired: 4214ms after load

CompliantCookieAdvertisingReddit Pixel

Reddit Pixel cookie "_rdt_uuid" set correctly after consent

Cookie: _rdt_uuidDomain: .sanofi.com

CompliantCookieConsent MgmtOneTrust

OneTrust cookie "OptanonAlertBoxClosed" set correctly after consent

Cookie: OptanonAlertBoxClosedDomain: .www.sanofi.com

Google Analytics3 findings

_ga_MVXSJ2BRYR, _ga, _ga_QQ0NETVGN9

CompliantCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_MVXSJ2BRYR" set correctly after consent

Cookie: _ga_MVXSJ2BRYRDomain: .sanofi.com

CompliantCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga" set correctly after consent

Cookie: _gaDomain: .sanofi.com

CompliantCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_QQ0NETVGN9" set correctly after consent

Cookie: _ga_QQ0NETVGN9Domain: .sanofi.com

TikTok3 findings

ttcsid_CSRP4P3C77U9T3GK1F80, ttcsid, ttcsid_D3IIFFRC77U8DNMA3KH0

CompliantCookieMarketingTikTok

TikTok cookie "ttcsid_CSRP4P3C77U9T3GK1F80" set correctly after consent

Cookie: ttcsid_CSRP4P3C77U9T3GK1F80Domain: .sanofi.comRetention: 1 year

CompliantCookieMarketingTikTok

TikTok cookie "ttcsid" set correctly after consent

Cookie: ttcsidDomain: .sanofi.comRetention: 1 year

CompliantCookieMarketingTikTok

TikTok cookie "ttcsid_D3IIFFRC77U8DNMA3KH0" set correctly after consent

Cookie: ttcsid_D3IIFFRC77U8DNMA3KH0Domain: .sanofi.comRetention: 1 year

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan sanofi.com →

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com