Charles Schwab

schwab.com

Compare

https://schwab.com

Scanned Apr 15, 2026 · 38.0s

Your website score is

0/100
Critical

Grade

F0

Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 19 user data leaks before consent on schwab.com, including Akamai (Analytics Tracker), Tealium (Tracker Tracker).

Security Headers

4/6 present

Strict-Transport-Security

max-age=31536000; includeSubDomains

Content-Security-Policy

frame-ancestors 'self' http://*.schwab.com https://*.schwab.com https://content.schwab.com https://client.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabtrustbankcollectives.com

X-Frame-Options

SAMEORIGIN

X-Content-Type-Options

nosniff

Referrer-Policy

Set a Referrer-Policy header to control how much referrer information is shared

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

Not Detected

Google Consent Mode v2 was not found on this page. GCM v2 allows Google's tags to adjust their behavior based on user consent, and is required for compliant advertising measurement in the EU. Without it, your Google Ads and GA4 conversions may be impacted after consent is declined.

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

1 vendor

Consent Mode

Not Detected

GTM Load

Not detected

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

Vendors firing after rejection (1)

VendorCategoryTimingURL
OneTrust — OneTrustconsent_management17081mscdn.cookielaw.org

Consent Record Audit

Pass

Consent record stored after interaction

GDPR Art. 7(1)

Found: OptanonConsent (OneTrust)

Record contains timestamp

Art. 7(1)

Timestamp field detected

Record contains consent state

Art. 7(1)

Accept/reject state detected

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

Cookie settings link / floating button found

Consent record and withdrawal mechanism are both correctly implemented

Tracker categories detected

Advertising6 vendors
Analytics4 vendors
Marketing8 vendors
Security2
Functional3 vendors
Critical6
Akamai (Analytics Tracker)
Akamai (Analytics Tracker)4 findings

s.go-mpulse.net, s2.go-mpulse.net, c.go-mpulse.net, 684dd331.akstat.io

Akamai (Analytics Tracker)
criticalNetworkAnalyticsAkamai (Analytics Tracker)

Akamai (analytics) loaded before consent

Host: s.go-mpulse.netFired: 1218ms after load
Akamai (Analytics Tracker)
criticalNetworkAnalyticsAkamai (Analytics Tracker)

Akamai (analytics) loaded before consent

Host: s2.go-mpulse.netFired: 1856ms after load
Akamai (Analytics Tracker)
criticalNetworkAnalyticsAkamai (Analytics Tracker)

Akamai (analytics) loaded before consent

Host: c.go-mpulse.netFired: 2620ms after load
Akamai (Analytics Tracker)
criticalNetworkAnalyticsAkamai (Analytics Tracker)

Akamai (analytics) loaded before consent

Host: 684dd331.akstat.ioFired: 5607ms after load
Tealium (Tracker Tracker)
criticalNetworkTealium (Tracker Tracker)

Tealium (tracker) loaded before consent

Host: tags.tiqcdn.comFired: 2261ms after load
OneTrust — OneTrust
criticalPost-RejectionConsent MgmtOneTrust — OneTrust

OneTrust — OneTrust fires after user rejected consent

Fired: 17081ms after load
Warnings14
LaunchDarkly
LaunchDarkly2 findings

app.launchdarkly.com, events.launchdarkly.com

LaunchDarkly
warningNetworkAnalyticsLaunchDarkly

LaunchDarkly (LaunchDarkly) loaded before consent: LaunchDarkly feature flag management

Host: app.launchdarkly.comFired: 2649ms after load
LaunchDarkly
warningNetworkAnalyticsLaunchDarkly

LaunchDarkly (LaunchDarkly) loaded before consent: LaunchDarkly event tracking endpoint

Host: events.launchdarkly.comFired: 4677ms after load
vendor logo
warningNetwork

Unknown third-party request to www.glancecdn.net before consent

Host: www.glancecdn.netFired: 922ms after load
vendor logo
warningNetwork

Unknown third-party request to storage.glancecdn.net before consent

Host: storage.glancecdn.netFired: 1384ms after load
vendor logo
warningNetwork

Unknown third-party request to clientstream.launchdarkly.com before consent

Host: clientstream.launchdarkly.comFired: 2878ms after load
warningNetwork

Unknown third-party request to trial-eum-clientnsv4-s.akamaihd.net before consent

Host: trial-eum-clientnsv4-s.akamaihd.netFired: 5286ms after load
warningNetwork

Unknown third-party request to trial-eum-clienttons-s.akamaihd.net before consent

Host: trial-eum-clienttons-s.akamaihd.netFired: 5286ms after load
warningNetwork

Unknown third-party request to 2etgcllaca2ym2o77ufq-px1oej-40a7bd921-clientnsv4-s.akamaihd.net before consent

Host: 2etgcllaca2ym2o77ufq-px1oej-40a7bd921-clientnsv4-s.akamaihd.netFired: 5317ms after load
warningNetwork

Unknown third-party request to 209-38-97-45_s-23-209-125-22_ts-1776286987-clienttons-s.akamaihd.net before consent

Host: 209-38-97-45_s-23-209-125-22_ts-1776286987-clienttons-s.akamaihd.netFired: 5324ms after load
warningNetwork

Unknown third-party request to 2etgcllaca2ym2o77ufq-pzn8yg-2b0c579ac-clientnsv4-s.akamaihd.net before consent

Host: 2etgcllaca2ym2o77ufq-pzn8yg-2b0c579ac-clientnsv4-s.akamaihd.netFired: 5767ms after load
warningStorage

localStorage key "_boomr_clss" written before consent

Key: _boomr_clssType: localStorageFired: 1523ms after load
warningStorage

localStorage key "dummy" written before consent

Key: dummyType: localStorageFired: 1686ms after load
warningStorage

localStorage key "ak_a" written before consent

Key: ak_aType: localStorageFired: 1774ms after load
warningStorage

localStorage key "_boomr_akamaiXhrRetry" written before consent

Key: _boomr_akamaiXhrRetryType: localStorageFired: 5556ms after load
Info8
OneTrust
OneTrust2 findings

cdn.cookielaw.org, OptanonConsent

OneTrust
infoNetworkConsent MgmtOneTrust

OneTrust (OneTrust) loaded before consent: OneTrust cookie consent management

Host: cdn.cookielaw.orgFired: 3007ms after load
OneTrust
infoCookieConsent MgmtOneTrust

OneTrust cookie "OptanonConsent" set before consent

Cookie: OptanonConsentDomain: .schwab.com
Google
infoCookieFunctionalGoogle

Google cookie "GCLB" set before consent — This cookie is used in context with load balancing - This optimizes the response rate between the visitor and the site, by distributing the traffic load on multiple network links or servers.

Cookie: GCLBDomain: tsdrs.schwab.comRetention: Session
infoCookieFunctionalTripadvisor

Tripadvisor cookie "RT" set before consent — This cookie is used to identify the visitor through an application. This allows the visitor to login to a website through their LinkedIn application for example.

Cookie: RTDomain: .sws-gateway-nr.schwab.comRetention: 399 days
infoCookieFunctional

Akamai bot management session — necessary for site protection

Cookie: ak_bmscDomain: .schwab.com
infoCookieFunctional

Akamai bot manager — necessary for site protection

Cookie: _abckDomain: .schwab.com
infoCookieFunctional

Akamai bot management — necessary for site protection

Cookie: bm_svDomain: .schwab.com
infoCookieFunctional

Cloudflare bot management — necessary for site operation

Cookie: __cf_bmDomain: .tsdrs.schwab.com
Compliant41
TikTok Pixel
TikTok Pixel6 findingsID tracked

analytics.tiktok.com, analytics-ipv6.tiktokw.us, _ttp, tt_sessionId, tt_appInfo, tt_pixel_session_index

TikTok Pixel
CompliantNetworkAdvertisingTikTok Pixel

TikTok Pixel (TikTok) loaded correctly after consent

ID: C7G74JISLUCJB6OQQM8GHost: analytics.tiktok.comFired: 3436ms after load
TikTok Pixel
CompliantNetworkAdvertisingTikTok Pixel

TikTok Pixel (TikTok) loaded correctly after consent

Host: analytics-ipv6.tiktokw.usFired: 5266ms after load
TikTok Pixel
CompliantCookieAdvertisingTikTok Pixel

TikTok Pixel cookie "_ttp" set correctly after consent

Cookie: _ttpDomain: .tiktok.com
TikTok Pixel
CompliantStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_sessionId" to sessionStorage correctly after consent

Key: tt_sessionIdType: sessionStorageFired: 5237ms after load
TikTok Pixel
CompliantStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_appInfo" to sessionStorage correctly after consent

Key: tt_appInfoType: sessionStorageFired: 5247ms after load
TikTok Pixel
CompliantStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_pixel_session_index" to sessionStorage correctly after consent

Key: tt_pixel_session_indexType: sessionStorageFired: 5248ms after load
Pinterest Tag
Pinterest Tag3 findingsID tracked

ct.pinterest.com, s.pinimg.com, _pin_unauth

Pinterest Tag
CompliantNetworkAdvertisingPinterest Tag

Pinterest Tag (Pinterest) loaded correctly after consent

ID: 2613402593865Host: ct.pinterest.comFired: 4868ms after load
Pinterest Tag
CompliantNetworkAdvertisingPinterest Tag

Pinterest Tag (Pinterest) loaded correctly after consent

Host: s.pinimg.comFired: 3435ms after load
Pinterest Tag
CompliantCookieAdvertisingPinterest Tag

Pinterest Tag cookie "_pin_unauth" set correctly after consent

Cookie: _pin_unauthDomain: .schwab.com
Meta Pixel
Meta Pixel2 findingsID tracked

www.facebook.com, connect.facebook.net

Meta Pixel
CompliantNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded correctly after consent

ID: 723526971112106Host: www.facebook.comFired: 5346ms after load
Meta Pixel
CompliantNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded correctly after consent

Host: connect.facebook.netFired: 3388ms after load
Twitter/X Pixel
CompliantNetworkAdvertisingTwitter/X Pixel

Twitter/X Pixel (X (Twitter)) loaded correctly after consent

Host: static.ads-twitter.comFired: 3416ms after load
GA4
CompliantNetworkAnalyticsGA4

GA4 (Google) loaded correctly after consent

Host: www.googletagmanager.comFired: 3435ms after load
Google Ads
Google Ads3 findings

www.google.com, _gcl_au, _gcl_ls

Google Ads
CompliantNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded correctly after consent

Host: www.google.comFired: 4070ms after load
Google Ads
CompliantCookieAdvertisingGoogle Ads

Google Ads cookie "_gcl_au" set correctly after consent

Cookie: _gcl_auDomain: .schwab.com
Google Ads
CompliantStorageAdvertisingGoogle Ads

Google Ads (Google) wrote "_gcl_ls" to localStorage correctly after consent

Key: _gcl_lsType: localStorageFired: 4030ms after load
Reddit Pixel
Reddit Pixel2 findings

alb.reddit.com, _rdt_uuid

Reddit Pixel
CompliantNetworkAdvertisingReddit Pixel

Reddit Pixel (Reddit) loaded correctly after consent

Host: alb.reddit.comFired: 4919ms after load
Reddit Pixel
CompliantCookieAdvertisingReddit Pixel

Reddit Pixel cookie "_rdt_uuid" set correctly after consent

Cookie: _rdt_uuidDomain: .schwab.com
Adobe Analytics
Adobe Analytics4 findings

s_fid, s_sq, s_ecid, AMCV_5DB5123F5245B1D20A490D45%40AdobeOrg

Adobe Analytics
CompliantCookieAnalyticsAdobe Analytics

Adobe Analytics cookie "s_fid" set correctly after consent

Cookie: s_fidDomain: .schwab.comRetention: 5 years
Adobe Analytics
CompliantCookieAnalyticsAdobe Analytics

Adobe Analytics cookie "s_sq" set correctly after consent

Cookie: s_sqDomain: .schwab.com
Adobe Analytics
CompliantCookieMarketingAdobe Analytics

Adobe Analytics cookie "s_ecid" set correctly after consent

Cookie: s_ecidDomain: .schwab.comRetention: 2 years
Adobe Analytics
CompliantCookieAnalyticsAdobe Analytics

Adobe Analytics cookie "AMCV_5DB5123F5245B1D20A490D45%40AdobeOrg" set correctly after consent

Cookie: AMCV_5DB5123F5245B1D20A490D45%40AdobeOrgDomain: .schwab.com
OneTrust
CompliantCookieConsent MgmtOneTrust

OneTrust cookie "OptanonAlertBoxClosed" set correctly after consent

Cookie: OptanonAlertBoxClosedDomain: .schwab.com
Adobe Audience Manager
Adobe Audience Manager4 findings

demdex, AMCVS_5DB5123F5245B1D20A490D45%40AdobeOrg, dpm, dextp

Adobe Audience Manager
CompliantCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "demdex" set correctly after consent

Cookie: demdexDomain: .demdex.netRetention: 180 days after last activity or 10 years when opting out
Adobe Audience Manager
CompliantCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "AMCVS_5DB5123F5245B1D20A490D45%40AdobeOrg" set correctly after consent

Cookie: AMCVS_5DB5123F5245B1D20A490D45%40AdobeOrgDomain: .schwab.comRetention: Session
Adobe Audience Manager
CompliantCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "dpm" set correctly after consent

Cookie: dpmDomain: .dpm.demdex.netRetention: 180 days
Adobe Audience Manager
CompliantCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "dextp" set correctly after consent

Cookie: dextpDomain: .demdex.netRetention: 180 days after last activity
LinkedIn
LinkedIn3 findings

bcookie, li_gc, lidc

LinkedIn
CompliantCookieMarketingLinkedIn

LinkedIn cookie "bcookie" set correctly after consent

Cookie: bcookieDomain: .linkedin.comRetention: 1 year
LinkedIn
CompliantCookieFunctionalLinkedIn

LinkedIn cookie "li_gc" set correctly after consent

Cookie: li_gcDomain: .linkedin.comRetention: 2 years
LinkedIn
CompliantCookieMarketingLinkedIn

LinkedIn cookie "lidc" set correctly after consent

Cookie: lidcDomain: .linkedin.comRetention: 1 day
Adobe Advertising
CompliantCookieMarketingAdobe Advertising

Adobe Advertising cookie "everest_g_v2" set correctly after consent

Cookie: everest_g_v2Domain: .everesttech.netRetention: 2 years
Rapleaf2 findings

rlas3, pxrc

CompliantCookieMarketingRapleaf

Rapleaf cookie "rlas3" set correctly after consent

Cookie: rlas3Domain: .rlcdn.comRetention: 1 year
CompliantCookieMarketingRapleaf

Rapleaf cookie "pxrc" set correctly after consent

Cookie: pxrcDomain: .rlcdn.comRetention: 2 months
DoubleClick/Google Marketing
DoubleClick/Google Marketing2 findings

IDE, ar_debug

DoubleClick/Google Marketing
CompliantCookieMarketingDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "IDE" set correctly after consent

Cookie: IDEDomain: .doubleclick.netRetention: 2 years
DoubleClick/Google Marketing
CompliantCookieMarketingDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "ar_debug" set correctly after consent

Cookie: ar_debugDomain: .pinterest.comRetention: Persistent
X5 findings

muc_ads, guest_id_marketing, guest_id_ads, personalization_id, guest_id

CompliantCookieMarketingX

X cookie "muc_ads" set correctly after consent

Cookie: muc_adsDomain: .t.coRetention: 24 months
CompliantCookieMarketingX

X cookie "guest_id_marketing" set correctly after consent

Cookie: guest_id_marketingDomain: .twitter.comRetention: 2 years
CompliantCookieMarketingX

X cookie "guest_id_ads" set correctly after consent

Cookie: guest_id_adsDomain: .twitter.comRetention: 2 years
CompliantCookieMarketingX

X cookie "personalization_id" set correctly after consent

Cookie: personalization_idDomain: .twitter.comRetention: 2 years
CompliantCookieMarketingX

X cookie "guest_id" set correctly after consent

Cookie: guest_idDomain: .twitter.comRetention: 2 years
Pinterest
CompliantCookieMarketingPinterest

Pinterest cookie "_pinterest_ct_ua" set correctly after consent

Cookie: _pinterest_ct_uaDomain: .ct.pinterest.comRetention: session

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan schwab.com

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com