Slack Cookie Compliance Report

Slack

slack.com

Compare

https://slack.com

Scanned Apr 15, 2026 · 39.3s

Your website score is

30/100

Critical

Grade

D30

BannerConsent Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 5 user data leaks before consent on slack.com, including Youtube.

Security Headers

3/6 present

Strict-Transport-Security

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Add a Content-Security-Policy header to prevent XSS and code injection attacks

X-Frame-Options

SAMEORIGIN

X-Content-Type-Options

Set X-Content-Type-Options to 'nosniff' to prevent MIME type sniffing

Referrer-Policy

no-referrer

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

95/100

Consent Parameters

ParameterDefaultUpdated

Ad Storagedeniedgranted

Ad User Datadeniedgranted

Ad Personalizationdeniedgranted

Analytics Storagedeniedgranted

Functionality Storagedeniedgranted

Personalization Storagedeniedgranted

Security Storagedeniedgranted

Issues (1)

No GTM container detected — consent mode works best with Google Tag Manager

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

0 vendors

Consent Mode

Not Detected

GTM Load

Not detected

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

✓ gtag('consent', 'update') call detected on rejection

No tracking vendors detected firing after rejection

Consent Record Audit

Pass

Consent record stored after interaction

GDPR Art. 7(1)

Found: OptanonConsent (OneTrust)

Record contains timestamp

Art. 7(1)

Timestamp field detected

Record contains consent state

Art. 7(1)

Accept/reject state detected

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

Cookie settings link / floating button found

Consent record and withdrawal mechanism are both correctly implemented

Tracker categories detected

Advertising3 vendors

Analytics2 vendors

Marketing5 vendors

Security3

Functional3 vendors

Tag Management1 vendor

Critical3

Youtube3 findings

VISITOR_INFO1_LIVE, VISITOR_PRIVACY_METADATA, __Secure-ROLLOUT_TOKEN

criticalCookieMarketingYoutube

Youtube cookie "VISITOR_INFO1_LIVE" set before consent — Tries to estimate the users' bandwidth on pages with integrated YouTube videos. Also used for marketing

Cookie: VISITOR_INFO1_LIVEDomain: .youtube.comRetention: 179 days

criticalCookieMarketingYoutube

Youtube cookie "VISITOR_PRIVACY_METADATA" set before consent — Youtube visitor privacy metadata cookie

Cookie: VISITOR_PRIVACY_METADATADomain: .youtube.comRetention: 180 days

criticalCookieMarketingYoutube

Youtube cookie "__Secure-ROLLOUT_TOKEN" set before consent — Registers a unique ID to keep statistics of what videos from YouTube the user has seen.

Cookie: __Secure-ROLLOUT_TOKENDomain: .youtube.comRetention: 180 days

Warnings2

warningNetwork

Unknown third-party request to a.slack-edge.com before consent

Host: a.slack-edge.comFired: 348ms after load

warningNetwork

Unknown third-party request to www.google.com before consent

Host: www.google.comFired: 5252ms after load

Info9

OneTrust2 findings

cdn.cookielaw.org, OptanonConsent

infoNetworkConsent MgmtOneTrust

OneTrust (OneTrust) loaded before consent: OneTrust cookie consent management

Host: cdn.cookielaw.orgFired: 348ms after load

infoCookieConsent MgmtOneTrust

OneTrust cookie "OptanonConsent" set before consent

Cookie: OptanonConsentDomain: .slack.com

infoNetworkConsent MgmtOneTrust CMP

OneTrust CMP (OneTrust) loaded before consent: OneTrust geo-lookup — determines which consent banner to show based on user location

Host: geolocation.onetrust.comFired: 1012ms after load

Google (Cdn)4 findings

www.youtube.com, www.youtube-nocookie.com, fonts.gstatic.com, jnn-pa.googleapis.com

infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: www.youtube.comFired: 1983ms after load

infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: www.youtube-nocookie.comFired: 3944ms after load

infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: fonts.gstatic.comFired: 4278ms after load

infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: jnn-pa.googleapis.comFired: 5635ms after load

infoCookieFunctionalGoogle

Google cookie "__Secure-YNID" set before consent — It's a YouTube cookie used to enhance user experience by storing video player preferences and aiding in secure log-ins and spam detectio

Cookie: __Secure-YNIDDomain: .youtube.comRetention: 180 days

infoCookieFunctionalYoutube

Youtube cookie "YSC" set before consent — Registers a unique ID to keep statistics of what videos from YouTube the user has seen.

Cookie: YSCDomain: .youtube.comRetention: Session

Compliant17

CompliantNetworkTag ManagementGoogle Tag Manager

Google Tag Manager (Google) loaded correctly after consent

ID: GTM-KH2LPKHost: www.googletagmanager.comFired: 3841ms after load

Google Analytics3 findingsID tracked

region1.analytics.google.com, _ga, _ga_QTJQME5M5D

CompliantNetworkAnalyticsGA4

GA4 (Google) loaded correctly after consent

ID: G-QTJQME5M5DHost: region1.analytics.google.comFired: 5673ms after load

CompliantCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga" set correctly after consent

Cookie: _gaDomain: .slack.com

CompliantCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_QTJQME5M5D" set correctly after consent

Cookie: _ga_QTJQME5M5DDomain: .slack.com

CompliantNetworkAdvertisingLinkedIn Insight Tag

LinkedIn Insight Tag (LinkedIn) loaded correctly after consent

Host: snap.licdn.comFired: 4861ms after load

Google Ads4 findings

www.google.com, googleads.g.doubleclick.net, _gcl_au, _gcl_ls

CompliantNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded correctly after consent

Host: www.google.comFired: 4861ms after load

CompliantNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded correctly after consent

Host: googleads.g.doubleclick.netFired: 5673ms after load

CompliantCookieAdvertisingGoogle Ads

Google Ads cookie "_gcl_au" set correctly after consent

Cookie: _gcl_auDomain: .slack.com

CompliantStorageAdvertisingGoogle Ads

Google Ads (Google) wrote "_gcl_ls" to localStorage correctly after consent

Key: _gcl_lsType: localStorageFired: 4574ms after load

Reddit Pixel2 findings

alb.reddit.com, _rdt_uuid

CompliantNetworkAdvertisingReddit Pixel

Reddit Pixel (Reddit) loaded correctly after consent

Host: alb.reddit.comFired: 5698ms after load

CompliantCookieAdvertisingReddit Pixel

Reddit Pixel cookie "_rdt_uuid" set correctly after consent

Cookie: _rdt_uuidDomain: .slack.com

LinkedIn3 findings

bcookie, li_gc, lidc

CompliantCookieMarketingLinkedIn

LinkedIn cookie "bcookie" set correctly after consent

Cookie: bcookieDomain: .linkedin.comRetention: 1 year

CompliantCookieFunctionalLinkedIn

LinkedIn cookie "li_gc" set correctly after consent

Cookie: li_gcDomain: .linkedin.comRetention: 2 years

CompliantCookieMarketingLinkedIn

LinkedIn cookie "lidc" set correctly after consent

Cookie: lidcDomain: .linkedin.comRetention: 1 day

CompliantCookieMarketingPlatform161

Platform161 cookie "tuuid" set correctly after consent

Cookie: tuuidDomain: .company-target.comRetention: 13 months

CompliantCookieMarketingbidswitch.net

bidswitch.net cookie "tuuid_lu" set correctly after consent

Cookie: tuuid_luDomain: .company-target.comRetention: 3 months

CompliantCookieMarketingDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "IDE" set correctly after consent

Cookie: IDEDomain: .doubleclick.netRetention: 2 years

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan slack.com →

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com