StockX Cookie Compliance Report

StockX

stockx.com

Compare

https://stockx.com

Scanned Apr 15, 2026 · 41.9s

Your website score is

0/100

Critical

Grade

BannerConsent Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 58 user data leaks before consent on stockx.com, including TikTok Pixel, Meta Pixel, DoubleVerify (Advertising Tracker) and 16 more.

Security Headers

5/6 present

Strict-Transport-Security

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

base-uri 'none'; connect-src *.cookielaw.org *.doubleclick.net *.criteo.com *.datadoghq.com *.launchdarkly.com *.onetrust.com *.qualtrics.com *.riskified.com *.px-cloud.net *.bing.com *.stockx.com cloudflareinsights.com *.cloudflareinsights.com 'self' *.adtrafficquality.google browser-intake-datadoghq.com *.browser-intake-datadoghq.com *.hub-box.com *.braintree-api.com *.braintreegateway.com *.fbot.me *.googlesyndication.com mapixl.com *.mapixl.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon https://www.facebook.com *.samsung.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 35.160.46.251 54.156.2.105 *.appsflyer.com *.crwdcntrl.net *.adyen.com *.px-client.net *.px-cdn.net *.pxchk.net *.gstatic.com *.openx.net *.google-analytics.com *.paytm.in *.paytmpayments.com *.googletagmanager.com paypal.com *.paypal.com perimeterx.net *.perimeterx.net *.rubiconproject.com media.net *.media.net *.dotomi.com id5-sync.com *.id5-sync.com *.eu-1-id5-sync.com *.adnxs.com *.pubmatic.com *.sharethrough.com *.adsrvr.org *.33across.com *.rtbhouse.com dnacdn.net *.dnacdn.net *.publisher-services.amazon.dev crcldu.com *.eu-4-id5-sync.com *.eu-3-id5-sync.com *.a2z.com https://*.zigpoll.com *.cdn-apple.com *.afterpay.com https://*.smarty.com https://*.botchk.net *.paypalobjects.com *.primer.io https://c2shb.pubgw.yahoo.com https://ups.analytics.yahoo.com https://api.ipdata.co https://*.liadm.com *.gladly.com *.gladly.chat wss://ws.us-1.gladly.chat https://*.jwplayer.com https://*.jwpcdn.com https://*.jwpsrv.com/ https://sync.inmobi.com/report/onBidderError https://c2shb.pubgw.yahoo.com/bidRequest https://api.w.inmobi.com/openrtb/bidder/prebidjs https://api.id5-sync.com/analytics/1154/id5-api-js https://csi.gstatic.com https://*.smartadserver.com/prebid/v1 *.trustpilot.com https://*.clarity.ms/collect *.googleapis.com *.unrulymedia.com cpm.blutonic.net *.smartadserver.com *.verizonmedia.com *.yahoo.com *.videorolls.row.aiv-cdn.net *.cardinaltrusted.com apistack.yourbow.com *.yourbow.com pixels.spotify.com *.pixels.spotify.com *.live-video.net wss://*.live-video.net https://unpkg.com/@rive-app/canvas@2.35.3/rive.wasm https://challenges.cloudflare.com *.banner.appsflyersdk.com *.googleadservices.com *.google.com analytics.tiktok.com *.analytics.tiktok.com *.marphezis.com; default-src 'self' stockx.com *.stockx.com; font-src https://web-assets.stockx.com https://cash-f.squarecdn.com https://*.zigpoll.com https://fonts.gstatic.com *.paypalobjects.com; frame-src https://*; frame-ancestors https://*.pubmatic.com/ 'self'; img-src 'self' blob: https://* http://google-analytics.com *.paypalobjects.com *.paypal.com; media-src https://*.cloudflarestream.com data: https://cdn.jwplayer.com https://cdn.jwplayer.com/manifests/OYonWnp3.m3u8 https://*.jwpsrv.com/ blob: *.gvt1.com *.googlevideo.com *.2mdn.net; object-src 'none'; script-src *.cookielaw.org *.stockx.com *.cloudflareinsights.com *.fbot.me *.sift.com *.doubleclick.net *.clevertap.com www.googletagmanager.com *.clevertap-prod.com *.riskified.com *.sardine.ai *.trustpilot.com *.qualtrics.com bat.bing.com *.bat.bing.com *.adtrafficquality.google *.google.com *.rokt.com *.hub-box.com *.paypal.com *.googlesyndication.com 'self' *.mountain.com mapixl.com *.amazon-adsystem.com *.facebook.net *.criteo.net *.criteo.com *.openxcdn.net *.tvsquared.com *.33across.com www.googleadservices.com *.www.googleadservices.com 'unsafe-eval' 'unsafe-inline' *.crwdcntrl.net getrockerbox.com *.appsflyer.com *.creativecdn.com *.px-cloud.net yourbow.com *.yourbow.com https://*.fastclick.net https://*.id5-sync.com pubmatic.com *.pubmatic.com cash.app *.cash.app paypalobjects.com *.paypalobjects.com https://*.googletagservices.com https://*.zigpoll.com https://js.squarecdn.com *.cdn-apple.com *.squarecdn.com *.braintreegateway.com https://sdk.primer.io https://dvract3a1itr1.cloudfront.net/stock_x.js https://s3.amazonaws.com/otp.self-veri.com/otp-widget-sdk.js https://*.self-veri.com https://*.liadm.com *.gladly.com cdnjs.cloudflare.com https://*.jwplayer.com https://*.jwpcdn.com https://*.jwpsrv.com/ https://cdn.jsdelivr.net/npm/prebid.js@10.12.0/dist/chunks/debugging-standalone.js *.cdn.jsdelivr.net/npm/prebid.js https://cdn.jsdelivr.net/npm/prebid.js@9.53.2/dist/debugging-standalone.js https://*.clarity.ms https://js.adsrvr.org/up_loader.1.1.0.js https://cdn.jsdelivr.net/npm/prebid.js@*/dist/*.js *.googleapis.com *.2mdn.net *.cardinaltrusted.com https://pixel.byspotify.com/ping.min.js https://cdn.jsdelivr.net/npm/prebid.js@*/dist/**/*.js https://challenges.cloudflare.com *.tiktok.com; style-src 'self' 'unsafe-inline' https://web-assets.stockx.com https://checkoutshopper-live.adyen.com https://*.hub-box.com https://*.braintree-api.com https://*.braintreegateway.com https://*.adyen.com https://*.cash.app https://*.zigpoll.com https://fonts.googleapis.com *.primer.io; worker-src blob: https://stockx.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=8sHMc9Lm0g8pII._s3DmTkc1WX0RMU6A7hN7X1ywBjc-1776288603.991184-1.0.1.1-UA_5k2qtWTZI0WffZgFoU_.f6JtMJ4MktkYLoy8iudRteiWjjHadEbVd2c5wg1nrFhMJ9I7_5Yd7mRKh4X72igBp8HlNchPbkmgtybWxr0e3XSDYUHoZ_wuKzyHs0QV.fZv_lCKzZ55u6xtKg9YDWioo0CDDcDVANu0cbMgACcRSTaS3X9Mx7HinCctb2MWz; report-to cf-zkqmhsvywwkgrlfx

X-Frame-Options

SAMEORIGIN

X-Content-Type-Options

nosniff

Referrer-Policy

same-origin

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

70/100

GTM Containers:GTM-NSNVQXK

Consent Parameters

ParameterDefaultUpdated

Ad Storagenot_setgranted

Ad User Datanot_setgranted

Ad Personalizationnot_setgranted

Analytics Storagenot_setgranted

Functionality Storagenot_setnot_set

Personalization Storagenot_setnot_set

Security Storagenot_setnot_set

Issues (1)

No default consent call detected — consent mode may not be initialised correctly

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

3 vendors

Consent Mode

Not Detected

GTM Load

6053ms pre-consent

Google Tag Manager(GTM-NSNVQXK)

Loaded 6053ms after page load — before the consent banner was detected (banner appeared at 8400ms). Per a 2022 German court ruling, GTM itself transmits the user's IP to Google pre-consent.

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

✓ gtag('consent', 'update') call detected on rejection

Vendors firing after rejection (3)

Vendor	Category	Timing	URL
Google — Google Ads	advertising	21460ms	pagead2.googlesyndication.com
Criteo — Criteo	advertising	21620ms	dis.criteo.com
TikTok — TikTok Pixel	advertising	25089ms	analytics.tiktok.com

Consent Record Audit

Issues detected

Consent record stored after interaction

GDPR Art. 7(1)

Found: OptanonConsent (OneTrust)

Record contains timestamp

Art. 7(1)

Timestamp field detected

Record contains consent state

Art. 7(1)

Accept/reject state detected

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

No way for users to withdraw consent found on page

No cookie settings link, footer link, or floating consent button was detected. GDPR requires users to withdraw consent as easily as they gave it.

Why this matters

Under GDPR Article 7, controllers must be able to demonstrate that consent was given (Art. 7(1)) and ensure users can withdraw consent at any time, as easily as giving it (Art. 7(3)). Sites with no consent record or no withdrawal mechanism cannot legally rely on consent as a lawful basis.

Tracker categories detected

Advertising14 vendors

Analytics5 vendors

Marketing20 vendors

Security1 vendor

Functional2 vendors

Tag Management1 vendor

Critical43

TikTok Pixel6 findingsID tracked

analytics.tiktok.com, _ttp, _tt_enable_cookie, tt_sessionId, tt_appInfo, tt_pixel_session_index

criticalNetworkAdvertisingTikTok Pixel

TikTok Pixel (TikTok) loaded before consent: Sends event data to TikTok for ad measurement

ID: C9M4BE3C77U8C02R6C3GHost: analytics.tiktok.comFired: 5291ms after load

criticalCookieAdvertisingTikTok Pixel

TikTok Pixel cookie "_ttp" set before consent

Cookie: _ttpDomain: .tiktok.com

criticalCookieAdvertisingTikTok Pixel

TikTok Pixel cookie "_tt_enable_cookie" set before consent

Cookie: _tt_enable_cookieDomain: .stockx.com

criticalStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_sessionId" to sessionStorage before consent

Key: tt_sessionIdType: sessionStorageFired: 5985ms after load

criticalStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_appInfo" to sessionStorage before consent

Key: tt_appInfoType: sessionStorageFired: 6052ms after load

criticalStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_pixel_session_index" to sessionStorage before consent

Key: tt_pixel_session_indexType: sessionStorageFired: 6055ms after load

Criteo (Advertising Tracker)4 findingsID tracked

dynamic.criteo.com, sslwidget.criteo.com, widget.us.criteo.com, gum.criteo.com

criticalNetworkAdvertisingCriteo (Advertising Tracker)

Criteo (advertising) loaded before consent

ID: 34644Host: dynamic.criteo.comFired: 6763ms after load

criticalNetworkAdvertisingCriteo (Advertising Tracker)

Criteo (advertising) loaded before consent

ID: 34644Host: sslwidget.criteo.comFired: 7791ms after load

criticalNetworkAdvertisingCriteo (Advertising Tracker)

Criteo (advertising) loaded before consent

ID: 34644Host: widget.us.criteo.comFired: 7821ms after load

criticalNetworkAdvertisingCriteo (Advertising Tracker)

Criteo (advertising) loaded before consent

Host: gum.criteo.comFired: 7558ms after load

Meta Pixel3 findingsID tracked

www.facebook.com, connect.facebook.net, _fbp

criticalNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded before consent: Meta Pixel tracking endpoint

ID: 292598476322343Host: www.facebook.comFired: 7131ms after load

criticalNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded before consent: Sends user data to Meta for ad targeting and conversion tracking

Host: connect.facebook.netFired: 5637ms after load

criticalCookieAdvertisingMeta Pixel

Meta Pixel cookie "_fbp" set before consent

Cookie: _fbpDomain: .stockx.com

Microsoft Clarity2 findingsID tracked

www.clarity.ms, scripts.clarity.ms

criticalNetworkAnalyticsMicrosoft Clarity

Microsoft Clarity (Microsoft) loaded before consent: Session recording and heatmap analytics

ID: uetHost: www.clarity.msFired: 7742ms after load

criticalNetworkAnalyticsMicrosoft Clarity

Microsoft Clarity (Microsoft) loaded before consent: Session recording and heatmap analytics

Host: scripts.clarity.msFired: 7837ms after load

criticalNetworkAdvertisingDoubleVerify (Advertising Tracker)

DoubleVerify (advertising) loaded before consent

Host: getrockerbox.comFired: 6225ms after load

Google Ads3 findings

www.google.com, _gcl_au, _gcl_ls

criticalNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded before consent: Google Consent Mode data collection for ad measurement

Host: www.google.comFired: 6497ms after load

criticalCookieAdvertisingGoogle Ads

Google Ads cookie "_gcl_au" set before consent

Cookie: _gcl_auDomain: .stockx.com

criticalStorageAdvertisingGoogle Ads

Google Ads (Google) wrote "_gcl_ls" to localStorage before consent

Key: _gcl_lsType: localStorageFired: 6453ms after load

Advertising Tracker2 findings

pixel.byspotify.com, bat.bing.net

criticalNetworkAdvertisingAdvertising Tracker

advertising tracker at pixel.byspotify.com loaded before consent

Host: pixel.byspotify.comFired: 6763ms after load

criticalNetworkAdvertisingAdvertising Tracker

advertising tracker at bat.bing.net loaded before consent

Host: bat.bing.netFired: 7749ms after load

Amazon (Advertising Tracker)2 findings

c.amazon-adsystem.com, aax-eu.amazon-adsystem.com

criticalNetworkAdvertisingAmazon (Advertising Tracker)

Amazon (advertising) loaded before consent

Host: c.amazon-adsystem.comFired: 6763ms after load

criticalNetworkAdvertisingAmazon (Advertising Tracker)

Amazon (advertising) loaded before consent

Host: aax-eu.amazon-adsystem.comFired: 7717ms after load

criticalNetworkAdvertisingMicrosoft Ads

Microsoft Ads (Microsoft) loaded before consent: Microsoft Ads (Bing) UET conversion tracking

Host: bat.bing.comFired: 6763ms after load

criticalNetworkAdvertisingSpotify (Advertising Tracker)

Spotify (advertising) loaded before consent

Host: pixels.spotify.comFired: 7188ms after load

criticalNetworkAdvertisingID5 (Advertising Tracker)

ID5 (advertising) loaded before consent

Host: cdn.id5-sync.comFired: 7260ms after load

Google (Tracker Tracker)3 findings

ad.doubleclick.net, 14636937.fls.doubleclick.net, adservice.google.com

criticalNetworkGoogle (Tracker Tracker)

Google (tracker) loaded before consent

Host: ad.doubleclick.netFired: 7440ms after load

criticalNetworkGoogle (Tracker Tracker)

Google (tracker) loaded before consent

Host: 14636937.fls.doubleclick.netFired: 7442ms after load

criticalNetworkGoogle (Tracker Tracker)

Google (tracker) loaded before consent

Host: adservice.google.comFired: 7657ms after load

criticalCookieAnalyticsYandex.Metrica

Yandex.Metrica cookie "is_gdpr" set before consent — Detecting users from regions where the General Data Protection Regulation (GDPR) applies

Cookie: is_gdprDomain: stockx.comRetention: 1 year

Segment3 findings

ajs_anonymous_id, ajs_user_id

criticalCookieAnalyticsSegment

Segment cookie "ajs_anonymous_id" set before consent

Cookie: ajs_anonymous_idDomain: .stockx.com

criticalStorageAnalyticsSegment

Segment (Twilio) wrote "ajs_user_id" to localStorage before consent

Key: ajs_user_idType: localStorageFired: 5357ms after load

criticalStorageAnalyticsSegment

Segment (Twilio) wrote "ajs_anonymous_id" to localStorage before consent

Key: ajs_anonymous_idType: localStorageFired: 5359ms after load

criticalCookieMarketingMediamath

Mediamath cookie "uuid" set before consent — Collects data on the user's visits to the website, such as what pages have been loaded. The registered data is used for targeted ads.

Cookie: uuidDomain: .getrockerbox.comRetention: 1 year

TikTok2 findings

ttcsid, ttcsid_C9M4BE3C77U8C02R6C3G

criticalCookieMarketingTikTok

TikTok cookie "ttcsid" set before consent — The TikTok cookie ttcsid likely serves as a session identifier, helping to maintain user sessions and track interactions across the platform. Its purpose is probably to manage user authentication or personalize content based on activity, similar to other session-related cookies used by TikTok.

Cookie: ttcsidDomain: .stockx.comRetention: 1 year

criticalCookieMarketingTikTok

TikTok cookie "ttcsid_C9M4BE3C77U8C02R6C3G" set before consent — The TikTok cookie ttcsid likely serves as a session identifier, helping to maintain user sessions and track interactions across the platform. Its purpose is probably to manage user authentication or personalize content based on activity, similar to other session-related cookies used by TikTok.

Cookie: ttcsid_C9M4BE3C77U8C02R6C3GDomain: .stockx.comRetention: 1 year

criticalCookieMarketingAdform

Adform cookie "uid" set before consent — Contains a unique ID to identify a user

Cookie: uidDomain: .criteo.comRetention: 60 days

criticalCookieAdvertisingCriteo

Criteo cookie "cto_bundle" set before consent

Cookie: cto_bundleDomain: .criteo.com

criticalCookieMarketingAmazon

Amazon cookie "ad-id" set before consent — Clickthroughs to Amazon websites: Noting how the user got to Amazon via this website

Cookie: ad-idDomain: .amazon-adsystem.comRetention: 190 days

criticalPost-RejectionAdvertisingGoogle — Google Ads

Google — Google Ads fires after user rejected consent

Fired: 21460ms after load

criticalPost-RejectionAdvertisingCriteo — Criteo

Criteo — Criteo fires after user rejected consent

Fired: 21620ms after load

criticalPost-RejectionAdvertisingTikTok — TikTok Pixel

TikTok — TikTok Pixel fires after user rejected consent

Fired: 25089ms after load

criticalConsent Record

No recognizable consent withdrawal mechanism detected — GDPR Article 7(3) requires users can withdraw consent as easily as giving it (cookie settings link or floating button expected)

Warnings19

Google Tag Manager2 findingsID tracked

www.googletagmanager.com

warningNetworkTag ManagementGoogle Tag Manager

Google Tag Manager loads before consent — this is expected and required for GCM v2 to initialise consent defaults before any tags fire

ID: GTM-NSNVQXKHost: www.googletagmanager.comFired: 5659ms after load

warningGTMTag ManagementGoogle Tag Manager

GTM loaded before consent banner — IP address transmitted to Google pre-consent (container: GTM-NSNVQXK)

warningNetwork

Unknown third-party request to cdn.gladly.com before consent

Host: cdn.gladly.comFired: 2575ms after load

warningStorage

sessionStorage key "__next" written before consent

Key: __nextType: sessionStorageFired: 1287ms after load

warningStorage

localStorage key "nuqs-localStorage-test" written before consent

Key: nuqs-localStorage-testType: localStorageFired: 1485ms after load

warningStorage

localStorage key "persisted-queue:v1:U4EdztkiXl51BC4pC5M2a0jzBSE9ULlU:event-queue:lock" written before consent

Key: persisted-queue:v1:U4EdztkiXl51BC4pC5M2a0jzBSE9ULlU:event-queue:lockType: localStorageFired: 4254ms after load

warningStorage

localStorage key "persisted-queue:v1:U4EdztkiXl51BC4pC5M2a0jzBSE9ULlU:dest-Facebook Pixel:lock" written before consent

Key: persisted-queue:v1:U4EdztkiXl51BC4pC5M2a0jzBSE9ULlU:dest-Facebook Pixel:lockType: localStorageFired: 4699ms after load

warningStorage

localStorage key "persisted-queue:v1:U4EdztkiXl51BC4pC5M2a0jzBSE9ULlU:dest-Hindsight:lock" written before consent

Key: persisted-queue:v1:U4EdztkiXl51BC4pC5M2a0jzBSE9ULlU:dest-Hindsight:lockType: localStorageFired: 4700ms after load

warningStorage

localStorage key "persisted-queue:v1:U4EdztkiXl51BC4pC5M2a0jzBSE9ULlU:dest-Google AdWords New:lock" written before consent

Key: persisted-queue:v1:U4EdztkiXl51BC4pC5M2a0jzBSE9ULlU:dest-Google AdWords New:lockType: localStorageFired: 4700ms after load

warningStorage

localStorage key "persisted-queue:v1:U4EdztkiXl51BC4pC5M2a0jzBSE9ULlU:dest-Google Tag Manager:lock" written before consent

Key: persisted-queue:v1:U4EdztkiXl51BC4pC5M2a0jzBSE9ULlU:dest-Google Tag Manager:lockType: localStorageFired: 4700ms after load

warningStorage

localStorage key "persisted-queue:v1:U4EdztkiXl51BC4pC5M2a0jzBSE9ULlU:dest-Segment.io:lock" written before consent

Key: persisted-queue:v1:U4EdztkiXl51BC4pC5M2a0jzBSE9ULlU:dest-Segment.io:lockType: localStorageFired: 5241ms after load

warningStorage

localStorage key "stockx.com-en-us" written before consent

Key: stockx.com-en-usType: localStorageFired: 5330ms after load

warningStorage

sessionStorage key "RB.sessionId" written before consent

Key: RB.sessionIdType: sessionStorageFired: 6217ms after load

warningStorage

localStorage key "lastExternalReferrer" written before consent

Key: lastExternalReferrerType: localStorageFired: 6919ms after load

warningStorage

localStorage key "RB.uid" written before consent

Key: RB.uidType: localStorageFired: 7126ms after load

warningStorage

sessionStorage key "__spdt" written before consent

Key: __spdtType: sessionStorageFired: 7173ms after load

warningStorage

localStorage key "spdt-1776288611.138-767" written before consent

Key: spdt-1776288611.138-767Type: localStorageFired: 7190ms after load

warningStorage

localStorage key "criteo_localstorage_check" written before consent

Key: criteo_localstorage_checkType: localStorageFired: 7250ms after load

warningStorage

localStorage key "cto_bundle" written before consent

Key: cto_bundleType: localStorageFired: 7784ms after load

Info10

OneTrust2 findings

cdn.cookielaw.org, OptanonConsent

infoNetworkConsent MgmtOneTrust

OneTrust (OneTrust) loaded before consent: OneTrust cookie consent management

Host: cdn.cookielaw.orgFired: 417ms after load

infoCookieConsent MgmtOneTrust

OneTrust cookie "OptanonConsent" set before consent

Cookie: OptanonConsentDomain: .stockx.com

infoNetworkAnalyticsCloudflare Web Analytics

Cloudflare Web Analytics (Cloudflare) loaded before consent: Cloudflare Web Analytics beacon — privacy-focused, no cookies

Host: static.cloudflareinsights.comFired: 476ms after load

infoNetworkConsent MgmtOneTrust CMP

OneTrust CMP (OneTrust) loaded before consent: OneTrust geo-lookup — determines which consent banner to show based on user location

Host: geolocation.onetrust.comFired: 697ms after load

infoNetworkImgix (Cdn)

Imgix (cdn) loaded before consent

Host: stockx-assets.imgix.netFired: 3846ms after load

infoNetworkCloudflare (Cdn)

Cloudflare (cdn) loaded before consent

Host: cdnjs.cloudflare.comFired: 5352ms after load

infoNetworkAmazon (Cdn)

Amazon (cdn) loaded before consent

Host: dvract3a1itr1.cloudfront.netFired: 6763ms after load

infoCookieFunctionalDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "test_cookie" set before consent — This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor's browser supports cookies.

Cookie: test_cookieDomain: .doubleclick.netRetention: 1 year

infoCookieFunctional

Cloudflare challenge clearance — necessary for site access

Cookie: cf_clearanceDomain: .stockx.com

infoCookieFunctional

Cloudflare bot management — necessary for site operation

Cookie: __cf_bmDomain: .stockx.com

Compliant33

CompliantNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded correctly after consent

Host: googleads.g.doubleclick.netFired: 4414ms after load

LiveIntent2 findings

_li_ss, lidid

CompliantCookieMarketingLiveIntent

LiveIntent cookie "_li_ss" set correctly after consent

Cookie: _li_ssDomain: i.liadm.comRetention: 1 month

CompliantCookieMarketingLiveIntent

LiveIntent cookie "lidid" set correctly after consent

Cookie: lididDomain: .liadm.comRetention: 2 years

CompliantCookieMarketingAmazon

Amazon cookie "ad-privacy" set correctly after consent

Cookie: ad-privacyDomain: .amazon-adsystem.comRetention: 5 years

Casale Media3 findings

CMID, CMPS, CMPRO

CompliantCookieMarketingCasale Media

Casale Media cookie "CMID" set correctly after consent

Cookie: CMIDDomain: .casalemedia.comRetention: 1 day

CompliantCookieMarketingCasale Media

Casale Media cookie "CMPS" set correctly after consent

Cookie: CMPSDomain: .casalemedia.comRetention: 1 day

CompliantCookieMarketingCasale Media

Casale Media cookie "CMPRO" set correctly after consent

Cookie: CMPRODomain: .casalemedia.comRetention: 1 day

MediaVine2 findings

mv_tokens, am_tokens

CompliantCookieMarketingMediaVine

MediaVine cookie "mv_tokens" set correctly after consent

Cookie: mv_tokensDomain: exchange.mediavine.comRetention: 14 days

CompliantCookieMarketingMediaVine

MediaVine cookie "am_tokens" set correctly after consent

Cookie: am_tokensDomain: exchange.mediavine.comRetention: 14 days

CompliantCookieMarketingOutbrain

Outbrain cookie "criteo" set correctly after consent

Cookie: criteoDomain: exchange.mediavine.comRetention: 1 months

CompliantCookieMarketingNativo

Nativo cookie "opt_out" set correctly after consent

Cookie: opt_outDomain: .postrelease.comRetention: 1 year

CompliantCookieMarketingComScore

ComScore cookie "pid" set correctly after consent

Cookie: pidDomain: .smartadserver.comRetention: 1 year

Smartadserver2 findings

TestIfCookieP, csync

CompliantCookieMarketingSmartadserver

Smartadserver cookie "TestIfCookieP" set correctly after consent

Cookie: TestIfCookiePDomain: .smartadserver.comRetention: 13 months

CompliantCookieMarketingSmartadserver

Smartadserver cookie "csync" set correctly after consent

Cookie: csyncDomain: .smartadserver.comRetention: 1 day

CompliantCookieMarketingID5

ID5 cookie "id5" set correctly after consent

Cookie: id5Domain: .id5-sync.comRetention: 1 day

PubMatic2 findings

KADUSERCOOKIE, SPugT

CompliantCookieMarketingPubMatic

PubMatic cookie "KADUSERCOOKIE" set correctly after consent

Cookie: KADUSERCOOKIEDomain: .pubmatic.comRetention: 90 days

CompliantCookieMarketingPubMatic

PubMatic cookie "SPugT" set correctly after consent

Cookie: SPugTDomain: .pubmatic.comRetention: 30 days

Magnite2 findings

tvid, tv_UICR

CompliantCookieMarketingMagnite

Magnite cookie "tvid" set correctly after consent

Cookie: tvidDomain: .tremorhub.comRetention: 1 year

CompliantCookieMarketingMagnite

Magnite cookie "tv_UICR" set correctly after consent

Cookie: tv_UICRDomain: .tremorhub.comRetention: 30 days

CompliantCookieMarketing1rx.io

1rx.io cookie "_rxuuid" set correctly after consent

Cookie: _rxuuidDomain: .1rx.ioRetention: 1 year

Adobe Audience Manager2 findings

demdex, dpm

CompliantCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "demdex" set correctly after consent

Cookie: demdexDomain: .demdex.netRetention: 180 days after last activity or 10 years when opting out

CompliantCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "dpm" set correctly after consent

Cookie: dpmDomain: .dpm.demdex.netRetention: 180 days

CompliantCookieMarketingNeustar

Neustar cookie "ab" set correctly after consent

Cookie: abDomain: .agkn.comRetention: 1 year

Marfeel2 findings

_sharedid, _sharedid_cst

CompliantCookieAnalyticsMarfeel

Marfeel cookie "_sharedid" set correctly after consent

Cookie: _sharedidDomain: .stockx.comRetention: Session

CompliantCookieAnalyticsMarfeel

Marfeel cookie "_sharedid_cst" set correctly after consent

Cookie: _sharedid_cstDomain: .stockx.comRetention: Session

CompliantCookieFunctionalGoogle

Google cookie "receive-cookie-deprecation" set correctly after consent

Cookie: receive-cookie-deprecationDomain: prebid.media.netRetention: 180 days

Beeswax2 findings

bito, bitoIsSecure

CompliantCookieMarketingBeeswax

Beeswax cookie "bito" set correctly after consent

Cookie: bitoDomain: .bidr.ioRetention: 1 year

CompliantCookieMarketingBeeswax

Beeswax cookie "bitoIsSecure" set correctly after consent

Cookie: bitoIsSecureDomain: .bidr.ioRetention: 1 year

CompliantCookieSecurityGoogle AdSense

Google AdSense cookie "__eoi" set correctly after consent

Cookie: __eoiDomain: .stockx.comRetention: 3 Months

Rapleaf2 findings

rlas3, pxrc

CompliantCookieMarketingRapleaf

Rapleaf cookie "rlas3" set correctly after consent

Cookie: rlas3Domain: .rlcdn.comRetention: 1 year

CompliantCookieMarketingRapleaf

Rapleaf cookie "pxrc" set correctly after consent

Cookie: pxrcDomain: .rlcdn.comRetention: 2 months

CompliantCookieConsent MgmtOneTrust

OneTrust cookie "OptanonAlertBoxClosed" set correctly after consent

Cookie: OptanonAlertBoxClosedDomain: .stockx.com

CompliantCookieMarketingDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "IDE" set correctly after consent

Cookie: IDEDomain: .doubleclick.netRetention: 2 years

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan stockx.com →

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com