Trendyol

trendyol.com

Compare

https://trendyol.com

Scanned Apr 15, 2026 · 36.6s

Your website score is

0/100
Critical

Grade

F0

Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 89 user data leaks before consent on trendyol.com, including Adform (Advertising Tracker), Azerion (Advertising Tracker), VirtualMinds (Advertising Tracker) and 48 more.

Security Headers

4/6 present

Strict-Transport-Security

max-age=15768000;

Content-Security-Policy

script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://trendyol.com https://*.trendyol.com https://www.googletagmanager.com https://www.google-analytics.com https://www.clarity.ms https://scripts.clarity.ms https://www.googleadservices.com https://static.criteo.net https://connect.facebook.net https://edge.fullstory.com https://www.fullstory.com https://cdn.cookielaw.org https://creativecdn.com https://static.hotjar.com https://trendyolde.api.useinsider.com https://ct.pinterest.com https://cdn.taboola.com https://trc.taboola.com https://analytics.twitter.com https://s2.adform.net https://track.adform.net https://platform.twitter.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://www.awin1.com https://cdn.dsmcdn.com/ https://static.dsmcdn.com https://js-agent.newrelic.com https://maps.googleapis.com https://static.cloudflareinsights.com https://bam-cell.nr-data.net https://widget.usersnap.com https://resources.usersnap.com https://sslwidget.criteo.com https://pay.google.com https://x.klarnacdn.net https://api.useinsider.com https://www.googleoptimize.com https://s.pinimg.com https://www.dwin1.com https://ln-rules.rewardstyle.com https://the.sciencebehindecommerce.com https://analytics.tiktok.com https://widgets.trustedshops.com https://bat.bing.com https://js.braintreegateway.com https://www.paypal.com https://www.mczbf.com https://c.paypal.com/ https://sc-static.net https://tags.creativecdn.com https://www.google.com https://www.gstatic.com https://checkout.tabby.ai https://dynamic.criteo.com https://challenges.cloudflare.com https://checkout.com https://risk.checkout.com https://fpjs.checkout.com https://fpjscache.checkout.com https://fpjsworker.checkout.com https://fpnpmcdn.net https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.4.7/swiper-bundle.min.js media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net https://prod.flixgvid.flix360.io/ content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com *.flixcar.com http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com; frame-ancestors 'self' https://*.trendyol.com

X-Frame-Options

Add X-Frame-Options header to prevent clickjacking attacks

X-Content-Type-Options

nosniff

Referrer-Policy

same-origin

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

V2
70/100
GTM Containers:GTM-W7RKTTCGTM-N5Z4ND6

Consent Parameters

ParameterDefaultUpdated
Ad Storagenot_setgranted
Ad User Datanot_setgranted
Ad Personalizationnot_setgranted
Analytics Storagenot_setgranted
Functionality Storagenot_setgranted
Personalization Storagenot_setgranted
Security Storagenot_setgranted

Issues (1)

No default consent call detected — consent mode may not be initialised correctly

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

0 vendors

Consent Mode

Not Detected

GTM Load

3440ms pre-consent

Google Tag Manager(GTM-W7RKTTC)

Loaded 3440ms after page load — before the consent banner was detected (banner appeared at 7368ms). Per a 2022 German court ruling, GTM itself transmits the user's IP to Google pre-consent.

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

✓ gtag('consent', 'update') call detected on rejection

No tracking vendors detected firing after rejection

Consent Record Audit

Pass

Consent record stored after interaction

GDPR Art. 7(1)

Found: OptanonConsent (OneTrust)

Record contains timestamp

Art. 7(1)

Timestamp field detected

Record contains consent state

Art. 7(1)

Accept/reject state detected

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

Cookie settings link / floating button found

Consent record and withdrawal mechanism are both correctly implemented

Tracker categories detected

Advertising30 vendors
Analytics5 vendors
Marketing16 vendors
Security2
Functional1 vendor
Tag Management1 vendor
Critical75
Adform (Advertising Tracker)
Adform (Advertising Tracker)5 findings

s2.adform.net, track.adform.net, c1.adform.net, server.seadform.net, dmp.adform.net

Adform (Advertising Tracker)
criticalNetworkAdvertisingAdform (Advertising Tracker)

Adform (advertising) loaded before consent

Host: s2.adform.netFired: 3564ms after load
Adform (Advertising Tracker)
criticalNetworkAdvertisingAdform (Advertising Tracker)

Adform (advertising) loaded before consent

Host: track.adform.netFired: 4012ms after load
Adform (Advertising Tracker)
criticalNetworkAdvertisingAdform (Advertising Tracker)

Adform (advertising) loaded before consent

Host: c1.adform.netFired: 4249ms after load
Adform (Advertising Tracker)
criticalNetworkAdvertisingAdform (Advertising Tracker)

Adform (advertising) loaded before consent

Host: server.seadform.netFired: 4255ms after load
Adform (Advertising Tracker)
criticalNetworkAdvertisingAdform (Advertising Tracker)

Adform (advertising) loaded before consent

Host: dmp.adform.netFired: 4963ms after load
Azerion (Advertising Tracker)
criticalNetworkAdvertisingAzerion (Advertising Tracker)

Azerion (advertising) loaded before consent

Host: ad.360yield.comFired: 4393ms after load
VirtualMinds (Advertising Tracker)
VirtualMinds (Advertising Tracker)2 findings

ad.yieldlab.net, dsp.adfarm1.adition.com

VirtualMinds (Advertising Tracker)
criticalNetworkAdvertisingVirtualMinds (Advertising Tracker)

VirtualMinds (advertising) loaded before consent

Host: ad.yieldlab.netFired: 4393ms after load
VirtualMinds (Advertising Tracker)
criticalNetworkAdvertisingVirtualMinds (Advertising Tracker)

VirtualMinds (advertising) loaded before consent

Host: dsp.adfarm1.adition.comFired: 4397ms after load
Magnite (Advertising Tracker)
criticalNetworkAdvertisingMagnite (Advertising Tracker)

Magnite (advertising) loaded before consent

Host: token.rubiconproject.comFired: 4393ms after load
Ströer Core (Advertising Tracker)
criticalNetworkAdvertisingStröer Core (Advertising Tracker)

Ströer Core (advertising) loaded before consent

Host: ih.adscale.deFired: 4393ms after load
Equativ (Advertising Tracker)
criticalNetworkAdvertisingEquativ (Advertising Tracker)

Equativ (advertising) loaded before consent

Host: rtb-csync.smartadserver.comFired: 4394ms after load
Comcast (Advertising Tracker)
criticalNetworkAdvertisingComcast (Advertising Tracker)

Comcast (advertising) loaded before consent

Host: user-sync.fwmrm.netFired: 4394ms after load
Criteo (Advertising Tracker)
criticalNetworkAdvertisingCriteo (Advertising Tracker)

Criteo (advertising) loaded before consent

Host: x.bidswitch.netFired: 4394ms after load
IndexExchange (Advertising Tracker)
criticalNetworkAdvertisingIndexExchange (Advertising Tracker)

IndexExchange (advertising) loaded before consent

Host: dsum-sec.casalemedia.comFired: 4394ms after load
SearchForce (Advertising Tracker)
SearchForce (Advertising Tracker)2 findings

uipglob.semasio.net, se.semasio.net

SearchForce (Advertising Tracker)
criticalNetworkAdvertisingSearchForce (Advertising Tracker)

SearchForce (advertising) loaded before consent

Host: uipglob.semasio.netFired: 4394ms after load
SearchForce (Advertising Tracker)
criticalNetworkAdvertisingSearchForce (Advertising Tracker)

SearchForce (advertising) loaded before consent

Host: se.semasio.netFired: 4674ms after load
Dun & Bradstreet (Analytics Tracker)
criticalNetworkAnalyticsDun & Bradstreet (Analytics Tracker)

Dun & Bradstreet (analytics) loaded before consent

Host: ps.eyeota.netFired: 4395ms after load
Nielsen (Advertising Tracker)
Nielsen (Advertising Tracker)2 findings

loadm.exelator.com, load77.exelator.com

Nielsen (Advertising Tracker)
criticalNetworkAdvertisingNielsen (Advertising Tracker)

Nielsen (advertising) loaded before consent

Host: loadm.exelator.comFired: 4395ms after load
Nielsen (Advertising Tracker)
criticalNetworkAdvertisingNielsen (Advertising Tracker)

Nielsen (advertising) loaded before consent

Host: load77.exelator.comFired: 4680ms after load
LiveRamp (Advertising Tracker)
criticalNetworkAdvertisingLiveRamp (Advertising Tracker)

LiveRamp (advertising) loaded before consent

Host: idsync.rlcdn.comFired: 4395ms after load
PublicisGroupe (Tracker Tracker)
criticalNetworkPublicisGroupe (Tracker Tracker)

PublicisGroupe (tracker) loaded before consent

Host: sync.crwdcntrl.netFired: 4395ms after load
OpenX (Tracker Tracker)
criticalNetworkOpenX (Tracker Tracker)

OpenX (tracker) loaded before consent

Host: eu-u.openx.netFired: 4395ms after load
OnlineSolution (Advertising Tracker)
criticalNetworkAdvertisingOnlineSolution (Advertising Tracker)

OnlineSolution (advertising) loaded before consent

Host: cm.adsafety.netFired: 4395ms after load
Google (Tracker Tracker)
criticalNetworkGoogle (Tracker Tracker)

Google (tracker) loaded before consent

Host: cm.g.doubleclick.netFired: 4395ms after load
Microsoft (Advertising Tracker)
Microsoft (Advertising Tracker)2 findings

secure.adnxs.com, ib.adnxs.com

Microsoft (Advertising Tracker)
criticalNetworkAdvertisingMicrosoft (Advertising Tracker)

Microsoft (advertising) loaded before consent

Host: secure.adnxs.comFired: 4395ms after load
Microsoft (Advertising Tracker)
criticalNetworkAdvertisingMicrosoft (Advertising Tracker)

Microsoft (advertising) loaded before consent

Host: ib.adnxs.comFired: 4973ms after load
PubMatic (Advertising Tracker)
criticalNetworkAdvertisingPubMatic (Advertising Tracker)

PubMatic (advertising) loaded before consent

Host: simage2.pubmatic.comFired: 4395ms after load
AudienceProject (Advertising Tracker)
criticalNetworkAdvertisingAudienceProject (Advertising Tracker)

AudienceProject (advertising) loaded before consent

Host: pdw-adf.userreport.comFired: 4395ms after load
Audiencerate (Advertising Tracker)
criticalNetworkAdvertisingAudiencerate (Advertising Tracker)

Audiencerate (advertising) loaded before consent

Host: a.audrte.comFired: 4395ms after load
Adobe (Tracker Tracker)
criticalNetworkAdobe (Tracker Tracker)

Adobe (tracker) loaded before consent

Host: dpm.demdex.netFired: 4395ms after load
TransUnion (Advertising Tracker)
criticalNetworkAdvertisingTransUnion (Advertising Tracker)

TransUnion (advertising) loaded before consent

Host: aa.agkn.comFired: 4395ms after load
Roku (Advertising Tracker)
criticalNetworkAdvertisingRoku (Advertising Tracker)

Roku (advertising) loaded before consent

Host: pm.w55c.netFired: 4397ms after load
The Trade Desk (Tracker Tracker)
criticalNetworkThe Trade Desk (Tracker Tracker)

The Trade Desk (tracker) loaded before consent

Host: match.adsrvr.orgFired: 4397ms after load
ID5 (Advertising Tracker)
criticalNetworkAdvertisingID5 (Advertising Tracker)

ID5 (advertising) loaded before consent

Host: id5-sync.comFired: 4397ms after load
Weborama (Advertising Tracker)
criticalNetworkAdvertisingWeborama (Advertising Tracker)

Weborama (advertising) loaded before consent

Host: redirect.frontend.weborama.frFired: 4397ms after load
Teads (Advertising Tracker)
criticalNetworkAdvertisingTeads (Advertising Tracker)

Teads (advertising) loaded before consent

Host: sync.teads.tvFired: 4397ms after load
VerveGroup (Advertising Tracker)
criticalNetworkAdvertisingVerveGroup (Advertising Tracker)

VerveGroup (advertising) loaded before consent

Host: s.ad.smaato.netFired: 4397ms after load
ContentExchange (Advertising Tracker)
criticalNetworkAdvertisingContentExchange (Advertising Tracker)

ContentExchange (advertising) loaded before consent

Host: match.contentexchange.meFired: 4397ms after load
mediarithmics (Advertising Tracker)
criticalNetworkAdvertisingmediarithmics (Advertising Tracker)

mediarithmics (advertising) loaded before consent

Host: cookie-matching.mediarithmics.comFired: 4397ms after load
OnAudience (Advertising Tracker)
criticalNetworkAdvertisingOnAudience (Advertising Tracker)

OnAudience (advertising) loaded before consent

Host: pixel.onaudience.comFired: 4397ms after load
TripleLift (Advertising Tracker)
criticalNetworkAdvertisingTripleLift (Advertising Tracker)

TripleLift (advertising) loaded before consent

Host: eb2.3lift.comFired: 4397ms after load
OneTag (Advertising Tracker)
criticalNetworkAdvertisingOneTag (Advertising Tracker)

OneTag (advertising) loaded before consent

Host: onetag-sys.comFired: 4397ms after load
Yahoo! (Analytics Tracker)
Yahoo! (Analytics Tracker)2 findings

cms.analytics.yahoo.com, ups.analytics.yahoo.com

Yahoo! (Analytics Tracker)
criticalNetworkAnalyticsYahoo! (Analytics Tracker)

Yahoo! (analytics) loaded before consent

Host: cms.analytics.yahoo.comFired: 4986ms after load
Yahoo! (Analytics Tracker)
criticalNetworkAnalyticsYahoo! (Analytics Tracker)

Yahoo! (analytics) loaded before consent

Host: ups.analytics.yahoo.comFired: 5005ms after load
Adform
Adform4 findings

C, CM, uid, CM14

Adform
criticalCookieMarketingAdform

Adform cookie "C" set before consent — Used to determine if browser of user accepts cookies or not

Cookie: CDomain: .adform.netRetention: 60 days till 3650 days
Adform
criticalCookieMarketingAdform

Adform cookie "CM" set before consent — Checks if a new partner cookie synchronization is required (cookie set by ad server)

Cookie: CMDomain: .adform.netRetention: 1 day
Adform
criticalCookieMarketingAdform

Adform cookie "uid" set before consent — Contains a unique ID to identify a user

Cookie: uidDomain: .adform.netRetention: 60 days
Adform
criticalCookieMarketingAdform

Adform cookie "CM14" set before consent — Checks if a new partner cookie synchronization is required (cookie set during cookie synchronization )

Cookie: CM14Domain: .adform.netRetention: 1 day
ComScore
criticalCookieMarketingComScore

ComScore cookie "pid" set before consent — Collects a code that identifies the specific website or advertiser participating in the ScorecardResearch data collection program.

Cookie: pidDomain: .smartadserver.comRetention: 1 year
Smartadserver
Smartadserver2 findings

TestIfCookieP, csync

Smartadserver
criticalCookieMarketingSmartadserver

Smartadserver cookie "TestIfCookieP" set before consent — Technical cookie used to test if persistent cookies are accepted

Cookie: TestIfCookiePDomain: .smartadserver.comRetention: 13 months
Smartadserver
criticalCookieMarketingSmartadserver

Smartadserver cookie "csync" set before consent — Optimises ad display based on the user's movement combined and various advertiser bids for displaying user ads.

Cookie: csyncDomain: .smartadserver.comRetention: 1 day
Rapleaf2 findings

rlas3, pxrc

criticalCookieMarketingRapleaf

Rapleaf cookie "rlas3" set before consent — Collects anonymous data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.

Cookie: rlas3Domain: .rlcdn.comRetention: 1 year
criticalCookieMarketingRapleaf

Rapleaf cookie "pxrc" set before consent — This cookie registers non-personal data on the visitor. The information is used to optimize advertisement relevance.

Cookie: pxrcDomain: .rlcdn.comRetention: 2 months
Casale Media3 findings

CMID, CMPS, CMPRO

criticalCookieMarketingCasale Media

Casale Media cookie "CMID" set before consent — Collects visitor data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.

Cookie: CMIDDomain: .casalemedia.comRetention: 1 day
criticalCookieMarketingCasale Media

Casale Media cookie "CMPS" set before consent — Collects visitor data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads

Cookie: CMPSDomain: .casalemedia.comRetention: 1 day
criticalCookieMarketingCasale Media

Casale Media cookie "CMPRO" set before consent — Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that the visitor is shown the same advertisement.

Cookie: CMPRODomain: .casalemedia.comRetention: 1 day
criticalCookieMarketingsemasio.net

semasio.net cookie "SEUNCY" set before consent — Registers a unique ID that identifies the user’s device for return visits.

Cookie: SEUNCYDomain: .semasio.netRetention: 179 days
openx.net
criticalCookieMarketingopenx.net

openx.net cookie "i" set before consent — Registers user data, such as IP address, geographical location, websites visited and on which advertisements the user has clicked, with the aim of optimizing the display of advertisements based on user relocation on websites that use the same advertising network.

Cookie: iDomain: .openx.netRetention: 1 year
Nielsen3 findings

EE, udo, ud

criticalCookieMarketingNielsen

Nielsen cookie "EE" set before consent — Collects data related to the user’s visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.

Cookie: EEDomain: .exelator.comRetention: 119 days
criticalCookieMarketingNielsen

Nielsen cookie "udo" set before consent — Collects information on user behavior on multiple websites. This information is used in order to optimize the relevance of advertisement on the website.

Cookie: udoDomain: .exelator.comRetention: 119 days
criticalCookieMarketingNielsen

Nielsen cookie "ud" set before consent — Collects data related to the user’s visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.

Cookie: udDomain: .exelator.comRetention: 119 days
Audrte3 findings

arcki2, arcki2_adform, arcki2_ddp2

criticalCookieMarketingAudrte

Audrte cookie "arcki2" set before consent — Collects data on user behaviour and interaction in order to optimize the website and make advertisement on the website more relevant.

Cookie: arcki2Domain: .audrte.comRetention: 14 days
criticalCookieMarketingAudrte

Audrte cookie "arcki2_adform" set before consent — Presents the user with relevant content and advertisement. The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers.

Cookie: arcki2_adformDomain: .audrte.comRetention: 14 days
criticalCookieMarketingAudrte

Audrte cookie "arcki2_ddp2" set before consent — Collects data on user behaviour and interaction in order to optimize the website and make advertisement on the website more relevant.

Cookie: arcki2_ddp2Domain: .audrte.comRetention: 14 days
criticalCookieMarketingAdition

Adition cookie "UserID1" set before consent — Cookie sets a unique anonymous ID for a website visitor. This ID is used to recognize the user on different sessions and to track their activities on the website. The data collected is used for analysis purposes.

Cookie: UserID1Domain: .adfarm1.adition.comRetention: 180 days
DoubleClick/Google Marketing
criticalCookieMarketingDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "IDE" set before consent — This cookie is used for targeting, analyzing and optimisation of ad campaigns in DoubleClick/Google Marketing Suite

Cookie: IDEDomain: .doubleclick.netRetention: 2 years
criticalCookieAnalyticsWeborama

Weborama cookie "AFFICHE_W" set before consent — Used by the advertising platform Weborama to determine the visitor’s interests based on pages visits, content clicked and other actions on the website.

Cookie: AFFICHE_WDomain: .weborama.frRetention: 3 months
Roku2 findings

wfivefivec, matchadform

criticalCookieMarketingRoku

Roku cookie "wfivefivec" set before consent — Collects data on the user's visits to the website, such as what pages have been loaded. The registered data is used for targeted ads.

Cookie: wfivefivecDomain: .w55c.netRetention: 13 months
criticalCookieMarketingRoku

Roku cookie "matchadform" set before consent — Presents the user with relevant content and advertisement. The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers.

Cookie: matchadformDomain: .w55c.netRetention: 29 days
OnAudience3 findings

done_redirects297, done_redirects271, done_redirects252

criticalCookieMarketingOnAudience

OnAudience cookie "done_redirects297" set before consent — Used to monitor website performance for statistical purposes.

Cookie: done_redirects297Domain: .onaudience.comRetention: 1 day
criticalCookieMarketingOnAudience

OnAudience cookie "done_redirects271" set before consent — Used to monitor website performance for statistical purposes.

Cookie: done_redirects271Domain: .onaudience.comRetention: 1 day
criticalCookieMarketingOnAudience

OnAudience cookie "done_redirects252" set before consent — Used to monitor website performance for statistical purposes.

Cookie: done_redirects252Domain: .onaudience.comRetention: 1 day
Neustar
criticalCookieMarketingNeustar

Neustar cookie "ab" set before consent — This cookie is used by the website’s operator in context with multi-variate testing. This is a tool used to combine or change content on the website. This allows the website to find the best variation/edition of the site.

Cookie: abDomain: .agkn.comRetention: 1 year
Adobe Audience Manager
Adobe Audience Manager2 findings

demdex, dpm

Adobe Audience Manager
criticalCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "demdex" set before consent — Unique value with which Audience Manager can identify a user. Used, among others, for identification, segmentation, modeling and reporting purposes.

Cookie: demdexDomain: .demdex.netRetention: 180 days after last activity or 10 years when opting out
Adobe Audience Manager
criticalCookieMarketingAdobe Audience Manager

Adobe Audience Manager cookie "dpm" set before consent — DPM is an abbreviation for Data Provider Match. It tells internal, Adobe systems that a call from Audience Manager or the Adobe Experience Cloud ID Service is passing in customer data for synchronization or requesting an ID.

Cookie: dpmDomain: .dpm.demdex.netRetention: 180 days
Warnings14
Google Tag Manager
Google Tag Manager2 findingsID tracked

www.googletagmanager.com

Google Tag Manager
warningNetworkTag ManagementGoogle Tag Manager

Google Tag Manager loads before consent — this is expected and required for GCM v2 to initialise consent defaults before any tags fire

ID: GTM-W7RKTTCHost: www.googletagmanager.comFired: 3303ms after load
Google Tag Manager
warningGTMTag ManagementGoogle Tag Manager

GTM loaded before consent banner — IP address transmitted to Google pre-consent (container: GTM-W7RKTTC)

Analytics proxy
warningNetworkAnalytics proxy

Possible server-side tag proxy at en-collect.trendyol.com — analytics data may be forwarded to third parties before consent. Browser scanning cannot verify downstream recipients; audit your GTM Server-side or CNAME configuration.

Host: en-collect.trendyol.comFired: 3866ms after load
vendor logo
warningNetwork

Unknown third-party request to cdn.dsmcdn.com before consent

Host: cdn.dsmcdn.comFired: 476ms after load
vendor logo
warningNetwork

Unknown third-party request to target.digitalaudience.io before consent

Host: target.digitalaudience.ioFired: 4927ms after load
warningStorage

sessionStorage key "stateHistory" written before consent

Key: stateHistoryType: sessionStorageFired: 1090ms after load
warningStorage

sessionStorage key "mergen_dice" written before consent

Key: mergen_diceType: sessionStorageFired: 1168ms after load
warningStorage

sessionStorage key "key" written before consent

Key: keyType: sessionStorageFired: 1783ms after load
warningStorage

localStorage key "tooltip-queue" written before consent

Key: tooltip-queueType: localStorageFired: 1916ms after load
warningStorage

sessionStorage key "iahp" written before consent

Key: iahpType: sessionStorageFired: 2269ms after load
warningStorage

localStorage key "__mergen_test__" written before consent

Key: __mergen_test__Type: localStorageFired: 2293ms after load
warningStorage

localStorage key "mergen-session" written before consent

Key: mergen-sessionType: localStorageFired: 2294ms after load
warningStorage

localStorage key "basket_reminder" written before consent

Key: basket_reminderType: localStorageFired: 2325ms after load
warningStorage

localStorage key "breadcrumbs" written before consent

Key: breadcrumbsType: localStorageFired: 3098ms after load
Info8
Cloudflare Web Analytics
infoNetworkAnalyticsCloudflare Web Analytics

Cloudflare Web Analytics (Cloudflare) loaded before consent: Cloudflare Web Analytics beacon — privacy-focused, no cookies

Host: static.cloudflareinsights.comFired: 513ms after load
OneTrust
OneTrust2 findings

cdn.cookielaw.org, OptanonConsent

OneTrust
infoNetworkConsent MgmtOneTrust

OneTrust (OneTrust) loaded before consent: OneTrust cookie consent management

Host: cdn.cookielaw.orgFired: 3564ms after load
OneTrust
infoCookieConsent MgmtOneTrust

OneTrust cookie "OptanonConsent" set before consent

Cookie: OptanonConsentDomain: .trendyol.com
Cloudflare
Cloudflare2 findings

__cflb, _cfuvid

Cloudflare
infoCookieFunctionalCloudflare

Cloudflare cookie "__cflb" set before consent — When enabling session affinity with Cloudflare Load Balancer, Cloudflare sets a __cflb cookie with a unique value on the first response to the requesting client. Cloudflare routes future requests to the same origin, optimizing network resource usage. In the event of a failover, Cloudflare sets a new __cflb cookie to direct future requests to the failover pool.

Cookie: __cflbDomain: www.trendyol.comRetention: session
Cloudflare
infoCookieFunctionalCloudflare

Cloudflare cookie "_cfuvid" set before consent — The _cfuvid cookie is only set when a site uses this option in a Rate Limiting Rule, and is only used to allow the Cloudflare WAF to distinguish individual users who share the same IP address.

Cookie: _cfuvidDomain: .trendyol.comRetention: session
infoCookieFunctional

Cloudflare bot management — necessary for site operation

Cookie: __cf_bmDomain: .trendyol.com
infoCookieFunctional

Cross-site request forgery token — security mechanism

Cookie: csrf-secretDomain: .trendyol.com
infoCookieFunctional

Load balancer server affinity — necessary for infrastructure

Cookie: SERVERIDDomain: .eyeota.net
Compliant8
GA4
CompliantNetworkAnalyticsGA4

GA4 (Google) loaded correctly after consent

ID: G-T7K913680PHost: region1.analytics.google.comFired: 5163ms after load
Meta Pixel
CompliantNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded correctly after consent

Host: connect.facebook.netFired: 3850ms after load
Google Ads
Google Ads3 findings

www.google.com, _gcl_au, _gcl_ls

Google Ads
CompliantNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded correctly after consent

Host: www.google.comFired: 3850ms after load
Google Ads
CompliantCookieAdvertisingGoogle Ads

Google Ads cookie "_gcl_au" set correctly after consent

Cookie: _gcl_auDomain: .trendyol.com
Google Ads
CompliantStorageAdvertisingGoogle Ads

Google Ads (Google) wrote "_gcl_ls" to localStorage correctly after consent

Key: _gcl_lsType: localStorageFired: 3720ms after load
OneTrust
CompliantCookieConsent MgmtOneTrust

OneTrust cookie "OptanonAlertBoxClosed" set correctly after consent

Cookie: OptanonAlertBoxClosedDomain: .trendyol.com
ComScore
CompliantCookieMarketingComScore

ComScore cookie "pid" set correctly after consent

Cookie: pidDomain: .trendyol.comRetention: 1 year
Google
CompliantCookieMarketingGoogle

Google cookie "sid" set correctly after consent

Cookie: sidDomain: .trendyol.comRetention: 2 years

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan trendyol.com

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com