Uber Eats Cookie Compliance Report

Uber Eats

ubereats.com

Compare

https://ubereats.com

Scanned Apr 15, 2026 · 35.1s

Your website score is

0/100

Critical

Grade

BannerConsent Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 19 user data leaks before consent on ubereats.com, including Microsoft Ads, Tealium (Tracker Tracker), Mixpanel.

Security Headers

4/6 present

Strict-Transport-Security

max-age=31536000

Content-Security-Policy

frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments-guest.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-otchs.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com *.appspaces.ca *.paidshipping.com *.shiptime.com https://dev-bk-web.co.uk.rbi.tools https://staging-bk-web.co.uk.rbi.tools https://qa-bk-web.co.uk.rbi.tools https://www.burgerking.co.uk https://burgerking.co.uk capacitor://burgerking.co.uk capacitor://www.burgerking.co.uk capacitor://dev-bk-web.co.uk.rbi.tools capacitor://staging-bk-web.co.uk.rbi.tools capacitor://qa-bk-web.co.uk.rbi.tools report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false

X-Frame-Options

ALLOW-FROM https://www.nimblerx.com

X-Content-Type-Options

nosniff

Referrer-Policy

Set a Referrer-Policy header to control how much referrer information is shared

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

Not Detected

Google Consent Mode v2 was not found on this page. GCM v2 allows Google's tags to adjust their behavior based on user consent, and is required for compliant advertising measurement in the EU. Without it, your Google Ads and GA4 conversions may be impacted after consent is declined.

Post-Rejection Audit

Reject Button

Missing

Post-Rejection Fires

0 vendors

Consent Mode

Not Detected

GTM Load

Not detected

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

Consent Record Audit

Issues detected

Consent record stored after interaction

GDPR Art. 7(1)

No consent record written — cannot prove consent was given

No CMP consent cookie or localStorage entry was found after the consent interaction. GDPR requires controllers to demonstrate consent was given.

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

No way for users to withdraw consent found on page

No cookie settings link, footer link, or floating consent button was detected. GDPR requires users to withdraw consent as easily as they gave it.

Why this matters

Under GDPR Article 7, controllers must be able to demonstrate that consent was given (Art. 7(1)) and ensure users can withdraw consent at any time, as easily as giving it (Art. 7(3)). Sites with no consent record or no withdrawal mechanism cannot legally rely on consent as a lawful basis.

Tracker categories detected

Advertising7 vendors

Analytics2 vendors

Marketing5 vendors

Security2

Functional2 vendors

Critical7

Mixpanel2 findingsID tracked

api-js.mixpanel.com, mp_adec770be288b16d9008c964acfba5c2_mixpanel

criticalNetworkAnalyticsMixpanel

Mixpanel (Mixpanel) loaded before consent: Mixpanel analytics data collection endpoint

ID: adec770be288b16d9008c964acfba5c2Host: api-js.mixpanel.comFired: 3745ms after load

criticalCookieAnalyticsMixpanel

Mixpanel cookie "mp_adec770be288b16d9008c964acfba5c2_mixpanel" set before consent

Cookie: mp_adec770be288b16d9008c964acfba5c2_mixpanelDomain: .ubereats.com

criticalNetworkAdvertisingMicrosoft Ads

Microsoft Ads (Microsoft) loaded before consent: Microsoft Ads (Bing) UET conversion tracking

Host: bat.bing.comFired: 2279ms after load

criticalNetworkTealium (Tracker Tracker)

Tealium (tracker) loaded before consent

Host: tags.tiqcdn.comFired: 2279ms after load

criticalConsent

No "reject all" option found — users cannot refuse non-essential cookies (ICO guidance requires this)

criticalConsent Record

No recognizable consent cookie or storage entry detected after interaction — GDPR Article 7(1) requires controllers to demonstrate consent was given (server-side storage cannot be verified)

criticalConsent Record

No recognizable consent withdrawal mechanism detected — GDPR Article 7(3) requires users can withdraw consent as easily as giving it (cookie settings link or floating button expected)

Warnings15

warningConsentUnknown

Unknown was clicked but no consent storage was written — tags may continue firing as if consent was never given

warningNetwork

Unknown third-party request to accounts.google.com before consent

Host: accounts.google.comFired: 3117ms after load

warningNetwork

Unknown third-party request to google.com before consent

Host: google.comFired: 4063ms after load

warningStorage

localStorage key "test" written before consent

Key: testType: localStorageFired: 2841ms after load

warningStorage

localStorage key "::wev2_comm::" written before consent

Key: ::wev2_comm::Type: localStorageFired: 3093ms after load

warningStorage

localStorage key "uev2.etp" written before consent

Key: uev2.etpType: localStorageFired: 3667ms after load

warningStorage

localStorage key "__mplss_vljjn59a" written before consent

Key: __mplss_vljjn59aType: localStorageFired: 3721ms after load

warningStorage

localStorage key "__mplss_lt864oz1" written before consent

Key: __mplss_lt864oz1Type: localStorageFired: 3742ms after load

warningStorage

localStorage key "__mpq_adec770be288b16d9008c964acfba5c2_ev:X" written before consent

Key: __mpq_adec770be288b16d9008c964acfba5c2_ev:XType: localStorageFired: 3742ms after load

warningStorage

localStorage key "__mpq_adec770be288b16d9008c964acfba5c2_ev:Y" written before consent

Key: __mpq_adec770be288b16d9008c964acfba5c2_ev:YType: localStorageFired: 3742ms after load

warningStorage

localStorage key "__mpq_adec770be288b16d9008c964acfba5c2_ev:Z" written before consent

Key: __mpq_adec770be288b16d9008c964acfba5c2_ev:ZType: localStorageFired: 3742ms after load

warningStorage

localStorage key "__mpq_adec770be288b16d9008c964acfba5c2_ev" written before consent

Key: __mpq_adec770be288b16d9008c964acfba5c2_evType: localStorageFired: 3742ms after load

warningStorage

sessionStorage key "google-one-tap-prompt-initialized-page" written before consent

Key: google-one-tap-prompt-initialized-pageType: sessionStorageFired: 4040ms after load

warningStorage

sessionStorage key "__sak" written before consent

Key: __sakType: sessionStorageFired: 4042ms after load

warningStorage

localStorage key "__mplss_1wws3pap" written before consent

Key: __mplss_1wws3papType: localStorageFired: 8765ms after load

Info3

infoNetworkAmazon (Cdn)

Amazon (cdn) loaded before consent

Host: d3i4yxtzktqr9n.cloudfront.netFired: 2279ms after load

infoCookieFunctionalAuth0

Auth0 cookie "dId" set before consent — Device identification for attack protection.

Cookie: dIdDomain: .ubereats.comRetention: session

infoCookieFunctional

Cloudflare bot management — necessary for site operation

Cookie: __cf_bmDomain: .ubereats.com

Compliant32

CompliantNetworkAdvertisingPinterest Tag

Pinterest Tag (Pinterest) loaded correctly after consent

ID: 2613594162204Host: ct.pinterest.comFired: 5497ms after load

TikTok Pixel6 findingsID tracked

analytics.tiktok.com, _ttp, _tt_enable_cookie, tt_sessionId, tt_appInfo, tt_pixel_session_index

CompliantNetworkAdvertisingTikTok Pixel

TikTok Pixel (TikTok) loaded correctly after consent

ID: C69TD6PO8QD6LKH42DTGHost: analytics.tiktok.comFired: 5501ms after load

CompliantCookieAdvertisingTikTok Pixel

TikTok Pixel cookie "_ttp" set correctly after consent

Cookie: _ttpDomain: .tiktok.com

CompliantCookieAdvertisingTikTok Pixel

TikTok Pixel cookie "_tt_enable_cookie" set correctly after consent

Cookie: _tt_enable_cookieDomain: .ubereats.com

CompliantStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_sessionId" to sessionStorage correctly after consent

Key: tt_sessionIdType: sessionStorageFired: -17278ms after load

CompliantStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_appInfo" to sessionStorage correctly after consent

Key: tt_appInfoType: sessionStorageFired: -17267ms after load

CompliantStorageAdvertisingTikTok Pixel

TikTok Pixel (TikTok) wrote "tt_pixel_session_index" to sessionStorage correctly after consent

Key: tt_pixel_session_indexType: sessionStorageFired: -17266ms after load

Meta Pixel3 findingsID tracked

www.facebook.com, connect.facebook.net, _fbp

CompliantNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded correctly after consent

ID: 920222691346894Host: www.facebook.comFired: 5753ms after load

CompliantNetworkAdvertisingMeta Pixel

Meta Pixel (Meta) loaded correctly after consent

Host: connect.facebook.netFired: 5167ms after load

CompliantCookieAdvertisingMeta Pixel

Meta Pixel cookie "_fbp" set correctly after consent

Cookie: _fbpDomain: .ubereats.com

Snapchat Pixel4 findings

sc-static.net, tr.snapchat.com, _scid, _scid_r

CompliantNetworkAdvertisingSnapchat Pixel

Snapchat Pixel (Snapchat) loaded correctly after consent

Host: sc-static.netFired: 5149ms after load

CompliantNetworkAdvertisingSnapchat Pixel

Snapchat Pixel (Snapchat) loaded correctly after consent

Host: tr.snapchat.comFired: 6938ms after load

CompliantCookieAdvertisingSnapchat Pixel

Snapchat Pixel cookie "_scid" set correctly after consent

Cookie: _scidDomain: .ubereats.com

CompliantCookieAdvertisingSnapchat Pixel

Snapchat Pixel cookie "_scid_r" set correctly after consent

Cookie: _scid_rDomain: .ubereats.com

CompliantNetworkAnalyticsGA4

GA4 (Google) loaded correctly after consent

Host: www.googletagmanager.comFired: 5167ms after load

Google Ads3 findings

www.google.com, _gcl_au, _gcl_ls

CompliantNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded correctly after consent

Host: www.google.comFired: 5455ms after load

CompliantCookieAdvertisingGoogle Ads

Google Ads cookie "_gcl_au" set correctly after consent

Cookie: _gcl_auDomain: .ubereats.com

CompliantStorageAdvertisingGoogle Ads

Google Ads (Google) wrote "_gcl_ls" to localStorage correctly after consent

Key: _gcl_lsType: localStorageFired: 5427ms after load

CompliantNetworkAdvertisingTwitter/X Pixel

Twitter/X Pixel (X (Twitter)) loaded correctly after consent

Host: static.ads-twitter.comFired: 5511ms after load

CompliantCookieFunctionalSnapchat

Snapchat cookie "X-AB" set correctly after consent

Cookie: X-ABDomain: sc-static.netRetention: 1 day

CompliantCookieMarketingDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "ar_debug" set correctly after consent

Cookie: ar_debugDomain: .pinterest.comRetention: Persistent

CompliantCookieMarketingPinterest

Pinterest cookie "_pinterest_ct_ua" set correctly after consent

Cookie: _pinterest_ct_uaDomain: .ct.pinterest.comRetention: session

X5 findings

muc_ads, guest_id_marketing, guest_id_ads, personalization_id, guest_id

CompliantCookieMarketingX

X cookie "muc_ads" set correctly after consent

Cookie: muc_adsDomain: .t.coRetention: 24 months

CompliantCookieMarketingX

X cookie "guest_id_marketing" set correctly after consent

Cookie: guest_id_marketingDomain: .twitter.comRetention: 2 years

CompliantCookieMarketingX

X cookie "guest_id_ads" set correctly after consent

Cookie: guest_id_adsDomain: .twitter.comRetention: 2 years

CompliantCookieMarketingX

X cookie "personalization_id" set correctly after consent

Cookie: personalization_idDomain: .twitter.comRetention: 2 years

CompliantCookieMarketingX

X cookie "guest_id" set correctly after consent

Cookie: guest_idDomain: .twitter.comRetention: 2 years

Microsoft Ads2 findings

_uetsid, _uetvid

CompliantCookieAdvertisingMicrosoft Ads

Microsoft Ads cookie "_uetsid" set correctly after consent

Cookie: _uetsidDomain: .ubereats.com

CompliantCookieAdvertisingMicrosoft Ads

Microsoft Ads cookie "_uetvid" set correctly after consent

Cookie: _uetvidDomain: .ubereats.com

CompliantCookieMarketingBing / Microsoft

Bing / Microsoft cookie "MUID" set correctly after consent

Cookie: MUIDDomain: .bing.comRetention: 1 year

TikTok2 findings

ttcsid, ttcsid_C69TD6PO8QD6LKH42DTG

CompliantCookieMarketingTikTok

TikTok cookie "ttcsid" set correctly after consent

Cookie: ttcsidDomain: .ubereats.comRetention: 1 year

CompliantCookieMarketingTikTok

TikTok cookie "ttcsid_C69TD6PO8QD6LKH42DTG" set correctly after consent

Cookie: ttcsid_C69TD6PO8QD6LKH42DTGDomain: .ubereats.comRetention: 1 year

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan ubereats.com →

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com