https://verizon.com
Scanned Apr 15, 2026 · 37.7s
Your website score is
Grade
BannerConsent Banner
No
Regulatory Compliance
Multi-regulation overview — click any regulation for details
Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.
Tag Leak detected 118 user data leaks before consent on verizon.com, including QuantumMetric (Analytics Tracker), Nexxen (Advertising Tracker), LiveRamp (Advertising Tracker) and 31 more.
Security Headers
5/6 presentStrict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Content-Security-Policy
frame-ancestors 'self' *.verizon.com *.verizonwireless.com *.vzwcorp.com;
X-Frame-Options
SAMEORIGIN
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation
Google Consent Mode
V2Consent Parameters
Issues (7)
ad_storage defaults to "granted" — should default to "denied" for GDPR compliance
ad_user_data defaults to "granted" — should default to "denied" for GDPR compliance
ad_personalization defaults to "granted" — should default to "denied" for GDPR compliance
analytics_storage defaults to "granted" — should default to "denied" for GDPR compliance
functionality_storage defaults to "granted" — consider defaulting to "denied"
personalization_storage defaults to "granted" — consider defaulting to "denied"
No GTM container detected — consent mode works best with Google Tag Manager
Post-Rejection Audit
Reject Button
Missing
Post-Rejection Fires
0 vendors
Consent Mode
Not Detected
GTM Load
Not detected
Consent Mode V2: Not Detected
Google Consent Mode was not detected on this site.
Consent Record Audit
Issues detectedConsent record stored after interaction
GDPR Art. 7(1)No consent record written — cannot prove consent was given
No CMP consent cookie or localStorage entry was found after the consent interaction. GDPR requires controllers to demonstrate consent was given.
Consent withdrawal mechanism accessible
GDPR Art. 7(3)No way for users to withdraw consent found on page
No cookie settings link, footer link, or floating consent button was detected. GDPR requires users to withdraw consent as easily as they gave it.
Why this matters
Under GDPR Article 7, controllers must be able to demonstrate that consent was given (Art. 7(1)) and ensure users can withdraw consent at any time, as easily as giving it (Art. 7(3)). Sites with no consent record or no withdrawal mechanism cannot legally rely on consent as a lawful basis.
Tracker categories detected
Critical82
Meta Pixel3 findingsID trackedwww.facebook.com, connect.facebook.net, _fbp
www.facebook.com, connect.facebook.net, _fbp
Meta Pixel (Meta) loaded before consent: Meta Pixel tracking endpoint
Meta Pixel (Meta) loaded before consent: Sends user data to Meta for ad targeting and conversion tracking
Meta Pixel cookie "_fbp" set before consent
Microsoft Clarity3 findingsID trackedwww.clarity.ms, scripts.clarity.ms, i.clarity.ms
www.clarity.ms, scripts.clarity.ms, i.clarity.ms
Microsoft Clarity (Microsoft) loaded before consent: Session recording and heatmap analytics
Microsoft Clarity (Microsoft) loaded before consent: Session recording and heatmap analytics
Microsoft Clarity (Microsoft) loaded before consent: Session recording and heatmap analytics
Pinterest Tag3 findingsID trackedct.pinterest.com, s.pinimg.com, _pin_unauth
ct.pinterest.com, s.pinimg.com, _pin_unauth
Pinterest Tag (Pinterest) loaded before consent: Pinterest conversion tracking
Pinterest Tag (Pinterest) loaded before consent: Pinterest tag script loader
Pinterest Tag cookie "_pin_unauth" set before consent
Google Analytics2 findingsID trackedregion1.analytics.google.com, www.googletagmanager.com
region1.analytics.google.com, www.googletagmanager.com
GA4 (Google) loaded before consent: Sends pageview and event data to Google Analytics
GA4 (Google) loaded before consent: Google Analytics gtag.js library
Google (Tracker Tracker)5 findingsID trackedstats.g.doubleclick.net, cm.g.doubleclick.net, ad.doubleclick.net, 685973.fls.doubleclick.net, adservice.google.com
stats.g.doubleclick.net, cm.g.doubleclick.net, ad.doubleclick.net, 685973.fls.doubleclick.net, adservice.google.com
Google (tracker) loaded before consent
Google (tracker) loaded before consent
Google (tracker) loaded before consent
Google (tracker) loaded before consent
Google (tracker) loaded before consent
QuantumMetric (Analytics Tracker)2 findingscdn.quantummetric.com, ingestusipv4.quantummetric.com
cdn.quantummetric.com, ingestusipv4.quantummetric.com
QuantumMetric (analytics) loaded before consent
QuantumMetric (analytics) loaded before consent
Nexxen (advertising) loaded before consent
LiveRamp (advertising) loaded before consent
The Trade Desk (Tracker Tracker)3 findingsmatch.adsrvr.org, js.adsrvr.org, insight.adsrvr.org
match.adsrvr.org, js.adsrvr.org, insight.adsrvr.org
The Trade Desk (tracker) loaded before consent
The Trade Desk (tracker) loaded before consent
The Trade Desk (tracker) loaded before consent
Yahoo! (Analytics Tracker)2 findingscms.analytics.yahoo.com, ups.analytics.yahoo.com
cms.analytics.yahoo.com, ups.analytics.yahoo.com
Yahoo! (analytics) loaded before consent
Yahoo! (analytics) loaded before consent
Taboola (Taboola) loaded before consent: Taboola tracking and recommendation endpoint
Amazon (Advertising Tracker)3 findingss.amazon-adsystem.com, c.amazon-adsystem.com, aax-eu.amazon-adsystem.com
s.amazon-adsystem.com, c.amazon-adsystem.com, aax-eu.amazon-adsystem.com
Amazon (advertising) loaded before consent
Amazon (advertising) loaded before consent
Amazon (advertising) loaded before consent
Adobe (tracker) loaded before consent
Adobe Analytics3 findingsedge.adobedc.net, AMCV_777B575E55828EBB7F000101%40AdobeOrg, s_ecid
edge.adobedc.net, AMCV_777B575E55828EBB7F000101%40AdobeOrg, s_ecid
Adobe Analytics (Adobe) loaded before consent: Adobe Analytics data collection
Adobe Analytics cookie "AMCV_777B575E55828EBB7F000101%40AdobeOrg" set before consent
Adobe Analytics cookie "s_ecid" set before consent — This cookie is set by the customer's domain after the AMCV cookie is set by the client. The purpose of this cookie is to allow persistent ID tracking in the 1st-party state and is used as a reference ID if the AMCV cookie has expired.
Google Ads5 findingswww.googleadservices.com, www.google.com, googleads.g.doubleclick.net, _gcl_au, _gcl_ls
www.googleadservices.com, www.google.com, googleads.g.doubleclick.net, _gcl_au, _gcl_ls
Google Ads (Google) loaded before consent: Google Ads conversion tracking
Google Ads (Google) loaded before consent: Google Consent Mode data collection for ad measurement
Google Ads (Google) loaded before consent: Sends conversion data to Google Ads
Google Ads cookie "_gcl_au" set before consent
Google Ads (Google) wrote "_gcl_ls" to localStorage before consent
AdRoll2 findingss.adroll.com, d.adroll.com
s.adroll.com, d.adroll.com
AdRoll (AdRoll) loaded before consent: AdRoll retargeting and display advertising
AdRoll (AdRoll) loaded before consent: AdRoll data collection endpoint
Innovid (Advertising Tracker)4 findingss-static.innovid.com, rtr.innovid.com, s-a.innovid.com, collector-40192.us.tvsquared.com
s-static.innovid.com, rtr.innovid.com, s-a.innovid.com, collector-40192.us.tvsquared.com
Innovid (advertising) loaded before consent
Innovid (advertising) loaded before consent
Innovid (advertising) loaded before consent
Innovid (advertising) loaded before consent
Microsoft Ads3 findingsbat.bing.com, _uetsid, _uetvid
bat.bing.com, _uetsid, _uetvid
Microsoft Ads (Microsoft) loaded before consent: Microsoft Ads (Bing) UET conversion tracking
Microsoft Ads cookie "_uetsid" set before consent
Microsoft Ads cookie "_uetvid" set before consent
Twitter/X Pixel (X (Twitter)) loaded before consent: Loads Twitter/X conversion tracking script
Skai (advertising) loaded before consent
PublicisGroupe (Tracker Tracker)2 findingslogin.dotomi.com, login-ds.dotomi.com
login.dotomi.com, login-ds.dotomi.com
PublicisGroupe (tracker) loaded before consent
PublicisGroupe (tracker) loaded before consent
Dentsu (advertising) loaded before consent
Snapchat Pixel4 findingssc-static.net, tr.snapchat.com, _scid, _scid_r
sc-static.net, tr.snapchat.com, _scid, _scid_r
Snapchat Pixel (Snapchat) loaded before consent: Loads Snapchat conversion tracking script
Snapchat Pixel (Snapchat) loaded before consent: Snapchat pixel tracking endpoint
Snapchat Pixel cookie "_scid" set before consent
Snapchat Pixel cookie "_scid_r" set before consent
Advertising Tracker2 findingstags.pw.adn.cloud, tr6.snapchat.com
tags.pw.adn.cloud, tr6.snapchat.com
advertising tracker at tags.pw.adn.cloud loaded before consent
advertising tracker at tr6.snapchat.com loaded before consent
LinkedIn Insight Tag (LinkedIn) loaded before consent: Tracks conversions and enables LinkedIn audience targeting
Rapleaf2 findingsrlas3, pxrc
rlas3, pxrc
Rapleaf cookie "rlas3" set before consent — Collects anonymous data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
Rapleaf cookie "pxrc" set before consent — This cookie registers non-personal data on the visitor. The information is used to optimize advertisement relevance.
Bing / Microsoft2 findingsMUID, MR
MUID, MR
Bing / Microsoft cookie "MUID" set before consent — Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes.
Bing / Microsoft cookie "MR" set before consent — Used to collect information for analytics purposes.
DoubleClick/Google Marketing2 findingsIDE, ar_debug
IDE, ar_debug
DoubleClick/Google Marketing cookie "IDE" set before consent — This cookie is used for targeting, analyzing and optimisation of ad campaigns in DoubleClick/Google Marketing Suite
DoubleClick/Google Marketing cookie "ar_debug" set before consent — Store and track conversions
Adobe Audience Manager3 findingsdemdex, dpm, mbox
demdex, dpm, mbox
Adobe Audience Manager cookie "demdex" set before consent — Unique value with which Audience Manager can identify a user. Used, among others, for identification, segmentation, modeling and reporting purposes.
Adobe Audience Manager cookie "dpm" set before consent — DPM is an abbreviation for Data Provider Match. It tells internal, Adobe systems that a call from Audience Manager or the Adobe Experience Cloud ID Service is passing in customer data for synchronization or requesting an ID.
Adobe Audience Manager cookie "mbox" set before consent — Adobe Target uses cookies to give website operators the ability to test which online content and offers are more relevant to visitors.
Adform cookie "uid" set before consent — Contains a unique ID to identify a user
X5 findingspersonalization_id, guest_id_marketing, guest_id_ads, guest_id, muc_ads
personalization_id, guest_id_marketing, guest_id_ads, guest_id, muc_ads
X cookie "personalization_id" set before consent — Unique value with which users can be identified by X. Collected information is used to be personalize X services, including X trends, stories, ads and suggestions.
X cookie "guest_id_marketing" set before consent — This cookie is for advertising when logged out
X cookie "guest_id_ads" set before consent — This cookie is for advertising when logged out
X cookie "guest_id" set before consent — This cookie is set by X to identify and track the website visitor. Registers if a users is signed in the X platform and collects information about ad preferences.
X cookie "muc_ads" set before consent — These cookies are placed when you come to our website via X. A cookie from X is also placed on our website, with which we can later show a relevant offer on X
Amazon2 findingsad-id, ad-privacy
ad-id, ad-privacy
Amazon cookie "ad-id" set before consent — Clickthroughs to Amazon websites: Noting how the user got to Amazon via this website
Amazon cookie "ad-privacy" set before consent — Provided by amazon-adsystem.com for tracking user actions on other websites to provide targeted content to the users.
Mediamath cookie "uuid" set before consent — Collects data on the user's visits to the website, such as what pages have been loaded. The registered data is used for targeted ads.
Pinterest cookie "_pinterest_ct_ua" set before consent — This cookieis a third party cookie which groups actions for users who cannot be identified by Pinterest.
No consent banner detected — all cookies and tags fire without user consent
No "reject all" option found — users cannot refuse non-essential cookies (ICO guidance requires this)
No recognizable consent cookie or storage entry detected after interaction — GDPR Article 7(1) requires controllers to demonstrate consent was given (server-side storage cannot be verified)
No recognizable consent withdrawal mechanism detected — GDPR Article 7(3) requires users can withdraw consent as easily as giving it (cookie settings link or floating button expected)
Warnings39
Unknown third-party request to t.co before consent
Unknown third-party request to px.ads.linkedin.com before consent
Twitter (social) loaded before consent
Possible server-side tag proxy at sanalytics.verizon.com — analytics data may be forwarded to third parties before consent. Browser scanning cannot verify downstream recipients; audit your GTM Server-side or CNAME configuration.
Unknown third-party request to scache1.vzw.com before consent
Unknown third-party request to scache2.vzw.com before consent
Unknown third-party request to assets.adobedtm.com before consent
Unknown third-party request to s7.vzw.com before consent
Unknown third-party request to ss7.vzw.com before consent
Unknown third-party request to scache-ws.vzw.com before consent
Unknown third-party request to cdn.schemaapp.com before consent
Unknown third-party request to media.evolv.ai before consent
Unknown third-party request to participants.evolv.ai before consent
Unknown third-party request to api.tx4.pw.adn.cloud before consent
sessionStorage key "taggingVisitStart" written before consent
localStorage key "objGeo" written before consent
sessionStorage key "vzgptInjectionFlag" written before consent
localStorage key "lastExternalReferrer" written before consent
sessionStorage key "GA4entrypageURL" written before consent
sessionStorage key "GA4entrypagename" written before consent
sessionStorage key "adroll_dqs" written before consent
sessionStorage key "adroll_flgs" written before consent
localStorage key "_uetsid" written before consent
localStorage key "_uetsid_exp" written before consent
localStorage key "_uetvid" written before consent
localStorage key "_uetvid_exp" written before consent
localStorage key "evolv:uid" written before consent
sessionStorage key "qSession" written before consent
sessionStorage key "qualtricssessionstoragetestkey" written before consent
sessionStorage key "QSI_HistorySession" written before consent
localStorage key "u_sclid" written before consent
sessionStorage key "u_scsid" written before consent
localStorage key "u_sclid_r" written before consent
sessionStorage key "u_scsid_r" written before consent
localStorage key "qsi_test_local_storage" written before consent
sessionStorage key "QSI_ActionSetHistory" written before consent
sessionStorage key "dummy" written before consent
sessionStorage key "ak_bm_tab_id" written before consent
localStorage key "Q_INTER" written before consent
Info16
Microsoft (cdn) loaded before consent
Google (cdn) loaded before consent
Amazon (cdn) loaded before consent
Qualtrics (Cdn)3 findingszn9nssxmv9itcz7nq-verizoncx.siteintercept.qualtrics.com, siteintercept.qualtrics.com, iad1.qualtrics.com
zn9nssxmv9itcz7nq-verizoncx.siteintercept.qualtrics.com, siteintercept.qualtrics.com, iad1.qualtrics.com
Qualtrics (cdn) loaded before consent
Qualtrics (cdn) loaded before consent
Qualtrics (cdn) loaded before consent
Yahoo! (cdn) loaded before consent
Snapchat cookie "X-AB" set before consent — This cookie is used by the website’s operator in context with multi-variate testing. This is a tool used to combine or change content on the website. This allows the website to find the best variation/edition of the site.
Citrix2 findingsNSC_mphjo_txt_mcwt, NSC_mphjo_443_hwt
NSC_mphjo_txt_mcwt, NSC_mphjo_443_hwt
Citrix cookie "NSC_mphjo_txt_mcwt" set before consent — This cookie name is associated with the Netscaler load balancing service from Citrix. This is a pattern type cookie with the root being NSC_ and the rest of the name being a unique encrypted alpha numeric identifier for the virtual server it originated from. The cookie is used to ensure traffic and user data is routed to the correct locations where a site is hosted on multiple servers, so that the end user has a consistent experience.
Citrix cookie "NSC_mphjo_443_hwt" set before consent — This cookie name is associated with the Netscaler load balancing service from Citrix. This is a pattern type cookie with the root being NSC_ and the rest of the name being a unique encrypted alpha numeric identifier for the virtual server it originated from. The cookie is used to ensure traffic and user data is routed to the correct locations where a site is hosted on multiple servers, so that the end user has a consistent experience.
Akamai bot management session — necessary for site protection
Akamai bot manager — necessary for site protection
Cross-site request forgery token — security mechanism
AWS Application Load Balancer — necessary for infrastructure
AWS Application Load Balancer — necessary for infrastructure
Akamai bot management — necessary for site protection
Compliant8
Google Analytics2 findings_ga, _ga_12R1DX1LX7
_ga, _ga_12R1DX1LX7
Google Analytics cookie "_ga" set correctly after consent
Google Analytics cookie "_ga_12R1DX1LX7" set correctly after consent
LinkedIn3 findingsbcookie, li_gc, lidc
bcookie, li_gc, lidc
LinkedIn cookie "bcookie" set correctly after consent
LinkedIn cookie "li_gc" set correctly after consent
LinkedIn cookie "lidc" set correctly after consent
Amazon Web Services2 findingsAWSALB, AWSALBCORS
AWSALB, AWSALBCORS
Amazon Web Services cookie "AWSALB" set correctly after consent
Amazon Web Services cookie "AWSALBCORS" set correctly after consent
cookie "XSRF-TOKEN" set correctly after consent
Is this your site?
Run a full multi-page scan with monitoring and get detailed remediation steps
Scan verizon.com →This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com