Metric details: Vendors after opt out

  Note: Data for the Vendors after opt out metric is available from August 1, 2023 and onward.

The Vendors after opt out metric is designed for U.S. Privacy scans and allows your organization to view vendors that Sourcepoint has observed firing after an opt out from targeting advertising on the selected properties for the selected date and U.S. States.

Navigate to a detailed view for a specific compliance metric by applying your filters to your dashboard and selecting a compliance metric from the Compliance Metrics table.

Screenshot 2023-12-11 at 12.55.29 PM.png

  Note: This metric should help you determine whether you should take action to remove or contact these vendors; however, we also recommend taking into consideration whether the vendor may be permitted to process personal data even after an opt out (e.g., if the vendor meets the requirements of a “service provider” or a “processor” under applicable law). Firing after opt out from targeted advertising does not mean that the vendor is accessing information or storing a cookie, however the recommendation is to scrutinise those that do this in line with regulatory guidelines.


The overview section of the metric details page is comprised of 2 graphs that allow you to compare, based on your filters, your relative score and average count for the metric compared to your benchmark property.  


  • Average count: the average number of vendors per scan that fulfilled the criteria of the metric (e.g. non disclosed, triggered before consent, etc...)
  • Relative score: a percentile ranking that compares selected properties against your benchmark properties for this particular compliance metric. 

Screenshot 2023-10-02 at 9.43.41 AM.png

Detailed breakdown

The detailed breakdown table lists vendor details that were observed on your properties and who were triggered after an end-user made a choice to opt out of targeted advertising. Please refer to the table below for definitions for each vendor detail in the table.


Vendor detail Description
MSPA label Indicates the vendor participates in the Multi-state Privacy Agreement
Vendor Name Name of observed vendor on your property(ies) who was triggered after an opt-out of targeted advertising.
Prevalence (My Properties) The prevalence of the triggered vendor across the selected properties.
First Seen The first date within your periodization where the triggered vendor was observed on your property(ies).
Last Seen The last date within your periodization where the triggered vendor was observed on your property(ies).
Technology Categorisation

Categorisation is provided by Sourcepoint after rigorous and careful research into the vendor's data practices by reviewing the vendor's privacy policy with regards to the particular cookie or technology.

If triggered vendor belongs to more than a single technology category, click the number in the cell to view all categories.

Information Storage/Access

The methods used by the triggered vendor to access and/or store data on an end-users device such as cookies and other identifiers.

Referrer Vendor

The vendor who owns the last web address accessed by the browser prior to triggering the vendor in question.

If triggered vendor is referred to by more than one vendor on your vendor list, click the number in the cell to view all referrer vendors. 

Cookie Name

The name of cookie(s) dropped by the vendor who is triggered after an opt-out of targeted advertising.

If vendor drops more than a single cookie, click the number in the cell to view all cookie names

Cookie Details

Click here for more information.

Vendor Details

Click here for more information.

  Note: Filter the table by different headers by selecting the filter icon from a vendor detail header and apply filters via the dropdown menu. Click OK to apply the filters.


Cookie details

The cookie details modal allows your organization to view specific information about each cookie set on your property(ies) by the vendor. View the cookie details modal by clicking View under the Cookie Details column inline with a specific vendor.


Use the provided modal to view details for each individual cookie set by the vendor.


Detail Description
Cookie name Name given to the cookie when the vendor set the cookie.

Cookies dropped by the vendor can be flagged for any of the following criteria:

  • Non-secure
  • Persistent
  • Large (over 100 b)
1st or 3rd-party

Identifies whether cookies dropped by the vendor are either 1st-party or 3rd-party cookies:

  • 1st-party cookies are created by the domain of selected property and can only be used to track user behavior on the domain that created it.
  • 3rd-party cookies are created by a 3rd-party domain and can be used to track a user cross-domains.
Cookie category

The cookie category is determined by the technology category of the host domain that sets the cookie. This technology category is then mapped to the following cookie category buckets:

  • Strictly necessary
  • Targeting/advertising
  • Performance
  • Functionality

For any technologies that are uncategorized or if you wish to question one of the categorizations, please reach out to your Sourcepoint account manager.


The type of cookie set by the vendor:

  • Persistent cookies store information in the user’s browser for a long time.
  • Session cookies generally expire when the browser closes.

Cookies must declare whether they are secure or non-secure within their values. If there is no secure flag, then the cookie is not encrypted.

If the cookie is secure, the cookie's confidentiality is protected from attackers. For cookies that store sensitive or personal information it is recommended at a minimum that secure cookies are used.


This detail dictates if the cookie is restricted to a first-party or same-site context. Use this field to ensure the cookie is shared in accordance with your organization's intentions.

  • None: the cookie will be sent in all contexts which includes cross-origin contexts.
  • Strict: the cookie will only be sent in a first-party context and not sent with requests initiated by third parties.
  • Lax: the cookie is not sent on normal cross-site requests except when the user is navigating to the origin website, (e.g. when following a link).

  Note: View this video for additional help on the Samesite cookie attribute. 

Cookie size The size of the cookie in bytes. Sourcepoint considers any cookie over 100 bytes to be large.
Cookie duration

Length of time from when the cookie was set to when it expires in days.

  Note: If field is blank, there is no expiry date set on the cookie and is persistent until the end-user resets the cookie in their browser. 

Host domain The host domain from which set the cookie.
Cookie domain The cookie domain from which set the cookie.

  Note: Download the cookie details for the vendor as a csv file by clicking the download icon in the upper right-hand corner.

Vendor details

The vendor details modal allows your organization to view specific information about the vendor. View the cookie details modal by clicking View under the Vendor Details column inline with a specific vendor.


From the modal, you organization can view vendor details such as the technology categorization of the vendor and the vendors privacy policy.


Select any website from under the Websites header to view the URLs where the vendor was observed.


Expand any Page URL to view the host domains associated with the vendor. Host domains are servers that are making network calls to your website that Sourcepoint has mapped to this vendor.


  Note: View even more information, including the full URL path used by the vendor by downloading the vendor detail as a csv file.  

Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.