All Vendors
cmp

Iubenda

Iubenda is an Italian consent management platform serving 150,000+ organizations, primarily SMBs. As a CMP, it deploys JavaScript on client sites to manage consent banners, cookie blocking, and consent record storage. No behavioral threat indicators observed from scanner data — awaiting runtime verification. CMP category carries inherent Counselor risk: consent infrastructure that fails silently can invalidate the compliance posture of every downstream vendor on the page.

74 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Iubenda discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

Pending Analysis

UNKNOWN
They Claim

Claims extraction pending

Observed Behavior

No runtime behavioral analysis completed. CDT browser forensics needed to verify: (1) cookie blocking completeness before consent, (2) TCF string accuracy and distribution, (3) pre-consent network requests by Iubenda's own JavaScript, (4) consent database data sharing practices, (5) whether Iubenda's scripts set any tracking identifiers of their own.

Customer Impact

What This Means For You

Organizations deploying Iubenda trust it as the single point of consent truth. If Iubenda's cookie blocking is incomplete, the site operator bears regulatory liability for every vendor that fires without consent — not Iubenda. CMP failures are invisible to the site operator without independent scanning. The consent database creates a compliance dependency: if Iubenda's records are incomplete or inaccurate, proof of consent evaporates during regulatory inquiry. SMB customers typically lack the technical sophistication to audit CMP behavior independently.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Iubenda

  • Verify Iubenda's cookie blocking completeness with independent scanner analysis
  • Audit TCF string generation for accuracy against actual consent choices
  • Review Iubenda's own network requests for pre-consent data collection
  • Confirm consent database records match actual visitor interactions

If You're Evaluating Iubenda

  • Independent CMP audit to verify consent signal integrity
  • Compare Iubenda's blocked vendor list against actual network requests
  • Assess whether consent database integrations (Zapier) create unintended data flows

Negotiation Leverage

  • CMP integrity is foundational — if Iubenda fails, every vendor on the page fires without valid consent and the site operator bears liability
  • 150,000+ organization install base means consent pattern data has aggregate intelligence value
  • SMB focus means most customers cannot independently verify CMP behavior
  • Consent database integrations (Zapier, CRM syncs) may create data flows beyond stated privacy purposes
  • Request independent verification of cookie blocking completeness before renewal
IOC Manifest

IOC Manifest

74 INDICATORS

Indicators of compromise across 5 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.iubenda.com/wp-includes/js/dist/script-modules/interactivity/index.js*
Tracking script
TRACK
*www.iubenda.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.js*
Tracking script
TRACK
www.iubenda.com/wp-includes/js/dist/script-modules/interactivity/index.min.js
Auto-extracted from scan
TRACK
www.iubenda.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Iubenda operates as consent gating infrastructure for SMB websites, particularly in the EU market. The platform integrates with WordPress, Shopify, and major CMS platforms via plugins. It manages TCF v2.2 signals consumed by Google Ads, ad exchanges, and analytics vendors. Iubenda's consent database connects with marketing automation tools via Zapier integrations, enabling consent records to flow into CRM and email platforms. As a CMP, Iubenda sits at the chokepoint between visitors and every other vendor on the page — its consent decisions determine which tracking activates.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

74 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details