All Vendors
tag_manager

Optimizely

Experimentation platform with session recording, cross-domain tracking, and pre-consent visitor assignment to test cohorts.

197 IOCs16 detections75% pre-consent13 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Optimizely discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

16 detections across 13 sites75% pre-consent activity
CRITICAL

Pre-Consent Activity

Optimizely was observed loading and executing before user consent was obtained on 75% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

disclosure

HIGH
They Claim

Pending claims extraction

Observed Behavior

Moderate Broker (65) and Counselor (70) scores indicate data sharing and consent violations. Privacy policy likely lacks disclosure of cross-domain tracking and pre-consent cohort assignment.

Customer Impact

What This Means For You

Product and marketing teams lose A/B testing capabilities if Optimizely is removed. Experimentation velocity declines without infrastructure for controlled testing. Personalization features may degrade. However, retention creates exposure: regulatory complaints for pre-consent cohort assignment, cross-domain tracking creating expanded consent liability, potential measurement bias if consent rates differ across test variants.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Optimizely

  • Implement consent gate before Optimizely experimentation activates
  • Audit cross-domain tracking scope and visitor identifier persistence
  • Review Data Processing Agreement for experiment data retention and third-party sharing
  • Confirm privacy policy discloses visitor cohort assignment and cross-domain tracking

If You're Evaluating Optimizely

  • Defer Optimizely scripts until post-consent confirmation
  • Assess server-side experimentation alternatives to reduce client-side tracking exposure
  • Require vendor documentation on consent-aware experiment assignment capabilities
  • Consider whether cross-domain tracking is necessary or can be eliminated

Negotiation Leverage

  • Optimizely contract should specify experiment data retention limits - negotiate deletion after statistical significance achieved
  • Cross-domain tracking requires additional consent under ePrivacy - confirm Optimizely supports domain-scoped experiments
  • Request evidence of consent-aware experimentation capabilities that preserve statistical validity
  • Demand technical controls for visitor identifier lifespan limits and cross-domain sync opt-out
Runtime Detections

Runtime Detections

4 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C07Session Recording

Full session replay

BTI-C08Cross-Domain Sync

Identity stitching

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C13Persistence Mechanisms

Long-lived identifiers

IOC Manifest

IOC Manifest

197 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*learn.optimizely.com/v2/8yoUTdBkNwpVOLCXeZpKdw/zaius-min.js*
Tracking script
TRACK
*www.optimizely.com/assets/preload-helper-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/use-motion-value-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/floating-ui.dom-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/home.component-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/_grid-overlay-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/integrations.component-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/useMouseHovered-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/opti-grid.component-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/useRafState-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/media.component-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/text.component-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/index-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/useWindowSize-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/optiforms.component-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/resolve-element-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/use-in-view-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/entry-client-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/useMouse-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/use-animation-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/use-scroll-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/use-transform-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/use-spring-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/motion-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/vidstack-BMPqs-oi-*.js*
Tracking script
TRACK
*cdn.optimizely.com/public/*/s/home.js*
Tracking script
TRACK
*cdn.optimizely.com/js/*.js*
Tracking script
TRACK
*www.optimizely.com/Util/EPiServer.Forms/EPiServerForms.js*
Tracking script
TRACK
*www.optimizely.com/Util/EPiServer.Forms/jquery-3.5.1.js*
Tracking script
TRACK
*www.optimizely.com/ClientResources/scripts/optimizely-form-container-events.js*
Tracking script
TRACK
*www.optimizely.com/Util/EPiServer.Forms.Samples/js/EPiServerFormsSamples.js*
Tracking script
TRACK
*www.optimizely.com/assets/cookie-consent.component-*.js*
Tracking script
TRACK
*www.optimizely.com/scripts/RecaptchaV3ElementBlock.js*
Tracking script
TRACK
*www.optimizely.com/assets/icon.component-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/useOutsideClick-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/logo-grid.component-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/primary-footer.component-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/ssr-window.esm-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/vidstack-CNjv_Zem-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/button-block.component-*.js*
Tracking script
TRACK
*www.optimizely.com/Util/EPiServer.Forms.Samples/jquery-ui/jquery-ui.js*
Tracking script
TRACK
*www.optimizely.com/assets/hero-home.component-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/navigation.component-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/sticky-panels.component-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/arrowRight-*.js*
Tracking script
TRACK
*www.optimizely.com/assets/index.es-*.js*
Tracking script
TRACK
*www.optimizely.com/contentassets/*/homepage-hero_v3.json*
Tracking script
TRACK
cdn.optimizely.com
Tracking script
TRACK
cdn.optimizely.com/js/26942930964.js
Auto-extracted from scan
TRACK
learn.optimizely.com/v2/8yoUTdBkNwpVOLCXeZpKdw/zaius-min.js
Auto-extracted from scan
TRACK
cdn.optimizely.com/public/26942930964/s/home.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/entry-client-121d108e.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/index-835a4768.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/preload-helper-101896b7.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/home.component-e334f0c6.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/_grid-overlay-c219ebdd.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/useMouseHovered-a7416d41.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/useRafState-df33f303.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/useMouse-80a323fb.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/use-animation-0a31a34c.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/motion-40460707.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/use-in-view-354d1d43.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/resolve-element-fd57b861.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/index-95a4dd69.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/use-motion-value-3f8f1f4a.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/use-spring-fd222d38.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/use-scroll-e856cbd4.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/use-transform-188a12df.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/vidstack-BMPqs-oi-c643bb2c.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/floating-ui.dom-67326cb5.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/useWindowSize-5569fed6.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/opti-grid.component-43ac5319.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/text.component-54710bd1.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/media.component-f032c6b5.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/integrations.component-82205abf.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/optiforms.component-b929fb0f.js
Auto-extracted from scan
TRACK
www.optimizely.com/Util/EPiServer.Forms/jquery-3.5.1.min.js
Auto-extracted from scan
TRACK
www.optimizely.com/Util/EPiServer.Forms/EPiServerForms.min.js
Auto-extracted from scan
TRACK
www.optimizely.com/ClientResources/scripts/optimizely-form-container-events.js
Auto-extracted from scan
TRACK
www.optimizely.com/Util/EPiServer.Forms.Samples/jquery-ui/jquery-ui.min.js
Auto-extracted from scan
TRACK
www.optimizely.com/Util/EPiServer.Forms.Samples/js/EPiServerFormsSamples.js
Auto-extracted from scan
TRACK
www.optimizely.com/scripts/RecaptchaV3ElementBlock.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/navigation.component-cbd64be8.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/button-block.component-8d766da7.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/icon.component-7aa0a79b.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/hero-home.component-9c8da8f7.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/logo-grid.component-addee759.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/vidstack-CNjv_Zem-4e56777a.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/sticky-panels.component-03e3e71a.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/primary-footer.component-7f58fe01.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/useOutsideClick-8b696677.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/ssr-window.esm-8e29a61f.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/cookie-consent.component-229e8f00.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/arrowRight-6841cc0b.js
Auto-extracted from scan
TRACK
www.optimizely.com/assets/index.es-03246ceb.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Optimizely integrates with analytics platforms, personalization engines, and marketing automation systems. Experiment results flow to data warehouses for cross-platform analysis. Often deployed with complementary tracking vendors that benefit from shared visitor cohort assignments.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

197 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details