How This Briefing Works
This report opens with key findings, then maps the gaps between what Sitecore discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Analysis pending. Findings will appear here once intelligence collection is complete.
Disclosure Gaps
Claims vs. Observed Behavior
1 gaps
pending
UNKNOWN
They Claim
“Awaiting scanner verification”
Observed Behavior
Runtime beacon behavior, CDP data collection scope, and personalization execution not yet observed by BLACKOUT scanner
Customer Impact
What This Means For You
Organizations using Sitecore face significant vendor lock-in risk due to the platform's comprehensive scope across content management, CDP, personalization, commerce, and search. The unified customer profile that spans all these capabilities means migrating away from Sitecore requires disentangling deeply interconnected data relationships. The cross-channel CDP creates compliance complexity as consent must be managed across website, email, social media, customer service, and offline channels, with identity resolution stitching these into unified profiles that may contain data collected under different consent contexts. The FXM beacon's ability to extend tracking to non-Sitecore properties means the data collection footprint may exceed what compliance teams have mapped. Revenue risk stems from the concentration of personalization intelligence in a single vendor whose AI models influence what every visitor sees.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
Recommended Actions for Sitecore
- →- Audit the full scope of data sources feeding the Sitecore CDP and ensure each has a documented legal basis and consent mechanism. - Review FXM beacon deployments on non-Sitecore websites and verify tracking scope is disclosed and consented to on each property. - Assess the identity resolution system to understand what cross-channel data is being stitched into unified profiles and whether visitors are informed. - Evaluate the Reference Data service API access and determine which external systems are submitting or retrieving customer data. - Map the complete personalization decision chain to understand how cross-channel behavioral data influences what individual visitors see on your website.
Negotiation Leverage
- →When negotiating with Sitecore, request a complete data architecture diagram showing all data sources feeding the CDP, all external systems with Reference Data service access, and all properties where FXM beacons are deployed. Ask for documentation of the identity resolution methodology, including what data signals are used to stitch cross-channel profiles and what confidence thresholds govern identity merging. Key contractual protections should include comprehensive data portability for unified customer profiles (not just content), restrictions on Sitecore's use of aggregated behavioral data for AI model training or benchmarking, granular data deletion SLAs that cover all channel data (not just web), and audit rights to inspect cross-channel profile construction. Given the platform's scope, negotiate exit provisions that include data migration support and transitional access periods to prevent lock-in from becoming a leverage point at renewal.
IOC Manifest
IOC Manifest
95 INDICATORS
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*www.sitecore.com/_next/static/chunks/webpack-*.js*
Tracking script
TRACK
*www.sitecore.com/_next/static/chunks/framework-*.js*
Tracking script
TRACK
*www.sitecore.com/_next/static/chunks/pages/_app-*.js*
Tracking script
TRACK
*www.sitecore.com/_next/static/chunks/main-*.js*
Tracking script
TRACK
*www.sitecore.com/_next/static/chunks/942-*.js*
Tracking script
TRACK
*www.sitecore.com/_next/static/chunks/pages/%5B%5B...path%5D%5D-*.js*
Tracking script
TRACK
*www.sitecore.com/_next/static/HfrPTmGFIriy7o2NDQsJe/_ssgManifest.js*
Tracking script
TRACK
*www.sitecore.com/_next/static/HfrPTmGFIriy7o2NDQsJe/_buildManifest.js*
Tracking script
TRACK
*www.sitecore.com/_next/static/chunks/127-*.js*
Tracking script
TRACK
*www.sitecore.com/_next/static/chunks/531-*.js*
Tracking script
TRACK
*www.sitecore.com/cdn-cgi/challenge-platform/scripts/jsd/main.js*
Tracking script
TRACK
*www.sitecore.com/_next/static/chunks/862.*.js*
Tracking script
TRACK
*www.sitecore.com/_vercel/insights/script.js*
Tracking script
TRACK
*www.sitecore.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/*/main.js*
Tracking script
EXFIL
*www.sitecore.com/_next/data/HfrPTmGFIriy7o2NDQsJe/en/platform/content-management-system.json*
Data collection endpoint
EXFIL
*www.sitecore.com/_next/data/HfrPTmGFIriy7o2NDQsJe/en/platform.json*
Data collection endpoint
EXFIL
*www.sitecore.com/_next/data/HfrPTmGFIriy7o2NDQsJe/en/platform/content-operations.json*
Data collection endpoint
EXFIL
*www.sitecore.com/_next/data/HfrPTmGFIriy7o2NDQsJe/en/platform/conversion-optimization.json*
Data collection endpoint
EXFIL
*www.sitecore.com/_next/data/HfrPTmGFIriy7o2NDQsJe/en/solutions/analyst-reports/the-forrester-wave-digital-experience-platforms.json*
Data collection endpoint
EXFIL
*www.sitecore.com/_next/data/HfrPTmGFIriy7o2NDQsJe/en/platform/audiences-and-intelligence.json*
Data collection endpoint
EXFIL
*www.sitecore.com/_next/data/HfrPTmGFIriy7o2NDQsJe/en/request-a-demo.json*
Data collection endpoint
EXFIL
*www.sitecore.com/_next/data/HfrPTmGFIriy7o2NDQsJe/en/platform/commerce.json*
Data collection endpoint
EXFIL
*www.sitecore.com/_next/data/HfrPTmGFIriy7o2NDQsJe/en.json*
Data collection endpoint
EXFIL
*www.sitecore.com/_next/data/HfrPTmGFIriy7o2NDQsJe/en/platform/digital-asset-management.json*
Data collection endpoint
EXFIL
*www.sitecore.com/_next/data/HfrPTmGFIriy7o2NDQsJe/en/company/contact-us.json*
Data collection endpoint
EXFIL
*www.sitecore.com/_next/data/HfrPTmGFIriy7o2NDQsJe/en/legal.json*
Data collection endpoint
EXFIL
*www.sitecore.com/_next/data/HfrPTmGFIriy7o2NDQsJe/en/legal/privacy-policy.json*
Data collection endpoint
EXFIL
*www.sitecore.com/_next/data/HfrPTmGFIriy7o2NDQsJe/en/legal/your-privacy-choices.json*
Data collection endpoint
TRACK
www.sitecore.com/_next/static/chunks/webpack-5638fd5d976d6cd0.js
Auto-extracted from scan
TRACK
www.sitecore.com/_next/static/chunks/framework-ec390f29f6045905.js
Auto-extracted from scan
TRACK
www.sitecore.com/_next/static/chunks/main-0d4a20b9382f49c4.js
Auto-extracted from scan
TRACK
www.sitecore.com/_next/static/chunks/pages/_app-0204666a276eaeae.js
Auto-extracted from scan
TRACK
www.sitecore.com/_next/static/chunks/942-46d29ee201bfed53.js
Auto-extracted from scan
TRACK
www.sitecore.com/_next/static/chunks/127-a0410bf8d284d24a.js
Auto-extracted from scan
TRACK
www.sitecore.com/_next/static/chunks/531-2dc8637f4715bf34.js
Auto-extracted from scan
TRACK
www.sitecore.com/_next/static/chunks/pages/%5B%5B...path%5D%5D-45fd588c541b4552.js
Auto-extracted from scan
TRACK
www.sitecore.com/_next/static/HfrPTmGFIriy7o2NDQsJe/_buildManifest.js
Auto-extracted from scan
TRACK
www.sitecore.com/_next/static/HfrPTmGFIriy7o2NDQsJe/_ssgManifest.js
Auto-extracted from scan
TRACK
www.sitecore.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Auto-extracted from scan
TRACK
www.sitecore.com/_next/static/chunks/862.15353dcaea3f5dc4.js
Auto-extracted from scan
TRACK
www.sitecore.com/_vercel/insights/script.js
Auto-extracted from scan
TRACK
www.sitecore.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
Sitecore operates as a hub in the enterprise martech ecosystem. The CDP integrates with email marketing, social media, customer service, and offline data sources for unified profile construction. Sitecore Personalize supports edge-side delivery through CDN integration. The Reference Data service provides API-based data exchange with external systems. FXM extends tracking to non-Sitecore websites. The platform integrates with Google Analytics through connector tools, and the broader Sitecore ecosystem includes commerce, search, content hub, and DAM capabilities that share the unified customer profile. Sitecore's Azure-native architecture enables integration with Microsoft ecosystem tools and services. Third-party implementation partners (Americaneagle, EPAM, Velir, Konabos) extend the integration surface through custom connectors and data flows.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
95 detection signatures across scripts, domains, cookies, and network endpoints