All Vendors
dsp

StackAdapt

DSP platform with pre-consent activation patterns.

111 IOCs11 detections64% pre-consent10 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what StackAdapt discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

11 detections across 10 sites64% pre-consent activity
CRITICAL

Pre-Consent Activity

StackAdapt was observed loading and executing before user consent was obtained on 64% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

disclosure

HIGH
They Claim

Pending claims extraction

Observed Behavior

Runtime detection shows C09 (consent bypass)

Customer Impact

What This Means For You

Publishers using StackAdapt face consent timing liability when programmatic auctions begin before user authorization. Bid request data (URL, referrer, device fingerprint) transmitted to RTB ecosystem creates pre-consent exposure.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use StackAdapt

  • Audit StackAdapt initialization timing relative to consent collection
  • Implement consent-gated bid request triggering
  • Review programmatic partner contracts for consent compliance requirements

If You're Evaluating StackAdapt

  • Document pre-consent bid request transmission scope and data fields
  • Request technical controls to defer RTB participation until consent obtained
  • Obtain written confirmation of bid data retention and deletion procedures

Negotiation Leverage

  • Pre-consent bidding: Programmatic auctions begin before consent collection — require technical mechanism to defer bid requests until authorization.
  • Bid data retention: User data transmitted to RTB ecosystem persists — demand specific deletion timelines and third-party sharing restrictions.
  • SSP coordination: Bid requests propagate to dozens of platforms — require transparency on downstream data handling and deletion verification.
Runtime Detections

Runtime Detections

2 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C14Identity Resolution

PII deanonymization

IOC Manifest

IOC Manifest

111 INDICATORS

Indicators of compromise across 5 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/scattered-images/script.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/tile-reviews/script.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/bento-grid/script.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/video-overlay/script.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-includes/js/jquery/jquery-migrate.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/request-demo-form/script.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/themes/stackadapt/build/js/main.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/inc/blocks/request-demo-form-validation.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/video-overlay/view.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/content-tiles/view.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/bento-grid-item/view.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/tile-review/view.js*
Tracking script
EXFIL
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/reveal-graphic/view.js*
Data collection endpoint
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/sta-menu/view.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/scattered-images/view.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/mu-plugins/jetpack-15.4/_inc/build/sharedaddy/sharing.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/content-tile/view.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/marquee/view.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/bento-grid/view.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/sta-menu-item/view.js*
Tracking script
TRACK
*www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/tile-reviews/view.js*
Tracking script
TRACK
*tags.srv.stackadapt.com/events.js*
Tracking script
TRACK
tags.srv.stackadapt.com
Tracking script
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/sta-menu-item/view.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/sta-menu/view.js
Auto-extracted from scan
EXFIL
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/reveal-graphic/view.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/marquee/view.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/video-overlay/script.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/video-overlay/view.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/tile-review/view.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/tile-reviews/script.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/tile-reviews/view.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/bento-grid-item/view.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/bento-grid/script.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/bento-grid/view.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/scattered-images/script.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/scattered-images/view.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-includes/js/jquery/jquery-migrate.min.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/content-tile/view.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/content-tiles/view.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/build/request-demo-form/script.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/themes/stackadapt/build/js/main.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/plugins/stackadapt-blocks/inc/blocks/request-demo-form-validation.js
Auto-extracted from scan
TRACK
www.stackadapt.com/main/wp-content/mu-plugins/jetpack-15.4/_inc/build/sharedaddy/sharing.min.js
Auto-extracted from scan
TRACK
tags.srv.stackadapt.com/events.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

StackAdapt appears in programmatic advertising stacks alongside other DSPs (The Trade Desk, DV360, MediaMath), SSPs, and header bidding wrappers (Prebid.js). Common pattern: consent banner loads while bid requests already transmitted.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

111 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details