All Vendors
tag_manager

Tolt

Tag manager with pre-consent activation patterns.

40 IOCs9 detections56% pre-consent6 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Tolt discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

9 detections across 6 sites56% pre-consent activity
CRITICAL

Pre-Consent Activity

Tolt was observed loading and executing before user consent was obtained on 56% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

disclosure

HIGH
They Claim

Pending claims extraction

Observed Behavior

Runtime detection shows C09 (consent bypass)

Customer Impact

What This Means For You

Revenue teams using Tolt face consent timing liability when tag container executes before user authorization. Pre-consent activation affects ALL managed tags (analytics, advertising, personalization), creating systemic consent compliance exposure.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Tolt

  • Audit Tolt container loading sequence relative to consent collection
  • Implement consent-gated tag firing rules for all managed tags
  • Review tag approval workflow to prevent unauthorized tag additions

If You're Evaluating Tolt

  • Document pre-consent tag execution scope and affected vendors
  • Request technical controls to defer container initialization until consent obtained
  • Obtain tag firing audit logs to verify consent compliance

Negotiation Leverage

  • Pre-consent execution: Tag container loads before consent collection — require technical mechanism to defer ALL tag firing until authorization.
  • Tag governance: Container enables third-party additions without oversight — demand approval workflow and quarterly tag audits.
  • Consent integration: Native consent management integration required to ensure all tags respect user choices.
Runtime Detections

Runtime Detections

1 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C09Consent Bypass

Ignoring CMP signals

IOC Manifest

IOC Manifest

40 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*cdn.tolt.io/tolt.js*
Tracking script
TRACK
*cdp.tolt.io/v1.1/rudder-analytics.js*
Tracking script
TRACK
*cdp.tolt.io/v1.1/js-integrations/GoogleTagManager.js*
Tracking script
TRACK
*cdp.tolt.io/v1.1/js-integrations/Posthog.js*
Tracking script
TRACK
*posthog.tolt.io/static/array.js*
Tracking script
TRACK
*posthog.tolt.io/array/phc_fuTqpp9nlZmgAug2gdEYvCeFOzVxTKladVCVsOeTzeI/config.js*
Tracking script
TRACK
*posthog.tolt.io/static/surveys.js*
Tracking script
TRACK
cdn.tolt.io
Tracking script
TRACK
cdn.tolt.io/tolt.js
Auto-extracted from scan
TRACK
cdp.tolt.io/v1.1/rudder-analytics.min.js
Auto-extracted from scan
TRACK
cdp.tolt.io/v1.1/js-integrations/Posthog.min.js
Auto-extracted from scan
TRACK
cdp.tolt.io/v1.1/js-integrations/GoogleTagManager.min.js
Auto-extracted from scan
TRACK
posthog.tolt.io/static/array.js
Auto-extracted from scan
TRACK
posthog.tolt.io/array/phc_fuTqpp9nlZmgAug2gdEYvCeFOzVxTKladVCVsOeTzeI/config.js
Auto-extracted from scan
TRACK
posthog.tolt.io/static/surveys.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Tolt competes with Google Tag Manager, Adobe Launch, Tealium, and Segment. Common pattern: tag manager loads synchronously while consent banner still rendering, enabling all tags to fire immediately.
Loaded By (1)
Reachinbox
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

40 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details