All Vendors
dsp

TradeDesk

TradeDesk operates as a demand-side platform with maximum signal corruption and competitive subsidization risks. Cross-domain tracking, behavioral biometrics, session replay, persistence, and consent bypass create unlimited legal exposure. The 100% CAC subsidization score reflects visitor data feeding programmatic ad exchanges where competitors bid on your audience.

58 IOCs45 detections49% pre-consent36 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what TradeDesk discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

45 detections across 36 sites49% pre-consent activity
HIGH

Pre-Consent Activity

TradeDesk was observed loading and executing before user consent was obtained on 49% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Requires claims extraction via CDT

Observed Behavior

Runtime evidence confirms C01/C06/C07/C08/C09/C10/C15 activation

Customer Impact

What This Means For You

Marketing spend builds competitor targeting infrastructure. Visitor behavioral data feeds programmatic exchanges where competitors purchase access to audience segments, intent signals, and cross-domain profiles. Legal holds 100% exposure risk from consent bypass and cross-domain tracking. Tag manager deploys tracking beyond your control.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use TradeDesk

  • Immediate audit of TradeDesk audience segment configurations
  • Legal review of DSP data sharing agreements
  • Map all dynamically deployed tags via C15
  • Notify DPO of consent bypass and cross-domain tracking

If You're Evaluating TradeDesk

  • Contextual advertising without behavioral tracking
  • First-party audience segments with zero data sharing
  • Consent-compliant programmatic alternatives

Negotiation Leverage

  • TradeDesk creates unlimited legal liability through consent bypass and cross-domain tracking
  • 100% CAC subsidization means audience data trains competitor targeting
  • Tag manager deploys tracking beyond contractual control
  • Programmatic exchanges enable competitor access to your audience segments
  • Removal or complete isolation required for GDPR compliance
Runtime Detections

Runtime Detections

7 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Bypasses consent controls to capture data regardless of user preferences

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Captures unique behavioral patterns for audience segmentation

BTI-C07Session Recording

Full session replay

Impact: Records visitor sessions for behavioral profiling

BTI-C08Cross-Domain Sync

Identity stitching

Impact: Tracks visitors across multiple domains for unified audience profiles

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Activates before consent mechanisms, defeating privacy controls

BTI-C10Fingerprinting

Device identification

Impact: Creates persistent visitor profiles for cross-platform targeting

BTI-C15Tag Manager

Container/loader (neutral)

Impact: Deploys additional tracking tags dynamically, expanding surveillance footprint

IOC Manifest

IOC Manifest

45 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.thetradedesk.com/dist/main-DnfKHyVi.js*
Tracking script
TRACK
*pages.thetradedesk.com/js/forms2/js/forms2.js*
Tracking script
TRACK
*pages.thetradedesk.com/index.php/form/getForm*
Tracking script
TRACK
js.adsrvr.org
Tracking script
TRACK
pages.thetradedesk.com/js/forms2/js/forms2.min.js
Auto-extracted from scan
TRACK
www.thetradedesk.com/dist/main-DnfKHyVi.js
Auto-extracted from scan
TRACK
pages.thetradedesk.com/index.php/form/getForm
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

TradeDesk integrates with hundreds of ad exchanges, data brokers, and publisher networks. Visitor data flows to programmatic exchanges where all advertisers including competitors bid on audience segments derived from YOUR traffic. Tag management enables dynamic deployment of third-party tracking beyond contractual control.
Loaded By (6)
GoogletagmanagerAmplitudePubmaticBizibleTealiumiqEnsighten
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

58 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details