All Vendors
cmp

Usercentrics

Usercentrics is the largest CMP conglomerate in the market — parent company of Cookiebot, Google Gold Tier CMP Partner, and TCF 2.2 certified — positioning itself as the consent infrastructure layer between websites and the advertising ecosystem. Academic research consistently shows CMPs fail to block trackers before consent on 60-84% of sites, and Usercentrics's deep Google integration makes it a consent-to-ad-revenue translation engine by design.

171 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Usercentrics discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

4 gaps

pending

UNKNOWN
They Claim

Awaiting scanner verification

Observed Behavior

No scanner data available for Usercentrics runtime behavior

incentive_alignment

HIGH
They Claim

Google Gold Tier CMP Partner ensures compliance

Observed Behavior

Google Consent Mode v2 triggers behavioral modeling even on consent decline, preserving ad data flow

market_concentration

MEDIUM
They Claim

Privacy-first consent management

Observed Behavior

Cookiebot acquisition concentrated consent infrastructure control across enterprise and SMB markets

Customer Impact

What This Means For You

Organizations deploying Usercentrics/Cookiebot face a structural compliance gap: the CMP is designed to translate consent into advertising signals, not enforce data minimization. Google Consent Mode v2 integration means even declined consent generates behavioral modeling data for Google — your "privacy tool" ensures Google's ad infrastructure continues to function regardless of user choice. The 60-84% pre-consent tracking failure rate documented in academic research means deploying a CMP does not guarantee compliance — it may instead create false confidence that regulators will not share. For organizations in regulated industries, a CNIL-style enforcement action (Google fined EUR100M, Amazon EUR50M for pre-consent cookie setting) becomes more likely when the CMP creates a compliance veneer without actual enforcement. The Cookiebot/Usercentrics market concentration means switching costs are high: migrating consent records, reconfiguring TCF vendor lists, and re-establishing Google CMP Partner integration creates vendor lock-in that benefits Usercentrics at the expense of competitive evaluation.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for Usercentrics

  • Conduct independent runtime verification: scan your own site to confirm whether trackers fire before Usercentrics/Cookiebot consent resolution — do not rely on the CMP's self-reported compliance status.\n2. Evaluate Google Consent Mode configuration: determine whether Advanced Mode (tags fire before consent) or Basic Mode (tags blocked until consent) is active, and switch to Basic Mode if actual consent enforcement is required.\n3. Audit TCF vendor list: inventory every vendor receiving consent strings from your Usercentrics implementation and verify each has a documented data processing relationship with your organization.\n4. Review Cookiebot scanning data: understand what technology inventory data is generated by automated scans of your site and whether this data is retained or aggregated by Usercentrics.\n5. Assess CMP independence: evaluate whether your consent infrastructure should be provided by a Google Gold Tier Partner whose commercial incentives are aligned with advertising data flow rather than data minimization.

Negotiation Leverage

  • Usercentrics/Cookiebot's primary negotiation vulnerability is the structural conflict between CMP revenue (driven by customer retention and advertising ecosystem integration) and actual consent enforcement. Reference the academic research showing 60-84% pre-consent tracking failure rates and demand contractual SLA commitments for consent enforcement accuracy with independent verification. Challenge the Google Gold Tier certification as a compliance credential — it certifies integration quality with Google's advertising infrastructure, not privacy protection effectiveness. Demand transparency on Cookiebot scanning data: what technology inventory intelligence is generated from your site, how long it is retained, and whether it feeds aggregate products. Negotiate for Basic Consent Mode as the contractual default, with Advanced Mode requiring explicit written authorization from your DPO. Use the Cookiebot acquisition to negotiate pricing: the SMB-to-enterprise migration path creates lock-in that should be reflected in pricing concessions. If Usercentrics cannot contractually guarantee pre-consent tracker blocking with independent audit rights, this is material information for your DPA and regulatory risk assessment.
IOC Manifest

IOC Manifest

171 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/chunks/lz-string-UNqkxtPb.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/chunks/audit-crawler-DTeHBpeY.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/chunks/fluent-forms-utils-BeI-xV9A.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/chunks/email-validation-Ds1dpLqe.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/chunks/swipe-detector-D9vXI8yn.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/chunks/geolocation-RFv2FopN.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/chunks/js.cookie-C2b7Ongr.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/js/animate-cards-bottom.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/js/main.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/js/track-events.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/js/wp-plugin-link.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/js/embed.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/js/track-utm.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/js/account-links.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/js/home-page-sticky-cta.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/search-page-form/js/search-page-form.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/dropdown-currencies/js/dropdown-currencies.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/resources-card/js/resources-card.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/components/blocks/testimonial-slider/js/testimonial-slider.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/oembed/js/oembed.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/components/blocks/hero-product/js/hero-product.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/field/js/field.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/modal/js/modal-template-us-redirect.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/footer/js/footer.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/components/blocks/solutions-cards/js/solutions-cards.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/newsletter-form/js/newsletter-form.js*
Tracking script
TRACK
*usercentrics.com/wp-content/themes/usercentrics/dist/js/lib-dotlottie-player.js*
Tracking script
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/chunks/audit-crawler-DTeHBpeY.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/chunks/email-validation-Ds1dpLqe.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/chunks/fluent-forms-utils-BeI-xV9A.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/chunks/geolocation-RFv2FopN.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/chunks/js.cookie-C2b7Ongr.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/chunks/lz-string-UNqkxtPb.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/chunks/swipe-detector-D9vXI8yn.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/js/track-events.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/js/track-utm.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/js/account-links.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/js/embed.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/js/main.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/js/animate-cards-bottom.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/js/wp-plugin-link.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/js/home-page-sticky-cta.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/search-page-form/js/search-page-form.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/field/js/field.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/modal/js/modal-template-us-redirect.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/components/blocks/hero-product/js/hero-product.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/components/blocks/solutions-cards/js/solutions-cards.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/components/blocks/testimonial-slider/js/testimonial-slider.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/oembed/js/oembed.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/resources-card/js/resources-card.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/footer/js/footer.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/newsletter-form/js/newsletter-form.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/components/templates/dropdown-currencies/js/dropdown-currencies.js
Auto-extracted from scan
TRACK
usercentrics.com/wp-content/themes/usercentrics/dist/js/lib-dotlottie-player.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Usercentrics/Cookiebot operates the largest consent infrastructure network in the CMP market. Primary integrations: Google Ads, Google Analytics 4, Google Tag Manager, Google Ad Manager, Google AdSense, Google AdMob (all via Gold Tier CMP Partner status and Consent Mode v2). IAB TCF v2.2 integration connects to the entire programmatic advertising vendor ecosystem. Platform distribution spans WordPress (Cookiebot plugin), Shopify, Magento, WPEngine, and enterprise SDK deployments. The 2021 Cookiebot acquisition unified enterprise (Usercentrics) and SMB (Cookiebot) consent management under one entity. Microsoft Clarity integration for session replay consent. Additional consent framework support for non-TCF Google Ad Tech Providers via addtl_consent parameter. The combined entity serves as the primary consent translation layer between website visitors and the global advertising supply chain.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

171 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details