How This Briefing Works
This report opens with key findings, then maps the gaps between what Vitally discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Key Findings
1 detection across 1 site
Disclosure Gaps
Claims vs. Observed Behavior
1 gaps
Pending Analysis
UNKNOWN
They Claim
“Claims extraction pending”
Observed Behavior
CDT analysis needed to assess deployed tag configuration
Customer Impact
What This Means For You
No measurable behavioral risk from current detection data. Tag managers are neutral infrastructure whose risk depends on configuration. Runtime analysis reveals which third-party vendors are deployed through the tag manager.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
If You Use Vitally
- →audit tag manager configuration for undeclared vendors
If You're Evaluating Vitally
- →recon investigation to assess deployed tag inventory
Negotiation Leverage
- →Baseline detection only — tag managers are infrastructure vendors
- →Risk depends on what vendors are deployed through the tag manager
- →Audit tag configuration for undeclared third-party code execution
IOC Manifest
IOC Manifest
19 INDICATORS
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
No indicators in this category
Ecosystem
Ecosystem & Supply Chain
Vitally operates in the tag management ecosystem. Tag managers are infrastructure — their risk profile depends entirely on what vendors they load.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
19 detection signatures across scripts, domains, cookies, and network endpoints