Analytics analytics_storage

Adobe Analytics — consent fix

Adobe Analytics (omtrdc.net / data.adobedc.net) loads before consent. s_vi (Adobe visitor ID, 2 years) and demdex (Adobe Audience Manager cross-site tracking, 180 days) are set before consent. demdex.net is particularly high-risk: it is a cross-domain tracking cookie from Adobe Audience Manager that tracks visitor behaviour across multiple sites.

Domains

  • omtrdc.net
  • 2o7.net
  • sc.omtrdc.net
  • data.adobedc.net
  • demdex.net
  • adobedc.net

Cookies

  • s_fid
  • s_cc
  • s_sq
  • s_vi
  • demdex
  • dextp

Upon loading, Adobe Analytics immediately sets the s_vi cookie (valid for 2 years). Often, the infamous demdex cookie (valid for 180 days) from Adobe Audience Manager is also set. While s_vi tracks your visitors within your own site, demdex is used for cross-site tracking and building profiles across multiple websites. If these cookies are set before the visitor has given consent via the cookie banner, you are committing a serious GDPR violation.

Why Adobe Analytics loads too early

Adobe Analytics is a complex enterprise package. It is usually loaded via Adobe Launch or Google Tag Manager (GTM). Because it is a heavy system, administrators often set the tags to fire as early as possible ("Page Top" or "All Pages") to avoid missing data. In doing so, the check with the Cookie Management Platform (CMP) is often "forgotten".

The Fix: Make Adobe Analytics GDPR-compliant

The solution depends on how you load Adobe Analytics onto your website. There is a path via GTM and a path via Adobe Launch.

Important: In your CMP, always categorise the domain demdex.net as marketing/cross-site tracking (marketing_storage), and omtrdc.net or data.adobedc.net as statistics (analytics_storage).

1. The GTM route (Exception Triggers)

If you load Adobe via GTM, you must prevent the tags from firing without consent.

  1. Open your Adobe Analytics Tags in GTM.
  2. Go to the Triggering section.
  3. Click Add Exception.
  4. Click the + icon, choose trigger type Custom Event, name .* (with regular expression checked).
  5. Set the condition: Consent State — analytics_storage does not equal granted.
  6. Save. Do you have components that load Audience Manager (demdex)? Then add an exception for marketing_storage to those specific tags.

2. The Adobe Launch route

Do you use Adobe Launch (Tags in Adobe Experience Platform)?

  • Best option: Install the 'Adobe Privacy' extension. This extension can manage the Adobe Opt-in service (Opt.fetchPermissions()).
  • Manual option: Add a 'Condition' to the Rule that loads Adobe Analytics. This Condition must check whether your CMP has registered the necessary consent (for example, by reading a specific cookie or data layer variable).

3. The Native Opt-in Service (Code)

Do you have the script hardcoded on the website? Then use the Adobe ECID Opt-in Service:

Opt.fetchPermissions(function() {
  // Adobe is allowed to load
}, true); // true = wait for consent

How to Verify the Fix

Use your browser's Network tab to monitor the requests.

  1. Open your website in an incognito window.
  2. Ignore the cookie banner (do not click anything).
  3. Open Developer Tools (F12) and navigate to the Network tab.
  4. Search for omtrdc.net, demdex.net, and data.adobedc.net. Absolutely no data should be sent to these domains.

Not sure if the fix worked, or want to verify that no other scripts are leaking data? Run a free scan with ConsentChecker.eu for instant confirmation.

Sources

No CMP yet?

A Cookie Management Platform (CMP) handles consent automatically for Adobe Analytics and other trackers — including the correct GTM integration.

Cookiebot → CookieYes → CookieFirst → Complianz → Borlabs Cookie → Enzuzo → ConsentOS →

Check your own site

Scan your website for free to see if Adobe Analytics (or other trackers) loads before consent.

Start free scan →