Open navigation menu
RTB cookie syncing: what it means and how to review it
RTB cookie syncing is an adtech behavior where advertising or identity systems appear to share or match identifiers across domains. To review it, inspect the request and vendor evidence, the timing of the activity, and whether the behavior appears before or after a recorded consent choice. CertScore.ai automates this review by observing public website requests, vendor context, cookie or identifier-related telemetry, and supporting evidence. The result is a higher-signal business review cue, not a legal conclusion.
Run a free website behavior scan
Check observable tracking, cookies, consent, accessibility, and privacy risk signals.
What CertScore observes
CertScore.ai reviews observed request hosts, URL patterns, vendor categories, redirect-like behavior, and known advertising or identity endpoints.
The scan does not claim to know every downstream use of an identifier. It surfaces evidence that a team should review with its advertising, consent, and vendor-management owners.
Why it matters
Identifier-sharing behavior can be more sensitive than a simple cookie inventory because it may indicate cross-domain advertising or measurement flows.
Review the evidence for request timing, vendor purpose, user-consent state, and whether the behavior is expected for the scanned surface.
Sample finding JSON from scans
Representative payloads from retained scan examples for the finding types discussed on this page.
Adtech identity sync-like request observed
rtb_cookie_sync_observed
Illustrative public evidence sample
Adtech identity sync-like request observed
rtb_cookie_sync_observed
Illustrative public evidence sample
{
"finding_id": "rtb_cookie_sync_observed",
"finding_label": "Adtech identity sync-like request observed",
"category": "Third-party tracking",
"criticality": "high",
"evidenceConfidence": "review_signal",
"directVsInferred": "direct_observation",
"observed": "Retained network evidence showed adtech, RTB, sync, match, redirect, or identifier-like request patterns that may be relevant to cookie/tracker, advertising, consent, transparency, sale/share, and vendor-governance review.",
"evidence": {
"summary": "Retained network evidence showed adtech, RTB, sync, match, redirect, or identifier-like request patterns that may be relevant to cookie/tracker, advertising, consent, transparency, sale/share, and vendor-governance review.",
"examples": [
{
"title": "Adtech sync request example",
"lines": [
"artifact=req_003",
"role=finding_supporting_artifact",
"url=https://example.com/",
"request_origin=https://sync.ads.example",
"request_path=/user_sync [query_redacted=true]",
"resource_type=image_or_redirect",
"vendor_category=adtech_or_exchange",
"detected_pattern=identity_sync_like_request",
"identifier_like_keys=uid, partner_id [values_redacted=true]",
"timestamp_ms=2860",
"review_caveat=manual review should confirm endpoint purpose, identifier scope, consent timing, redirects, jurisdiction, and server-side behavior"
]
}
],
"automationLimits": [
"Automated network evidence does not confirm cookie syncing, infer a complete identity graph, or determine personal identity.",
"Manual review is needed to confirm endpoint purpose, identifier scope, consent timing, and server-side behavior."
]
},
"evidenceVersion": "2.0",
"scanContext": {
"domain": "example.com",
"requestedUrl": "https://example.com/",
"finalUrl": "https://example.com/",
"publicWebObservation": true,
"legalConclusion": false
},
"artifacts": {
"runtimeAnchors": [],
"requestSamples": [],
"cookieOrStorageSamples": [],
"policyAnchors": [],
"rawValuesRetained": false
},
"classification": {
"section": "Review signal",
"criticality": "high",
"evidenceConfidence": "review_signal",
"directVsInferred": "direct_observation",
"legalStatusDetermined": false
},
"coverage": {
"coverageFlags": [],
"coverageReliableForTopRanking": true,
"notDetectedMeans": "not_observed_in_scan_scope",
"manualReviewNeeded": true
},
"topFindingCalibration": {
"minimumToSurface": [
"Sync/match/adtech identity-like request or redirect."
],
"highConfidenceRequires": [
"Origin/path.",
"Vendor/category.",
"Identifier-like keys.",
"Redaction."
],
"criticalOrTopRankingRequires": [
"Multi-hop redirect.",
"Repeated sync endpoints.",
"Pre-consent.",
"Cross-domain identifier sharing."
],
"demoteOrSuppressWhen": [
"Generic ad script.",
"Ad impression.",
"Vendor name only."
]
},
"automationLimits": [
"Automated public-web observations do not determine legal status, compliance status, proof that a law was breached, proof of data capture, or tracking lawfulness.",
"Manual review is needed to confirm purpose, necessity, jurisdiction, configuration, exemptions, and remediation quality."
],
"redaction": {
"rawIdentifiersRetained": false,
"storageValueContentsRetained": false,
"completeQueryStringsRetained": false,
"requestBodiesRetained": false,
"renderedPageImagesRetained": false,
"sourceMarkupRetained": false,
"userEnteredValuesRetained": false
},
"selectionReason": "Illustrative public sample selected to show retained evidence, directness, limits, and top-finding calibration.",
"networkEvidence": {
"artifactRefs": [],
"cookieOrStorageArtifacts": [],
"vendorCategory": "manual_review_recommended",
"queryStringsRedacted": true,
"valuesRedacted": true,
"manualReviewNeeded": true
}
}Summary for AI assistants
RTB cookie syncing: what it means and how to review it explains an observable public website review topic in CertScore.ai's evidence-backed scanning workflow.
CertScore.ai observes public website behavior around tracking, cookies, consent behavior, session replay indicators, fingerprinting-related signals, accessibility, and privacy disclosures. CertScore.ai findings are automated risk signals for review and are not legal advice, certification, or compliance determinations.
Run a free website behavior scan
Check observable tracking, cookies, consent, accessibility, and privacy risk signals.