audit report
Bitwarden
Bitwarden loaded 74 third-party domain(s), of which 19 are privacy-sensitive. 1 warn finding(s): No privacy policy found. Privacy-sensitive vendors observed: Facebook, Facebook Pixel, Google Ads, Google Analytics, Google DoubleClick, Google Tag Manager.
findings
- warn
No privacy policy found
stackpeek could not discover a privacy policy for this page. This is unusual for anything serving real users.
how we detected this → - note
HubSpot loaded (analytics)
Observed 4 time(s) on the page.
CSP: https://forms.hubspot.com CSP: https://track.hubspot.com CSP: https://app.hubspot.com - note
The Trade Desk loaded (advertising)
Observed 3 time(s) on the page.
CSP: https://insight.adsrvr.org CSP: https://js.adsrvr.org/ - note
Microsoft Bing loaded (advertising)
Observed 3 time(s) on the page.
CSP: https://bat.bing.com - note
Microsoft Clarity loaded (session_replay)
Observed 3 time(s) on the page.
CSP: https://i.clarity.ms CSP: https://www.clarity.ms CSP: https://scripts.clarity.ms - note
Google DoubleClick loaded (advertising)
Observed 3 time(s) on the page.
CSP: https://stats.g.doubleclick.net CSP: https://*.doubleclick.net CSP: https://googleads.g.doubleclick.net - note
Google Analytics loaded (analytics)
Observed 3 time(s) on the page.
CSP: https://www.google-analytics.com - note
Google Tag Manager loaded (tag_manager)
Observed 3 time(s) on the page.
<iframe> src: https://www.googletagmanager.com/ns.html?id=GTM-NF32QCS CSP: https://www.googletagmanager.com - note
Outbrain loaded (advertising)
Observed 3 time(s) on the page.
CSP: https://amplify.outbrain.com CSP: https://tr.outbrain.com CSP: https://wave.outbrain.com - note
Facebook loaded (social)
Observed 2 time(s) on the page.
CSP: https://www.facebook.com CSP: https://www.facebook.com/ - note
Twitter/X Ads Pixel loaded (advertising)
Observed 1 time(s) on the page.
CSP: https://static.ads-twitter.com - note
Facebook Pixel loaded (advertising)
Observed 1 time(s) on the page.
CSP: https://connect.facebook.net - note
Google Ads loaded (advertising)
Observed 1 time(s) on the page.
CSP: https://www.googleadservices.com - note
HubSpot loaded (analytics)
Observed 1 time(s) on the page.
CSP: https://js.hs-analytics.net - note
HubSpot loaded (analytics)
Observed 1 time(s) on the page.
CSP: https://js.hs-scripts.com - note
LinkedIn loaded (social)
Observed 1 time(s) on the page.
CSP: https://px.ads.linkedin.com - note
Plausible loaded (analytics)
Observed 1 time(s) on the page.
CSP: https://plausible.io - note
Reddit loaded (social)
Observed 1 time(s) on the page.
CSP: https://alb.reddit.com - note
Twitter/X short URL loaded (social)
Observed 1 time(s) on the page.
CSP: https://t.co - note
Twitter/X loaded (social)
Observed 1 time(s) on the page.
CSP: https://analytics.twitter.com
third parties observed
| vendor | domain | category | hits | disclosure |
|---|---|---|---|---|
| facebook.com | social | 2 | not named | |
| Facebook Pixel | facebook.net | advertising | 1 | not named |
| Google Ads | googleadservices.com | advertising | 1 | not named |
| Google Analytics | google-analytics.com | analytics | 3 | not named |
| Google DoubleClick | doubleclick.net | advertising | 3 | not named |
| Google Tag Manager | googletagmanager.com | tag_manager | 3 | not named |
| HubSpot | hubspot.com | analytics | 4 | not named |
| HubSpot | hs-analytics.net | analytics | 1 | not named |
| HubSpot | hs-scripts.com | analytics | 1 | not named |
| linkedin.com | social | 1 | not named | |
| Microsoft Bing | bing.com | advertising | 3 | not named |
| Microsoft Clarity | clarity.ms | session_replay | 3 | not named |
| Outbrain | outbrain.com | advertising | 3 | not named |
| Plausible | plausible.io | analytics | 1 | not named |
| reddit.com | social | 1 | not named | |
| The Trade Desk | adsrvr.org | advertising | 3 | not named |
| Twitter/X | twitter.com | social | 1 | not named |
| Twitter/X Ads Pixel | ads-twitter.com | advertising | 1 | not named |
| Twitter/X short URL | t.co | social | 1 | not named |
| 6sc.co | 6sc.co | other | 1 | not named |
| AWS | amazonaws.com | hosting | 1 | not named |
| Adobe Typekit | typekit.net | fonts | 2 | not named |
| Algolia | algolia.net | api | 2 | not named |
| Algolia | algolianet.com | api | 1 | not named |
| Cloudinary | cloudinary.com | cdn | 1 | not named |
| Contentful | contentful.com | api | 3 | not named |
| Contentful CDN | ctfassets.net | cdn | 1 | not named |
| google.com | other | 2 | not named | |
| Google APIs | googleapis.com | api | 1 | not named |
| Google Static | gstatic.com | cdn | 1 | not named |
| LinkedIn CDN | licdn.com | cdn | 1 | not named |
| Vimeo | vimeo.com | video | 2 | not named |
| YouTube | youtube.com | video | 1 | not named |
| YouTube thumbnails | ytimg.com | cdn | 1 | not named |
| Zoom | zoom.us | video | 1 | not named |
| adsymptotic.com | adsymptotic.com | other | 1 | not named |
| algolia.io | algolia.io | other | 1 | not named |
| bluekai.com | bluekai.com | other | 1 | not named |
| capterra.com | capterra.com | other | 1 | not named |
| clearbitjs.com | clearbitjs.com | other | 1 | not named |
| clearbitscripts.com | clearbitscripts.com | other | 1 | not named |
| clickagy.com | clickagy.com | other | 6 | not named |
| cloudfunctions.net | cloudfunctions.net | other | 1 | not named |
| company-target.com | company-target.com | other | 4 | not named |
| crazyegg.com | crazyegg.com | other | 2 | not named |
| demandbase.com | demandbase.com | other | 4 | not named |
| freshsales.io | freshsales.io | other | 2 | not named |
| greenhouse.io | greenhouse.io | other | 3 | not named |
| hs-banner.com | hs-banner.com | other | 1 | not named |
| hs-sites.com | hs-sites.com | other | 1 | not named |
| hsadspixel.net | hsadspixel.net | other | 1 | not named |
| hscollectedforms.net | hscollectedforms.net | other | 1 | not named |
| hsforms.com | hsforms.com | other | 4 | not named |
| hsforms.net | hsforms.net | other | 1 | not named |
| hubapi.com | hubapi.com | other | 1 | not named |
| hubilo.com | hubilo.com | other | 1 | not named |
| hund.io | hund.io | other | 2 | not named |
| jsDelivr | jsdelivr.net | cdn | 5 | not named |
| ketchcdn.com | ketchcdn.com | other | 6 | not named |
| ketchjs.com | ketchjs.com | other | 5 | not named |
| ml314.com | ml314.com | other | 2 | not named |
| mountain.com | mountain.com | other | 2 | not named |
| ninetailed.io | ninetailed.io | other | 1 | not named |
| oribi.io | oribi.io | other | 1 | not named |
| pdst.fm | pdst.fm | other | 1 | not named |
| quora.com | quora.com | other | 1 | not named |
| redditstatic.com | redditstatic.com | other | 1 | not named |
| rlcdn.com | rlcdn.com | other | 2 | not named |
| salesloft.com | salesloft.com | other | 2 | not named |
| usemessages.com | usemessages.com | other | 1 | not named |
| vimeocdn.com | vimeocdn.com | other | 2 | not named |
| xingcdn.com | xingcdn.com | other | 1 | not named |
| zi-scripts.com | zi-scripts.com | other | 1 | not named |
| zoominfo.com | zoominfo.com | other | 2 | not named |
policy claims
No privacy policy could be located on this site.
response headers
- hsts
- yes
- csp
- yes
- server
- —
run this yourself
Every audit on this site is reproducible. Install stackpeek and run the same check against https://bitwarden.com from your own machine — the tool is MIT-licensed and runs locally.
pip install stackpeek
stackpeek audit https://bitwarden.comprovenance
This audit was generated by running
stackpeek
against https://bitwarden.com
from a public IP, using only HTTP GET and standard browser headers. The
findings compare the observed HTML against the
policy discovery results (no policy document was located)
using the
public methodology.
Re-scans append new findings at new permalinks and never overwrite the
historical record.