Skip to main content
All CollectionsPrivacy Compliance
Rogue & Piggybacking Tags
Rogue & Piggybacking Tags
Product Enablement avatar
Written by Product Enablement
Updated over 2 months ago

Overview

"Rogue tags" and "piggybacking tags" are terms used in digital marketing and website management, particularly in the context of tracking technologies such as tags and cookies.

Rogue Tags

Rogue tags are unauthorized tracking tags added to a website without proper approval or oversight. These can come from third-party vendors, internal teams, or malicious actors, often bypassing governance policies. Rogue tags can include piggybacking tags.

Piggybacking Tags

Piggybacking tags are additional tags triggered by an authorized tag, often loaded by third-party vendors without explicit approval.

These tags can result in data security and privacy violations (GDPR, CCPA, etc.), website performance issues, and unauthorized data sharing.

ObservePoint Audits can help you identify these unwanted rogue and piggybacking tags and show you which technologies are ultimately responsible for initiating those tags

Tag Initiators

The Tag Initiators report allows users to see relationships between tags on a web page. Through inspection of this report you can see the tag responsible for requesting another unapproved tag.

Privacy Tags Report

The Privacy Tags report describe tags that are approved and unapproved. To truly monitor rogue and piggybacking tags at scale you need to leverage this report and the associated Consent Categories and Alerts capabilities.

The image below shows unapproved Google Tag Manager containers which are some of the most dangerous rogue/piggybacking tags because a 3rd party could use these to embed any number of malicious scripts and effectively take control of your whole website.

By approving only specific tag accounts you can be notified when an approved tag is identified with an account id that is not yet approved. This way you can better govern these technologies and be informed whenever they are detected.

Note: You may find that by governing each individual account id, you have to review these tags more regularly. Because the nature of a rogue or piggybacking tag is subjective and requires analysis, there is no better way to ensure they are governed then by reviewing each new account introduced.

After configuring the Consent Category appropriately, be sure to implement an unapproved Tags Alert and apply it to this Audit so you can be promptly notified of any newly introduced unapproved tags.

Remediation

There are multiple scenarios for remediation described below:

Remediating Rogue Tags

Rogue tags can be hard coded on a page by a developer, implemented through a Tag Management System, or piggyback off of other 3rd party tags.

In the case of hard coded tags, you'll need to collaborate with product manager or developer to remove the script tags from the HTML.

In the case of a tag firing through a Tag Management System, you'll need to collaborate with the team responsible for implementation.

See details on remediating piggybacking tags below.

Remediating Piggybacking Tags

Either remove or modify the tag responsible for setting the unauthorized tag (the immediate parent tag).

Typically you will need to talk to someone on your team responsible for implementing a tag or contact the vendor directly and they can advise on how to make modifications (if possible to prevent this tag from firing).

You may determine that the vendor is unable to prevent the unauthorized piggybacking tags from firing. In this case you need to make a decision on whether or not to continue partnering with that vendor.

Did this answer your question?