Public Compliance Report

bankofamerica.com

Last scanned: March 6, 2026

Compliance Score

42/100

Grade D

Poor compliance, significant issues

Litigation Exposure Index

48ELEVATED

Several compliance issues should be addressed

Findings

9 risk signals identified

Third-Party Requests

64 third-party network requests observed

Share this report

Privacy Compliance Reportpreconsent.io

bankofamerica.com

9 finding(s)|LEI: ELEVATED

42/100

Pre-Consent Tracking

No Fingerprinting

X / Twitter LinkedIn Reddit Hacker News

Check your own website

Run a free pre-consent scan and see what trackers fire before your visitors consent.

Key Risk Signals

First-party subdomain bup.bankofamerica.com has a CNAME pointing to third-party domain wup-532e636f.us.v2.we-stats.com. This may be used to bypass cookie restrictions.

Observed before consent

high

Ensure cookies are only set after valid user consent.

First-party subdomain rail.bankofamerica.com has a CNAME pointing to third-party domain prod-lb-10-490190718.us-east-1.elb.amazonaws.com. This may be used to bypass cookie restrictions.

Observed before consent

high

Ensure cookies are only set after valid user consent.

First-party subdomain smetrics.bankofamerica.com has a CNAME pointing to known tracker adobe_analytics (bankofamerica.com.data.adobedc.net). This disguises third-party tracking as first-party.

Observed before consent

critical

Implement tag manager consent mode to gate tracking scripts.

First-party subdomain www.bankofamerica.com has a CNAME pointing to third-party domain wwwui.ecglb.bac.com. This may be used to bypass cookie restrictions.

Observed before consent

high

Ensure cookies are only set after valid user consent.

First-party subdomain secure.bankofamerica.com has a CNAME pointing to third-party domain secure.ecglb.bac.com. This may be used to bypass cookie restrictions.

Observed before consent

high

Ensure cookies are only set after valid user consent.

First-party subdomain aero.bankofamerica.com has a CNAME pointing to third-party domain prod-lb-8-1772099769.us-east-1.elb.amazonaws.com. This may be used to bypass cookie restrictions.

Observed before consent

high

Ensure cookies are only set after valid user consent.

First-party subdomain dull.bankofamerica.com has a CNAME pointing to third-party domain prod-lb-10-490190718.us-east-1.elb.amazonaws.com. This may be used to bypass cookie restrictions.

Observed before consent

high

Ensure cookies are only set after valid user consent.

First-party subdomain glassbox-hlx-igw.bankofamerica.com has a CNAME pointing to third-party domain glassbox-hlx-igw.ecglb.bac.com. This may be used to bypass cookie restrictions.

Observed before consent

high

Ensure cookies are only set after valid user consent.

Top Third-Party Vendors

6 vendors

advertising:1

analytics:1

functional:1

unknown:3

Bac-assets

Tealium

OneTrust

Adobe

Advanced-web-analytics

unknown1 req

Glancecdn

unknown1 req

Data Flow Map

1 country3 vendors

Scan Sourcebankofamerica.com

Advertising

Analytics

Functional

Data observed flowing to 1 country via 3 third-party vendors before user consent

This report reflects automated observations at the time of scanning and does not constitute legal advice or an assertion of non-compliance. Findings represent potential risk signals that may warrant further review. Compliance posture may have changed since the last scan.

Continuous Monitoring

Is this your website?

Claim ownership, control public visibility, and start continuous compliance monitoring with real-time alerts.

Monitor compliance continuously

Detect new trackers automatically

Request review or removal

About This Analysis

Real Browser Scan

Executed in a full Chromium browser session, capturing actual network behavior.

No Consent Simulated

All activity captured before any consent interaction, reflecting first-visit behavior.

2,400+ Vendor Database

Each request matched against a curated database of known tracking and analytics vendors.