macys.com
A mixed bag — real privacy costs sit alongside the basics done right.
On the less-safe side of C — it shares your visit with 14 known trackers: FullStory (session replay), Meta Pixel, Google Tag Manager, Google DoubleClick, +10 more.
3/5 checks · 48 third parties · 29 cookies
This grade comes straight from our live homepage scan and hasn’t been reviewed yet. It reflects what the site does on load — it can’t see what an app does once you log in, and it carries no business-model cap.
What macys.com does with your data
A crowd of outside companies loads with the page — each one can log that you showed up.
Contacts 48 third-party domains on load
It drops third-party cookies that can trail you from one site to the next.
Sets 29 third-party cookies
Your connection is encrypted, so others on your network can’t read what you send.
Serves over HTTPS (does not send an HSTS header)
None of the trackers it contacts are on our high-risk watchlist.
Contacts no high-risk / adversarial-state domains
It isn’t a registered data broker.
Not a registered data broker
Last scored 6/3/2026
3 of 3 free lookups left this week. DLTD members get unlimited scores — plus we actually remove you from the brokers behind the worst grades.
Get unlimited scores