Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Oracle Moat is a US advertising verification service that measures viewability, invalid traffic and brand safety for display ads. Moat tags set third-party cookies on the moatads.com domain.
Oracle Moat is an advertising measurement product that verifies viewability, invalid traffic and brand safety for display, video and connected TV ads. A JavaScript pixel embedded in the ad creative or via a tag manager monitors how the ad is rendered and seen by users.
Moat sets third-party cookies under the moatads.com domain to deduplicate impressions and detect non-human traffic. The pixel also reads device characteristics such as user agent, screen size and viewport position to compute viewability scores.
Impression beacons, IP addresses and viewability metrics are sent to Oracle infrastructure in the United States. Oracle has announced the wind down of Oracle Advertising, but verification activities continue under transitional arrangements for some customers.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Because Moat is a third party advertising tracker, prior consent under the ePrivacy Directive and Article 6(1)(a) GDPR is required before the pixel loads. Publishers using the IAB TCF v2.2 typically request consent for purposes 7 (ad measurement) and 8 (product development).
Block the Moat pixel before consent, integrate with the IAB TCF if you operate in programmatic, sign a DPA with Oracle, document Standard Contractual Clauses, and disclose Moat in your privacy notice and cookie policy as an advertising measurement vendor.
Websites using Oracle Moat Measurement must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended because Moat performs systematic monitoring of advertising exposure, combines device data and IP addresses for fraud detection, and transfers data to the United States. Document IAB TCF integration and Oracle wind down implications.
Sample consent text
We use Oracle Moat to measure advertising viewability and prevent fraud. Moat sets third-party cookies on moatads.com and transfers your IP and viewing signals to the United States. Do you consent?
Third-party domains contacted
moatads.commoatpixel.comz.moatads.compx.moatads.comoracle.comoraclecloud.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| mt_misc | marketing | 13 months | Persistent identifier set on moatads.com used to deduplicate ad impressions across sessions and to compute viewability |
| mt_mop | marketing | 13 months | Operational identifier used by Moat to attribute measurement events to a specific campaign and publisher |
| NSC_* | necessary | Session | Load balancing session cookie set by the NetScaler tier in front of Moat servers |
| mt_sess | marketing | Session | Session identifier that groups measurement events within a single browsing session |
| mt_ivt | analytics | 30 days | Stores invalid traffic detection flags such as suspected bot or non-human signals |
| mt_cap | marketing | 24 hours | Frequency capping cookie used to limit how often measurement beacons are sent for the same creative |
Oracle Moat Measurement places tracking cookies for advertising — comply with GDPR using FlowConsent.
Oracle Moat sets third-party cookies on the moatads.com domain, including a persistent identifier used to deduplicate impressions, a session identifier, an invalid traffic flag and a frequency capping cookie. Most Moat cookies have durations between 30 days and 13 months.
Yes. Moat is a third party advertising measurement tag that sets cookies and processes device data. Prior consent under the ePrivacy Directive and Article 6(1)(a) GDPR is required before loading the pixel.
Consent under Article 6(1)(a) GDPR is the appropriate basis. Within the IAB TCF v2.2, Oracle is typically declared under purpose 7 (measure advertising performance) and purpose 8 (apply market research to generate audience insights).
Yes. Impression beacons, IP addresses and viewability signals are transferred to Oracle servers in the United States. Transfers should be covered by Standard Contractual Clauses and a transfer impact assessment, taking into account US surveillance laws.
A DPIA is recommended because Moat carries out systematic monitoring of advertising exposure, processes IP and device data for fraud detection, and transfers personal data to the United States. Many EU regulators consider these factors sufficient for a DPIA.
Load the Moat tag only after a valid consent signal, integrate with the IAB TCF if you operate in programmatic, sign a DPA with Oracle, document SCCs and add Moat to your records of processing. Plan for the announced Oracle Advertising wind down.
EU based or more privacy aware verification options include DoubleVerify EU, IAS server-side measurement, Adloox (France) and Meetrics (Germany). Server-side measurement reduces cookies and lets you keep more control over data flows.
Disclose Oracle Moat by name as an advertising measurement vendor, list the moatads.com cookies with their durations and purposes, note the transfer to the United States and provide a link to Oracle's advertising privacy policy and to your CMP settings.