GameSpot

gamespot.com

Compare

https://gamespot.com

Scanned Apr 15, 2026 · 38.8s

Your website score is

0/100
Critical

Grade

F0

Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 20 user data leaks before consent on gamespot.com, including Experian (Advertising Tracker), WordPress VIP (Analytics Tracker), comScore (Analytics Tracker) and 2 more.

Security Headers

2/6 present

Strict-Transport-Security

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Add a Content-Security-Policy header to prevent XSS and code injection attacks

X-Frame-Options

Add X-Frame-Options header to prevent clickjacking attacks

X-Content-Type-Options

Set X-Content-Type-Options to 'nosniff' to prevent MIME type sniffing

Referrer-Policy

no-referrer-when-downgrade

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

V2
70/100
GTM Containers:GTM-PWVTCD9GTM-NR9LWXM8

Consent Parameters

ParameterDefaultUpdated
Ad Storagenot_setgranted
Ad User Datanot_setgranted
Ad Personalizationnot_setgranted
Analytics Storagenot_setgranted
Functionality Storagenot_setnot_set
Personalization Storagenot_setnot_set
Security Storagenot_setnot_set

Issues (1)

No default consent call detected — consent mode may not be initialised correctly

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

3 vendors

Consent Mode

Not Detected

GTM Load

3357ms pre-consent

Google Tag Manager(GTM-PWVTCD9)

Loaded 3357ms after page load — before the consent banner was detected (banner appeared at 7690ms). Per a 2022 German court ruling, GTM itself transmits the user's IP to Google pre-consent.

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

✓ gtag('consent', 'update') call detected on rejection

Vendors firing after rejection (3)

VendorCategoryTimingURL
Sourcepoint — Sourcepoint CMPconsent_management18951mslaunchpad-wrapper.privacymanager.io
Google — Google Adsadvertising19569mspagead2.googlesyndication.com
Quantcast — Quantcastadvertising26922mscms.quantserve.com

Consent Record Audit

Issues detected

Consent record stored after interaction

GDPR Art. 7(1)

Found: OptanonConsent (OneTrust)

Record contains timestamp

Art. 7(1)

Timestamp field detected

Record contains consent state

Art. 7(1)

Accept/reject state detected

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

No way for users to withdraw consent found on page

No cookie settings link, footer link, or floating consent button was detected. GDPR requires users to withdraw consent as easily as they gave it.

Why this matters

Under GDPR Article 7, controllers must be able to demonstrate that consent was given (Art. 7(1)) and ensure users can withdraw consent at any time, as easily as giving it (Art. 7(3)). Sites with no consent record or no withdrawal mechanism cannot legally rely on consent as a lawful basis.

Tracker categories detected

Advertising5 vendors
Analytics7 vendors
Marketing6 vendors
Security4
Functional5 vendors
Tag Management1 vendor
Critical10
Experian (Advertising Tracker)
criticalNetworkAdvertisingExperian (Advertising Tracker)

Experian (advertising) loaded before consent

Host: seg.ad.gtFired: 2017ms after load
WordPress VIP (Analytics Tracker)
WordPress VIP (Analytics Tracker)2 findings

cdn.parsely.com, p1.parsely.com

WordPress VIP (Analytics Tracker)
criticalNetworkAnalyticsWordPress VIP (Analytics Tracker)

WordPress VIP (analytics) loaded before consent

Host: cdn.parsely.comFired: 3740ms after load
WordPress VIP (Analytics Tracker)
criticalNetworkAnalyticsWordPress VIP (Analytics Tracker)

WordPress VIP (analytics) loaded before consent

Host: p1.parsely.comFired: 4274ms after load
comScore (Analytics Tracker)
criticalNetworkAnalyticscomScore (Analytics Tracker)

comScore (analytics) loaded before consent

Host: sb.scorecardresearch.comFired: 3740ms after load
Impact (Advertising Tracker)
criticalNetworkAdvertisingImpact (Advertising Tracker)

Impact (advertising) loaded before consent

Host: cdn-magiclinks.trackonomics.netFired: 3776ms after load
Marfeel
criticalCookieAnalyticsMarfeel

Marfeel cookie "_scor_uid" set before consent — This cookie is used to store for temporary session

Cookie: _scor_uidDomain: .gamespot.comRetention: Session
criticalPost-RejectionConsent MgmtSourcepoint — Sourcepoint CMP

Sourcepoint — Sourcepoint CMP fires after user rejected consent

Fired: 18951ms after load
Google — Google Ads
criticalPost-RejectionAdvertisingGoogle — Google Ads

Google — Google Ads fires after user rejected consent

Fired: 19569ms after load
Quantcast — Quantcast
criticalPost-RejectionAdvertisingQuantcast — Quantcast

Quantcast — Quantcast fires after user rejected consent

Fired: 26922ms after load
criticalConsent Record

No recognizable consent withdrawal mechanism detected — GDPR Article 7(3) requires users can withdraw consent as easily as giving it (cookie settings link or floating button expected)

Warnings14
Google Tag Manager
Google Tag Manager2 findingsID tracked

www.googletagmanager.com

Google Tag Manager
warningNetworkTag ManagementGoogle Tag Manager

Google Tag Manager loads before consent — this is expected and required for GCM v2 to initialise consent defaults before any tags fire

ID: GTM-PWVTCD9Host: www.googletagmanager.comFired: 3072ms after load
Google Tag Manager
warningGTMTag ManagementGoogle Tag Manager

GTM loaded before consent banner — IP address transmitted to Google pre-consent (container: GTM-PWVTCD9)

vendor logo
warningNetwork

Unknown third-party request to services.fandom.com before consent

Host: services.fandom.comFired: 159ms after load
vendor logo
warningNetwork

Unknown third-party request to www.google.com before consent

Host: www.google.comFired: 1094ms after load
vendor logo
warningNetwork

Unknown third-party request to script.wikia.nocookie.net before consent

Host: script.wikia.nocookie.netFired: 1204ms after load
vendor logo
warningNetwork

Unknown third-party request to static.wikia.nocookie.net before consent

Host: static.wikia.nocookie.netFired: 2017ms after load
warningStorage

localStorage key "modernizr" written before consent

Key: modernizrType: localStorageFired: 778ms after load
warningStorage

localStorage key "lscache-__lscachetest__" written before consent

Key: lscache-__lscachetest__Type: localStorageFired: 1081ms after load
warningStorage

localStorage key "__test__" written before consent

Key: __test__Type: localStorageFired: 1452ms after load
warningStorage

localStorage key "__o1776289899767__" written before consent

Key: __o1776289899767__Type: localStorageFired: 1506ms after load
warningStorage

localStorage key "__o1776289899770__" written before consent

Key: __o1776289899770__Type: localStorageFired: 1509ms after load
warningStorage

localStorage key "instant-config-lock" written before consent

Key: instant-config-lockType: localStorageFired: 1520ms after load
warningStorage

localStorage key "instant-config-gamespot" written before consent

Key: instant-config-gamespotType: localStorageFired: 1789ms after load
warningStorage

localStorage key "ae3-provider-storage-test" written before consent

Key: ae3-provider-storage-testType: localStorageFired: 1977ms after load
Info11
OneTrust
OneTrust3 findings

cdn.cookielaw.org, OneTrustWPCCPAGoogleOptOut, OptanonConsent

OneTrust
infoNetworkConsent MgmtOneTrust

OneTrust (OneTrust) loaded before consent: OneTrust cookie consent management

Host: cdn.cookielaw.orgFired: 159ms after load
OneTrust
infoCookieFunctionalOneTrust

OneTrust cookie "OneTrustWPCCPAGoogleOptOut" set before consent — This cookie is set by OneTrust. It is used to honor IAB CCPA laws for consent.

Cookie: OneTrustWPCCPAGoogleOptOutDomain: www.gamespot.comRetention: 365 days
OneTrust
infoCookieConsent MgmtOneTrust

OneTrust cookie "OptanonConsent" set before consent

Cookie: OptanonConsentDomain: .gamespot.com
Cloudflare Web Analytics
infoNetworkAnalyticsCloudflare Web Analytics

Cloudflare Web Analytics (Cloudflare) loaded before consent: Cloudflare Web Analytics beacon — privacy-focused, no cookies

Host: static.cloudflareinsights.comFired: 191ms after load
Google (Cdn)
infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

Host: www.gstatic.comFired: 1805ms after load
OneTrust CMP
infoNetworkConsent MgmtOneTrust CMP

OneTrust CMP (OneTrust) loaded before consent: OneTrust geo-lookup — determines which consent banner to show based on user location

Host: geolocation.onetrust.comFired: 1834ms after load
infoCookieFunctionalPrivacyPillar

PrivacyPillar cookie "usprivacy" set before consent — This cookie stores the US privacy string.

Cookie: usprivacyDomain: www.gamespot.comRetention: 1 year
Parse.ly2 findings

_parsely_session, _parsely_visitor

infoCookieFunctionalParse.ly

Parse.ly cookie "_parsely_session" set before consent — JSON document storing information identifying a browsing session according to Parsely’s proprietary definition

Cookie: _parsely_sessionDomain: .gamespot.comRetention: 30 minutes
infoCookieFunctionalParse.ly

Parse.ly cookie "_parsely_visitor" set before consent — JSON document uniquely identifying a browser and counting its sessions

Cookie: _parsely_visitorDomain: .gamespot.comRetention: 13 months
infoCookieFunctional

Cloudflare bot management — necessary for site operation

Cookie: __cf_bmDomain: .gamespot.com
infoCookieFunctional

Cloudflare challenge clearance — necessary for site access

Cookie: cf_clearanceDomain: .gamespot.com
Compliant21
Google Analytics
Google Analytics4 findingsID tracked

region1.google-analytics.com, _ga_CTMGB962KH, _ga, _ga_HLJ6XDCTMV

GA4
CompliantNetworkAnalyticsGA4

GA4 (Google) loaded correctly after consent

ID: G-CTMGB962KHHost: region1.google-analytics.comFired: 3785ms after load
Google Analytics
CompliantCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_CTMGB962KH" set correctly after consent

Cookie: _ga_CTMGB962KHDomain: .gamespot.com
Google Analytics
CompliantCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga" set correctly after consent

Cookie: _gaDomain: .gamespot.com
Google Analytics
CompliantCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_HLJ6XDCTMV" set correctly after consent

Cookie: _ga_HLJ6XDCTMVDomain: .gamespot.com
Google Ads
Google Ads3 findings

googleads.g.doubleclick.net, _gcl_au, _gcl_ls

Google Ads
CompliantNetworkAdvertisingGoogle Ads

Google Ads (Google) loaded correctly after consent

Host: googleads.g.doubleclick.netFired: 2796ms after load
Google Ads
CompliantCookieAdvertisingGoogle Ads

Google Ads cookie "_gcl_au" set correctly after consent

Cookie: _gcl_auDomain: .gamespot.com
Google Ads
CompliantStorageAdvertisingGoogle Ads

Google Ads (Google) wrote "_gcl_ls" to localStorage correctly after consent

Key: _gcl_lsType: localStorageFired: 2748ms after load
Sourcepoint CMP
Sourcepoint CMP2 findings

launchpad-wrapper.privacymanager.io, launchpad.privacymanager.io

Sourcepoint CMP
CompliantNetworkConsent MgmtSourcepoint CMP

Sourcepoint CMP (Sourcepoint) loaded correctly after consent

Host: launchpad-wrapper.privacymanager.ioFired: 4346ms after load
Sourcepoint CMP
CompliantNetworkConsent MgmtSourcepoint CMP

Sourcepoint CMP (Sourcepoint) loaded correctly after consent

Host: launchpad.privacymanager.ioFired: 4708ms after load
OneTrust
CompliantCookieConsent MgmtOneTrust

OneTrust cookie "OptanonAlertBoxClosed" set correctly after consent

Cookie: OptanonAlertBoxClosedDomain: .gamespot.com
Instagram
CompliantCookieMarketingInstagram

Instagram cookie "sessionId" set correctly after consent

Cookie: sessionIdDomain: .gamespot.comRetention: 1 year
openx.net
openx.net2 findings

i, pd

openx.net
CompliantCookieMarketingopenx.net

openx.net cookie "i" set correctly after consent

Cookie: iDomain: .openx.netRetention: 1 year
openx.net
CompliantCookieMarketingopenx.net

openx.net cookie "pd" set correctly after consent

Cookie: pdDomain: .openx.netRetention: 15 days
CompliantCookieMarketingCreativeCDN

CreativeCDN cookie "g" set correctly after consent

Cookie: gDomain: .creativecdn.comRetention: 364 days
CompliantCookieFunctionalPayPal

PayPal cookie "ts" set correctly after consent

Cookie: tsDomain: .creativecdn.comRetention: 3 years
Quantcast
CompliantCookieMarketingQuantcast

Quantcast cookie "mc" set correctly after consent

Cookie: mcDomain: .quantserve.comRetention: 13 months
CompliantCookieAnalyticsSnowplow

Snowplow cookie "sp" set correctly after consent

Cookie: spDomain: .quantserve.comRetention: 1 year
DoubleClick/Google Marketing
CompliantCookieMarketingDoubleClick/Google Marketing

DoubleClick/Google Marketing cookie "IDE" set correctly after consent

Cookie: IDEDomain: .doubleclick.netRetention: 2 years
Adform
Adform2 findings

C, uid

Adform
CompliantCookieMarketingAdform

Adform cookie "C" set correctly after consent

Cookie: CDomain: .adform.netRetention: 60 days till 3650 days
Adform
CompliantCookieMarketingAdform

Adform cookie "uid" set correctly after consent

Cookie: uidDomain: .adform.netRetention: 60 days
CompliantStorageFunctionallocalStorage availability probe

localStorage availability probe (null) wrote "__storage_test__" to localStorage correctly after consent

Key: __storage_test__Type: localStorageFired: -21573ms after load

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan gamespot.com

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com