KuCoin Cookie Compliance Report

KuCoin

kucoin.com

Compare

https://kucoin.com

Scanned Apr 15, 2026 · 41.9s

Your website score is

0/100

Critical

Grade

BannerConsent Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 24 user data leaks before consent on kucoin.com, including staticimg.com (Tracker Tracker), Twitter/X Pixel, X.

Security Headers

5/6 present

Strict-Transport-Security

max-age=31536000; includeSubDomains

Content-Security-Policy

report-uri https://sentry-v2.staticimg.co/api/80/security/?sentry_key=638f6869a787409b9d5f4edd74db3b66; default-src 'unsafe-eval' 'nonce-yJUzjh8+EAgJQNhvbU0QZw==' https://*.kucoin.com https://*.kucoin.plus https://*.kucoin.biz https://*.kucoin.fit https://*.kucoin.cloud https://*.kucoin.work https://*.kucoinpre.com https://*.staticimg.com https://*.staticimg.co https://*.xcoinsystem.com https://*.pool-x.io https://*.kcsfile.com https://bat.bing.com https://www.youtube.com https://www.facebook.com https://connect.facebook.net https://t.co https://analytics.twitter.com https://mc.yandex.ru https://www.google.com https://www.google.co.jp https://www.googleadservices.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://storage.googleapis.com https://font.googleapis.com https://www.google-analytics.com https://accounts.google.com https://www.gstatic.cn https://www.gstatic.com https://fonts.gstatic.cn https://fonts.gstatic.com https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com https://scripts.coolretargeting.com https://pixel.coolretargeting.com https://adscool.net https://cdn.cookielaw.org; connect-src https://*.kucoin.com https://*.kucoin.plus https://*.kucoin.biz https://*.kucoin.fit https://*.kucoin.cloud https://*.kucoin.work https://*.kucoinpre.com https://kucoin.eu.ada.support wss://*.kucoin.com wss://*.kucoin.plus wss://*.kucoin.biz wss://*.kucoin.fit wss://*.kucoin.cloud wss://*.kucoin.work wss://*.kucoinpre.com https://*.staticimg.com https://*.staticimg.co https://*.xcoinsystem.com https://*.pool-x.io https://*.kcsfile.com https://www.google.com https://www.google.co.jp https://www.googleadservices.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://storage.googleapis.com https://font.googleapis.com https://www.google-analytics.com https://accounts.google.com https://www.google.com.hk https://analytics.google.com https://maps.googleapis.com https://www.gstatic.cn https://www.gstatic.com https://fonts.gstatic.cn https://fonts.gstatic.com https://bat.bing.com https://www.youtube.com https://www.facebook.com https://connect.facebook.net https://mc.yandex.ru https://geolocation.onetrust.com https://privacyportal-fr.onetrust.com https://cdn.cookielaw.org; font-src https: data:; img-src https: data: blob:; frame-src 'self' https://*.staticimg.com https://*.staticimg.co https://www.googletagmanager.com https://td.doubleclick.net; worker-src 'self' https://*.staticimg.com https://*.staticimg.co; object-src 'none'; frame-ancestors 'self' https://*.kucoin.com https://*.kucoin.plus https://*.kucoin.biz https://*.kucoin.fit https://*.kucoin.cloud https://*.kucoin.work https://*.kucoinpre.com https://kucoin.eu.ada.support https://*.xcoinsystem.com https://web.telegram.org; style-src 'self' 'unsafe-inline' https://*.staticimg.com https://*.staticimg.co https://*.geetest.com

X-Frame-Options

SAMEORIGIN

X-Content-Type-Options

nosniff

Referrer-Policy

strict-origin-when-cross-origin

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

Not Detected

Google Consent Mode v2 was not found on this page. GCM v2 allows Google's tags to adjust their behavior based on user consent, and is required for compliant advertising measurement in the EU. Without it, your Google Ads and GA4 conversions may be impacted after consent is declined.

GTM container detected (GTM-TDH59FMV) but no consent mode initialisation found. Add gtag('consent', 'default', ...) before your GTM snippet.

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

1 vendor

Consent Mode

Not Detected

GTM Load

1295ms pre-consent

Google Tag Manager(GTM-TDH59FMV)

Loaded 1295ms after page load — before the consent banner was detected (banner appeared at 8369ms). Per a 2022 German court ruling, GTM itself transmits the user's IP to Google pre-consent.

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

Vendors firing after rejection (1)

Vendor	Category	Timing	URL
X (Twitter) — Twitter/X Pixel	advertising	20104ms	t.co

Consent Record Audit

Pass

Consent record stored after interaction

GDPR Art. 7(1)

Found: OptanonConsent (OneTrust)

Record contains timestamp

Art. 7(1)

Timestamp field detected

Record contains consent state

Art. 7(1)

Accept/reject state detected

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

Cookie settings link / floating button found

Consent record and withdrawal mechanism are both correctly implemented

Tracker categories detected

Advertising2 vendors

Analytics1 vendor

Marketing1 vendor

Security1

Functional1 vendor

Tag Management1 vendor

Critical5

criticalNetworkstaticimg.com (Tracker Tracker)

staticimg.com (tracker) loaded before consent

Host: assets.staticimg.comFired: 1139ms after load

criticalNetworkAdvertisingTwitter/X Pixel

Twitter/X Pixel (X (Twitter)) loaded before consent: Twitter/X ad conversion tracking endpoint

Host: t.coFired: 5517ms after load

X2 findings

muc_ads, personalization_id

criticalCookieMarketingX

X cookie "muc_ads" set before consent — These cookies are placed when you come to our website via X. A cookie from X is also placed on our website, with which we can later show a relevant offer on X

Cookie: muc_adsDomain: .t.coRetention: 24 months

criticalCookieMarketingX

X cookie "personalization_id" set before consent — Unique value with which users can be identified by X. Collected information is used to be personalize X services, including X trends, stories, ads and suggestions.

Cookie: personalization_idDomain: .twitter.comRetention: 2 years

criticalPost-RejectionAdvertisingX (Twitter) — Twitter/X Pixel

X (Twitter) — Twitter/X Pixel fires after user rejected consent

Fired: 20104ms after load

Warnings20

Google Tag Manager2 findingsID tracked

www.googletagmanager.com

warningNetworkTag ManagementGoogle Tag Manager

Google Tag Manager (Google) loaded before consent: Loads the GTM container which may trigger other tags

ID: GTM-TDH59FMVHost: www.googletagmanager.comFired: 1145ms after load

warningGTMTag ManagementGoogle Tag Manager

GTM loaded before consent banner — IP address transmitted to Google pre-consent (container: GTM-TDH59FMV)

warningNetworkTwitter (Social Tracker)

Twitter (social) loaded before consent

ID: o7ehjHost: analytics.twitter.comFired: 5517ms after load

warningNetwork

Unknown third-party request to sentry-v2.staticimg.co before consent

Host: sentry-v2.staticimg.coFired: 1227ms after load

warningNetwork

Unknown third-party request to bigdata-scfx-push.kucoin.plus before consent

Host: bigdata-scfx-push.kucoin.plusFired: 2559ms after load

warningNetwork

Unknown third-party request to ab.kucoin.plus before consent

Host: ab.kucoin.plusFired: 4593ms after load

warningNetwork

Unknown third-party request to scripts.coolretargeting.com before consent

Host: scripts.coolretargeting.comFired: 5492ms after load

warningNetwork

Unknown third-party request to adscool.net before consent

Host: adscool.netFired: 5492ms after load

warningNetwork

Unknown third-party request to pixel.coolretargeting.com before consent

Host: pixel.coolretargeting.comFired: 5657ms after load

warningStorage

sessionStorage key "kc__page_load_times__:/" written before consent

Key: kc__page_load_times__:/Type: sessionStorageFired: 1195ms after load

warningStorage

localStorage key "__store2_test" written before consent

Key: __store2_testType: localStorageFired: 1760ms after load

warningStorage

localStorage key "kc_report__trace_id" written before consent

Key: kc_report__trace_idType: localStorageFired: 1835ms after load

warningStorage

localStorage key "!_KC_clientId" written before consent

Key: !_KC_clientIdType: localStorageFired: 2069ms after load

warningStorage

localStorage key "__local_store_support__" written before consent

Key: __local_store_support__Type: localStorageFired: 2488ms after load

warningStorage

sessionStorage key "__session_storage_support__" written before consent

Key: __session_storage_support__Type: sessionStorageFired: 2489ms after load

warningStorage

localStorage key "!_KC_ip_country_code" written before consent

Key: !_KC_ip_country_codeType: localStorageFired: 2672ms after load

warningStorage

localStorage key ".thumbcache_c294bfec3668b22bff5f6aa9bb528f6a" written before consent

Key: .thumbcache_c294bfec3668b22bff5f6aa9bb528f6aType: localStorageFired: 2713ms after load

warningStorage

localStorage key "smidV2" written before consent

Key: smidV2Type: localStorageFired: 2731ms after load

warningStorage

localStorage key "!_KC_locale_country_info" written before consent

Key: !_KC_locale_country_infoType: localStorageFired: 2812ms after load

warningStorage

localStorage key "sawebjssdkabtest" written before consent

Key: sawebjssdkabtestType: localStorageFired: 5930ms after load

Info5

OneTrust2 findings

cdn.cookielaw.org, OptanonConsent

infoNetworkConsent MgmtOneTrust

OneTrust (OneTrust) loaded before consent: OneTrust cookie consent management

Host: cdn.cookielaw.orgFired: 1123ms after load

infoCookieConsent MgmtOneTrust

OneTrust cookie "OptanonConsent" set before consent

Cookie: OptanonConsentDomain: .www.kucoin.com

infoNetworkConsent MgmtOneTrust CMP

OneTrust CMP (OneTrust) loaded before consent: OneTrust geo-lookup — determines which consent banner to show based on user location

Host: geolocation.onetrust.comFired: 1235ms after load

infoCookieFunctionalCloudflare

Cloudflare cookie "_cfuvid" set before consent — The _cfuvid cookie is only set when a site uses this option in a Rate Limiting Rule, and is only used to allow the Cloudflare WAF to distinguish individual users who share the same IP address.

Cookie: _cfuvidDomain: .kucoin.comRetention: session

infoCookieFunctional

Cloudflare bot management — necessary for site operation

Cookie: __cf_bmDomain: .kucoin.com

Compliant3

CompliantCookieConsent MgmtOneTrust

OneTrust cookie "OptanonAlertBoxClosed" set correctly after consent

Cookie: OptanonAlertBoxClosedDomain: .www.kucoin.com

Google Analytics2 findings

_ga_X21PHS1TQF, _ga

CompliantCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_X21PHS1TQF" set correctly after consent

Cookie: _ga_X21PHS1TQFDomain: .kucoin.com

CompliantCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga" set correctly after consent

Cookie: _gaDomain: .kucoin.com

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan kucoin.com →

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com