OP.GG

op.gg

Compare

https://op.gg

Scanned Apr 17, 2026 · 36.5s

Your website score is

5/100
Critical

Grade

F5

Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 65 user data leaks before consent on op.gg, including Admiral (Advertising Tracker), JWP Connatix (Advertising Tracker), Integral Ad Science (Tracker Tracker) and 9 more.

Security Headers

3/6 present

Strict-Transport-Security

Add HSTS header to enforce HTTPS connections and prevent downgrade attacks

Content-Security-Policy

Add a Content-Security-Policy header to prevent XSS and code injection attacks

X-Frame-Options

SAMEORIGIN

X-Content-Type-Options

nosniff

Referrer-Policy

no-referrer-when-downgrade

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

V2
100/100
GTM Containers:GTM-WKTM6W8TGTM-573FGC6Z

Consent Parameters

ParameterDefaultUpdated
Ad Storagedenieddenied
Ad User Datadenieddenied
Ad Personalizationdenieddenied
Analytics Storagedenieddenied
Functionality Storagedenieddenied
Personalization Storagedenieddenied
Security Storagedenieddenied

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

0 vendors

Consent Mode

Not Detected

GTM Load

501ms pre-consent

Google Tag Manager(GTM-WKTM6W8T)

Loaded 501ms after page load — before the consent banner was detected (banner appeared at 6603ms). Per a 2022 German court ruling, GTM itself transmits the user's IP to Google pre-consent.

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

No tracking vendors detected firing after rejection

Consent Record Audit

Issues detected

Consent record stored after interaction

GDPR Art. 7(1)

No consent record written — cannot prove consent was given

No CMP consent cookie or localStorage entry was found after the consent interaction. GDPR requires controllers to demonstrate consent was given.

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

No way for users to withdraw consent found on page

No cookie settings link, footer link, or floating consent button was detected. GDPR requires users to withdraw consent as easily as they gave it.

Why this matters

Under GDPR Article 7, controllers must be able to demonstrate that consent was given (Art. 7(1)) and ensure users can withdraw consent at any time, as easily as giving it (Art. 7(3)). Sites with no consent record or no withdrawal mechanism cannot legally rely on consent as a lawful basis.

Tracker categories detected

Advertising9 vendors
Analytics3 vendors
Customer Support1 vendor
Security1 vendor
Functional1 vendor
Tag Management1 vendor
Critical26

Data was transmitted to a third-party or storage was written on the user’s device before consent. This is a GDPR/ePrivacy violation, not just a script load.

Admiral (Advertising Tracker)
criticalNetworkAdvertisingAdmiral (Advertising Tracker)

Admiral (advertising) loaded before consent

Host: cleanhaircut.comFired: 1309ms after load
JWP Connatix (Advertising Tracker)
JWP Connatix (Advertising Tracker)2 findings

cd.connatix.com, cds.connatix.com

JWP Connatix (Advertising Tracker)
criticalNetworkAdvertisingJWP Connatix (Advertising Tracker)

JWP Connatix (advertising) loaded before consent

Host: cd.connatix.comFired: 1491ms after load
JWP Connatix (Advertising Tracker)
criticalNetworkAdvertisingJWP Connatix (Advertising Tracker)

JWP Connatix (advertising) loaded before consent

Host: cds.connatix.comFired: 2010ms after load
Integral Ad Science (Tracker Tracker)
criticalNetworkIntegral Ad Science (Tracker Tracker)

Integral Ad Science (tracker) loaded before consent

Host: dt.adsafeprotected.comFired: 2731ms after load
Anymind Group (Advertising Tracker)
criticalNetworkAdvertisingAnymind Group (Advertising Tracker)

Anymind Group (advertising) loaded before consent

Host: anymind360.comFired: 3534ms after load
Advertising Tracker
Advertising Tracker2 findings

visit-server.inmobi-choice.io, ab.dns-finder.com

Advertising Tracker
criticalNetworkAdvertisingAdvertising Tracker

advertising tracker at visit-server.inmobi-choice.io loaded before consent

Host: visit-server.inmobi-choice.ioFired: 4163ms after load
Advertising Tracker
criticalNetworkAdvertisingAdvertising Tracker

advertising tracker at ab.dns-finder.com loaded before consent

Host: ab.dns-finder.comFired: 4615ms after load
Kueez (Advertising Tracker)
Kueez (Advertising Tracker)5 findings

static.kueezrtb.com, track.kueezrtb.com, gtrack.kueezrtb.com, otrack.kueezrtb.com, u.kueezrtb.com

Kueez (Advertising Tracker)
criticalNetworkAdvertisingKueez (Advertising Tracker)

Kueez (advertising) loaded before consent

Host: static.kueezrtb.comFired: 4323ms after load
Kueez (Advertising Tracker)
criticalNetworkAdvertisingKueez (Advertising Tracker)

Kueez (advertising) loaded before consent

Host: track.kueezrtb.comFired: 4574ms after load
Kueez (Advertising Tracker)
criticalNetworkAdvertisingKueez (Advertising Tracker)

Kueez (advertising) loaded before consent

Host: gtrack.kueezrtb.comFired: 4574ms after load
Kueez (Advertising Tracker)
criticalNetworkAdvertisingKueez (Advertising Tracker)

Kueez (advertising) loaded before consent

Host: otrack.kueezrtb.comFired: 4864ms after load
Kueez (Advertising Tracker)
criticalNetworkAdvertisingKueez (Advertising Tracker)

Kueez (advertising) loaded before consent

Host: u.kueezrtb.comFired: 4864ms after load
Amazon (Advertising Tracker)
criticalNetworkAdvertisingAmazon (Advertising Tracker)

Amazon (advertising) loaded before consent

Host: c.amazon-adsystem.comFired: 4323ms after load
eyeo (Advertising Tracker)
eyeo (Advertising Tracker)2 findings

btloader.com, api.btloader.com

eyeo (Advertising Tracker)
criticalNetworkAdvertisingeyeo (Advertising Tracker)

eyeo (advertising) loaded before consent

Host: btloader.comFired: 4323ms after load
eyeo (Advertising Tracker)
criticalNetworkAdvertisingeyeo (Advertising Tracker)

eyeo (advertising) loaded before consent

Host: api.btloader.comFired: 4897ms after load
AdDelivery (Advertising Tracker)
criticalNetworkAdvertisingAdDelivery (Advertising Tracker)

AdDelivery (advertising) loaded before consent

Host: ad-delivery.netFired: 4615ms after load
Google
criticalCookieAnalyticsGoogle

Google cookie "FCCDCF" set before consent — Cookie for Google Funding Choices API which allows for functionality specific to consent gathering for things like GDPR consent and CCPA opt-out.

Cookie: FCCDCFDomain: .op.ggRetention: 13 months
Google Ads
Google Ads2 findings

_gcl_au, _gcl_ls

Google Ads
criticalCookieAdvertisingGoogle Ads

Google Ads cookie "_gcl_au" set before consent

Cookie: _gcl_auDomain: .op.gg
Google Ads
criticalStorageAdvertisingGoogle Ads

Google Ads (Google) wrote "_gcl_ls" to localStorage before consent

Key: _gcl_lsType: localStorageFired: 1648ms after load
Google Analytics
Google Analytics5 findings

_ga, _ga_HKZFKE5JEL, _ga_HG9DB5ECL8, _ga_37HQ1LKWBE, _ga_WCXGQGETWH

Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga" set before consent

Cookie: _gaDomain: .op.gg
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_HKZFKE5JEL" set before consent

Cookie: _ga_HKZFKE5JELDomain: .op.gg
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_HG9DB5ECL8" set before consent

Cookie: _ga_HG9DB5ECL8Domain: .op.gg
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_37HQ1LKWBE" set before consent

Cookie: _ga_37HQ1LKWBEDomain: .op.gg
Google Analytics
criticalCookieAnalyticsGoogle Analytics

Google Analytics cookie "_ga_WCXGQGETWH" set before consent

Cookie: _ga_WCXGQGETWHDomain: .op.gg
criticalConsent Record

No recognizable consent cookie or storage entry detected after interaction — GDPR Article 7(1) requires controllers to demonstrate consent was given (server-side storage cannot be verified)

criticalConsent Record

No recognizable consent withdrawal mechanism detected — GDPR Article 7(3) requires users can withdraw consent as easily as giving it (cookie settings link or floating button expected)

Warnings42

A tag container or script loaded before consent but tags appear correctly gated (e.g. GTM with Consent Mode v2). Not a violation on its own — review to confirm downstream tags stay blocked.

Google Tag Manager
Google Tag Manager2 findingsID tracked

www.googletagmanager.com

Google Tag Manager
warningNetworkTag ManagementGoogle Tag Manager

Google Tag Manager loads before consent — this is expected and required for GCM v2 to initialise consent defaults before any tags fire

ID: GTM-WKTM6W8THost: www.googletagmanager.comFired: 377ms after load
Google Tag Manager
warningGTMTag ManagementGoogle Tag Manager

GTM loaded before consent banner — IP address transmitted to Google pre-consent (container: GTM-WKTM6W8T)

Google Analytics
Google Analytics2 findingsID tracked

region1.analytics.google.com, region1.google-analytics.com

GA4
warningNetworkAnalyticsGA4

GA4 cookieless ping detected before consent — GCM v2 active with analytics_storage: denied. No cookies or user identifiers are collected in this request.

ID: G-HKZFKE5JELHost: region1.analytics.google.comFired: 1875ms after load
GA4
warningNetworkAnalyticsGA4

GA4 cookieless ping detected before consent — GCM v2 active with analytics_storage: denied. No cookies or user identifiers are collected in this request.

ID: G-37HQ1LKWBEHost: region1.google-analytics.comFired: 3212ms after load
Google (Tracker Tracker)
Google (Tracker Tracker)3 findingsID tracked

stats.g.doubleclick.net, securepubads.g.doubleclick.net, ad.doubleclick.net

Google (Tracker Tracker)
warningNetworkGoogle (Tracker Tracker)

Google (Tracker Tracker) cookieless ping detected before consent — GCM v2 active with ad_storage and ad_user_data: denied. No user identifiers are collected in this request.

ID: G-HKZFKE5JELHost: stats.g.doubleclick.netFired: 1877ms after load
Google (Tracker Tracker)
warningNetworkGoogle (Tracker Tracker)

Google (Tracker Tracker) cookieless ping detected before consent — GCM v2 active with ad_storage and ad_user_data: denied. No user identifiers are collected in this request.

Host: securepubads.g.doubleclick.netFired: 3641ms after load
Google (Tracker Tracker)
warningNetworkGoogle (Tracker Tracker)

Google (Tracker Tracker) cookieless ping detected before consent — GCM v2 active with ad_storage and ad_user_data: denied. No user identifiers are collected in this request.

Host: ad.doubleclick.netFired: 4615ms after load
vendor logo
warningNetwork

Unknown third-party request to opgg-pdc.our.gg before consent

ID: G-HG9DB5ECL8Host: opgg-pdc.our.ggFired: 3033ms after load
Zendesk
Zendesk6 findings

static.zdassets.com, ekr.zdassets.com, opggsupport.zendesk.com, ZD-suid, ZD-testStorage, ZD-buid

Zendesk
warningNetworkCustomer SupportZendesk

Zendesk (Zendesk) loaded before consent: Zendesk support widget and analytics

Host: static.zdassets.comFired: 379ms after load
Zendesk
warningNetworkCustomer SupportZendesk

Zendesk (Zendesk) loaded before consent: Zendesk support widget and analytics

Host: ekr.zdassets.comFired: 1591ms after load
Zendesk
warningNetworkCustomer SupportZendesk

Zendesk (Zendesk) loaded before consent: Zendesk support platform tracking

Host: opggsupport.zendesk.comFired: 2643ms after load
Zendesk
warningStorageCustomer SupportZendesk

Zendesk (Zendesk) wrote "ZD-suid" to localStorage before consent

Key: ZD-suidType: localStorageFired: 2431ms after load
Zendesk
warningStorageCustomer SupportZendesk

Zendesk (Zendesk) wrote "ZD-testStorage" to localStorage before consent

Key: ZD-testStorageType: localStorageFired: 2431ms after load
Zendesk
warningStorageCustomer SupportZendesk

Zendesk (Zendesk) wrote "ZD-buid" to localStorage before consent

Key: ZD-buidType: localStorageFired: 2634ms after load
Google Ads
Google Ads4 findings

www.google.com, pagead2.googlesyndication.com, www.googleadservices.com, googleads.g.doubleclick.net

Google Ads
warningNetworkAdvertisingGoogle Ads

Google Ads cookieless ping detected before consent — GCM v2 active with ad_storage and ad_user_data: denied. No user identifiers are collected in this request.

Host: www.google.comFired: 1711ms after load
Google Ads
warningNetworkAdvertisingGoogle Ads

Google Ads cookieless ping detected before consent — GCM v2 active with ad_storage and ad_user_data: denied. No user identifiers are collected in this request.

Host: pagead2.googlesyndication.comFired: 2488ms after load
Google Ads
warningNetworkAdvertisingGoogle Ads

Google Ads cookieless ping detected before consent — GCM v2 active with ad_storage and ad_user_data: denied. No user identifiers are collected in this request.

Host: www.googleadservices.comFired: 3345ms after load
Google Ads
warningNetworkAdvertisingGoogle Ads

Google Ads cookieless ping detected before consent — GCM v2 active with ad_storage and ad_user_data: denied. No user identifiers are collected in this request.

Host: googleads.g.doubleclick.netFired: 3534ms after load
Google Consent Mode
warningConsent ModeGoogle Consent Mode

Consent Mode detected but no consent update call fires on rejection — Consent Mode V2 may not be properly wired to your CMP

vendor logo
warningNetwork

Unknown third-party request to opgg.rybbit.com before consent

Host: opgg.rybbit.comFired: 377ms after load
vendor logo
warningNetwork

Unknown third-party request to fundingchoicesmessages.google.com before consent

Host: fundingchoicesmessages.google.comFired: 379ms after load
vendor logo
warningNetwork

Unknown third-party request to js.opgg.beer before consent

Host: js.opgg.beerFired: 2185ms after load
vendor logo
warningNetwork

Unknown third-party request to css.opgg.beer before consent

Host: css.opgg.beerFired: 2185ms after load
vendor logo
warningNetwork

Unknown third-party request to js.rev.iq before consent

Host: js.rev.iqFired: 4058ms after load
warningStorage

localStorage key "opgg_campaign_interaction" written before consent

Key: opgg_campaign_interactionType: localStorageFired: 1287ms after load
warningStorage

localStorage key "64101003b600e9011625a519.clientId" written before consent

Key: 64101003b600e9011625a519.clientIdType: localStorageFired: 2634ms after load
warningStorage

localStorage key "CMPList" written before consent

Key: CMPListType: localStorageFired: 4119ms after load
warningStorage

localStorage key "gbc_consent" written before consent

Key: gbc_consentType: localStorageFired: 4127ms after load
warningStorage

localStorage key "_opgg_beer_privacy_flags" written before consent

Key: _opgg_beer_privacy_flagsType: localStorageFired: 4131ms after load
warningStorage

localStorage key "visitTimestamp" written before consent

Key: visitTimestampType: localStorageFired: 4161ms after load
warningStorage

localStorage key "ruid" written before consent

Key: ruidType: localStorageFired: 4430ms after load
warningStorage

localStorage key "_cmpShown" written before consent

Key: _cmpShownType: localStorageFired: 4479ms after load
warningStorage

localStorage key "_config" written before consent

Key: _configType: localStorageFired: 4489ms after load
warningStorage

sessionStorage key "latest_ts" written before consent

Key: latest_tsType: sessionStorageFired: 4566ms after load
warningStorage

sessionStorage key "latest_fn" written before consent

Key: latest_fnType: sessionStorageFired: 4571ms after load
warningStorage

sessionStorage key "BT_sid" written before consent

Key: BT_sidType: sessionStorageFired: 4590ms after load
warningStorage

localStorage key "2DFj" written before consent

Key: 2DFjType: localStorageFired: 4847ms after load
warningStorage

sessionStorage key "_1Fj" written before consent

Key: _1FjType: sessionStorageFired: 4847ms after load
warningStorage

sessionStorage key "CD3u2v==" written before consent

Key: CD3u2v==Type: sessionStorageFired: 4848ms after load
warningStorage

localStorage key "_iiq_fdata" written before consent

Key: _iiq_fdataType: localStorageFired: 4852ms after load
warningStorage

sessionStorage key "9pAd_7S=" written before consent

Key: 9pAd_7S=Type: sessionStorageFired: 4999ms after load
warningStorage

localStorage key "BT_AA_DETECTION" written before consent

Key: BT_AA_DETECTIONType: localStorageFired: 5609ms after load
Info5

Neutral observations — activity we detected that isn’t a violation but is useful context (e.g. essential cookies, CMP initialisation).

Google (Cdn)
infoNetworkGoogle (Cdn)

Google (cdn) loaded before consent

ID: G-HKZFKE5JELHost: www.google.nlFired: 1880ms after load
Cloudflare (Cdn)
infoNetworkCloudflare (Cdn)

Cloudflare (cdn) loaded before consent

Host: challenges.cloudflare.comFired: 377ms after load
InMobi (Cdn)
InMobi (Cdn)2 findings

cmp.inmobi.com, api.cmp.inmobi.com

InMobi (Cdn)
infoNetworkInMobi (Cdn)

InMobi (cdn) loaded before consent

Host: cmp.inmobi.comFired: 2824ms after load
InMobi (Cdn)
infoNetworkInMobi (Cdn)

InMobi (cdn) loaded before consent

Host: api.cmp.inmobi.comFired: 4545ms after load
infoStorageFunctionallocalStorage availability probe

localStorage availability probe (null) wrote "__storage_test__" to localStorage before consent

Key: __storage_test__Type: localStorageFired: 3966ms after load
Compliant2

Tags that fired only after the user gave consent — working as intended.

CompliantCookieConsent MgmtIAB TCF

IAB TCF cookie "euconsent-v2" set correctly after consent

Cookie: euconsent-v2Domain: .op.gg
Google AdSense
CompliantCookieSecurityGoogle AdSense

Google AdSense cookie "__eoi" set correctly after consent

Cookie: __eoiDomain: .op.ggRetention: 3 Months

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan op.gg

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com