https://sudoku.com
Scanned Apr 15, 2026 · 38.6s
Your website score is
Grade
BannerConsent Banner
Yes
Regulatory Compliance
Multi-regulation overview — click any regulation for details
Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.
Tag Leak detected 72 user data leaks before consent on sudoku.com, including GA4, OneTrust (Tracker Tracker), Meta Pixel and 20 more.
Security Headers
1/6 presentStrict-Transport-Security
Add HSTS header to enforce HTTPS connections and prevent downgrade attacks
Content-Security-Policy
Add a Content-Security-Policy header to prevent XSS and code injection attacks
X-Frame-Options
SAMEORIGIN always;
X-Content-Type-Options
Set X-Content-Type-Options to 'nosniff' to prevent MIME type sniffing
Referrer-Policy
Set a Referrer-Policy header to control how much referrer information is shared
Permissions-Policy
Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation
Google Consent Mode
V2Consent Parameters
Issues (1)
No GTM container detected — consent mode works best with Google Tag Manager
Post-Rejection Audit
Reject Button
Found
Post-Rejection Fires
1 vendor
Consent Mode
Advanced
GTM Load
Not detected
Consent Mode V2: Advanced
Advanced Consent Mode — consent update call fires on rejection and tracking stops correctly.
✓ gtag('consent', 'update') call detected on rejection
Vendors firing after rejection (1)
| Vendor | Category | Timing | URL |
|---|---|---|---|
| Google — GA4 | analytics | 21809ms | region1.google-analytics.com |
Consent Record Audit
PassConsent record stored after interaction
GDPR Art. 7(1)Found: OptanonConsent (OneTrust)
Record contains timestamp
Art. 7(1)Timestamp field detected
Record contains consent state
Art. 7(1)Accept/reject state detected
Record contains consent categories
Art. 7(1)Consent categories (analytics, marketing, etc.) not found in record
Consent withdrawal mechanism accessible
GDPR Art. 7(3)Cookie settings link / floating button found
Tracker categories detected
Critical31
Magnite (advertising) loaded before consent
GA4 loads before consent — this is expected and required for GCM v2 to initialise consent defaults before any tags fire
OneTrust (tracker) loaded before consent
Meta Pixel (Meta) loaded before consent: Sends user data to Meta for ad targeting and conversion tracking
Perion (advertising) loaded before consent
Advertising Tracker2 findingsk.streamrail.com, csi.gstatic.com
k.streamrail.com, csi.gstatic.com
advertising tracker at k.streamrail.com loaded before consent
advertising tracker at csi.gstatic.com loaded before consent
Amazon (Advertising Tracker)3 findingsc.amazon-adsystem.com, config.aps.amazon-adsystem.com, aax.amazon-adsystem.com
c.amazon-adsystem.com, config.aps.amazon-adsystem.com, aax.amazon-adsystem.com
Amazon (advertising) loaded before consent
Amazon (advertising) loaded before consent
Amazon (advertising) loaded before consent
Google (Tracker Tracker)2 findingswww.googletagservices.com, s0.2mdn.net
www.googletagservices.com, s0.2mdn.net
Google (tracker) loaded before consent
Google (tracker) loaded before consent
RTBHouse (advertising) loaded before consent
Criteo2 findingsstatic.criteo.net, cto_bundle
static.criteo.net, cto_bundle
Criteo (Criteo) loaded before consent: Criteo retargeting and display advertising
Criteo cookie "cto_bundle" set before consent
InMobi (advertising) loaded before consent
media.net (advertising) loaded before consent
Nexxen (advertising) loaded before consent
OpenX (tracker) loaded before consent
IndexExchange (advertising) loaded before consent
Microsoft (advertising) loaded before consent
TripleLift (advertising) loaded before consent
PublicisGroupe (tracker) loaded before consent
Criteo (advertising) loaded before consent
Google (Advertising Tracker)2 findingsep1.adtrafficquality.google, ep2.adtrafficquality.google
ep1.adtrafficquality.google, ep2.adtrafficquality.google
Google (advertising) loaded before consent
Google (advertising) loaded before consent
PubMatic (Advertising Tracker)2 findingshbopenbid.pubmatic.com, ads.pubmatic.com
hbopenbid.pubmatic.com, ads.pubmatic.com
PubMatic (advertising) loaded before consent
PubMatic (advertising) loaded before consent
Adform cookie "uid" set before consent — Contains a unique ID to identify a user
Mediamath cookie "uuid" set before consent — Collects data on the user's visits to the website, such as what pages have been loaded. The registered data is used for targeted ads.
Google — GA4 fires after user rejected consent
Warnings42
GA4 cookieless ping detected before consent — GCM v2 active with analytics_storage: denied. No cookies or user identifiers are collected in this request.
Google (Tracker Tracker) cookieless ping detected before consent — GCM v2 active with ad_storage and ad_user_data: denied. No user identifiers are collected in this request.
Google Ads4 findingspagead2.googlesyndication.com, 79a80e583ba7164837229e55f1bb780e.safeframe.googlesyndication.com, tpc.googlesyndication.com, googleads.g.doubleclick.net
pagead2.googlesyndication.com, 79a80e583ba7164837229e55f1bb780e.safeframe.googlesyndication.com, tpc.googlesyndication.com, googleads.g.doubleclick.net
Google Ads cookieless ping detected before consent — GCM v2 active with ad_storage and ad_user_data: denied. No user identifiers are collected in this request.
Google Ads cookieless ping detected before consent — GCM v2 active with ad_storage and ad_user_data: denied. No user identifiers are collected in this request.
Google Ads cookieless ping detected before consent — GCM v2 active with ad_storage and ad_user_data: denied. No user identifiers are collected in this request.
Google Ads cookieless ping detected before consent — GCM v2 active with ad_storage and ad_user_data: denied. No user identifiers are collected in this request.
Unknown third-party request to sdk.rfunbox.com before consent
Unknown third-party request to cfg.easybrain.com before consent
Unknown third-party request to api-liveops.easybrain.com before consent
Unknown third-party request to tournaments.easybrain.com before consent
Unknown third-party request to sdk.streamrail.com before consent
Unknown third-party request to s3-ca-liveops.easybrain.com before consent
Unknown third-party request to settings.vidiom.net before consent
Unknown third-party request to redirector.gvt1.com before consent
Unknown third-party request to r4---sn-5hne6nzd.gvt1.com before consent
Unknown third-party request to pubmatic.bbvms.com before consent
Unknown third-party request to cdn.bluebillywig.com before consent
Unknown third-party request to stats.mainroll.com before consent
localStorage key "utms" written before consent
localStorage key "game_settings" written before consent
sessionStorage key "ad_native_config" written before consent
localStorage key "notification_count" written before consent
localStorage key "placement_screen" written before consent
localStorage key "start_level" written before consent
localStorage key "best_levels" written before consent
localStorage key "best_score" written before consent
localStorage key "ets" written before consent
localStorage key "euid" written before consent
localStorage key "prev_screen" written before consent
localStorage key "ets_temp" written before consent
localStorage key "rs_usid" written before consent
localStorage key "rs_prev_sd" written before consent
localStorage key "tournament" written before consent
localStorage key "postcards" written before consent
localStorage key "_GESPSK-rtbhouse" written before consent
localStorage key "_GESPSK-esp.criteo.com" written before consent
localStorage key "prebid.cookieTest" written before consent
localStorage key "criteo_localstorage_check" written before consent
localStorage key "__localStorage_test__" written before consent
localStorage key "_pubcid_exp" written before consent
localStorage key "_pubcid" written before consent
localStorage key "cto_bundle" written before consent
Info7
Google (Cdn)3 findingsimasdk.googleapis.com, fonts.googleapis.com, www.gstatic.com
imasdk.googleapis.com, fonts.googleapis.com, www.gstatic.com
Google (cdn) loaded before consent
Google (cdn) loaded before consent
Google (cdn) loaded before consent
OneTrust CMP (OneTrust) loaded before consent: OneTrust geo-lookup — determines which consent banner to show based on user location
Cloudflare cookie "__cflb" set before consent — When enabling session affinity with Cloudflare Load Balancer, Cloudflare sets a __cflb cookie with a unique value on the first response to the requesting client. Cloudflare routes future requests to the same origin, optimizing network resource usage. In the event of a failover, Cloudflare sets a new __cflb cookie to direct future requests to the failover pool.
OneTrust cookie "OptanonConsent" set before consent
Google cookie "receive-cookie-deprecation" set before consent — This cookie ensures browers in an experiment group of the Chrome-facilitated testing period include the Sec-Cookie-Deprecation request header as soon as it becomes available.
Compliant7
Google Analytics3 findingsID trackedregion1.analytics.google.com, _ga, _ga_LKCCSV4WGG
region1.analytics.google.com, _ga, _ga_LKCCSV4WGG
GA4 (Google) loaded correctly after consent
Google Analytics cookie "_ga" set correctly after consent
Google Analytics cookie "_ga_LKCCSV4WGG" set correctly after consent
Meta Pixel2 findingsID trackedwww.facebook.com, _fbp
www.facebook.com, _fbp
Meta Pixel (Meta) loaded correctly after consent
Meta Pixel cookie "_fbp" set correctly after consent
Google Ads (Google) loaded correctly after consent
OneTrust cookie "OptanonAlertBoxClosed" set correctly after consent
Is this your site?
Run a full multi-page scan with monitoring and get detailed remediation steps
Scan sudoku.com →This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com