Ubisoft

ubisoft.com

Compare

https://ubisoft.com

Scanned Apr 15, 2026 · 37.0s

Your website score is

0/100
Critical

Grade

F0

Banner

Yes

Regulatory Compliance

Multi-regulation overview — click any regulation for details

Technical scan only. A passing score does not equal legal compliance. Consult qualified legal counsel for your jurisdiction.

Tag Leak detected 16 user data leaks before consent on ubisoft.com, including Advertising Tracker.

Security Headers

1/6 present

Strict-Transport-Security

Add HSTS header to enforce HTTPS connections and prevent downgrade attacks

Content-Security-Policy

frame-ancestors 'self';

X-Frame-Options

Add X-Frame-Options header to prevent clickjacking attacks

X-Content-Type-Options

Set X-Content-Type-Options to 'nosniff' to prevent MIME type sniffing

Referrer-Policy

Set a Referrer-Policy header to control how much referrer information is shared

Permissions-Policy

Add a Permissions-Policy header to restrict browser features like camera, microphone, and geolocation

Google Consent Mode

V2
95/100

Consent Parameters

ParameterDefault
Ad Storagedenied
Ad User Datadenied
Ad Personalizationdenied
Analytics Storagedenied
Functionality Storagenot_set
Personalization Storagenot_set
Security Storagenot_set

Issues (1)

No GTM container detected — consent mode works best with Google Tag Manager

Post-Rejection Audit

Reject Button

Found

Post-Rejection Fires

0 vendors

Consent Mode

Not Detected

GTM Load

Not detected

Consent Mode V2: Not Detected

Google Consent Mode was not detected on this site.

✓ gtag('consent', 'update') call detected on rejection

No tracking vendors detected firing after rejection

Consent Record Audit

Issues detected

Consent record stored after interaction

GDPR Art. 7(1)

Found: OptanonConsent (OneTrust)

Record contains timestamp

Art. 7(1)

Timestamp field detected

Record contains consent state

Art. 7(1)

Accept/reject state detected

Record contains consent categories

Art. 7(1)

Consent categories (analytics, marketing, etc.) not found in record

Consent withdrawal mechanism accessible

GDPR Art. 7(3)

No way for users to withdraw consent found on page

No cookie settings link, footer link, or floating consent button was detected. GDPR requires users to withdraw consent as easily as they gave it.

Why this matters

Under GDPR Article 7, controllers must be able to demonstrate that consent was given (Art. 7(1)) and ensure users can withdraw consent at any time, as easily as giving it (Art. 7(3)). Sites with no consent record or no withdrawal mechanism cannot legally rely on consent as a lawful basis.

Tracker categories detected

Advertising1 vendor
Security5
Functional1 vendor
Critical3
Advertising Tracker
Advertising Tracker2 findings

try.abtasty.com, dcinfos-cache.abtasty.com

Advertising Tracker
criticalNetworkAdvertisingAdvertising Tracker

advertising tracker at try.abtasty.com loaded before consent

Host: try.abtasty.comFired: 483ms after load
Advertising Tracker
criticalNetworkAdvertisingAdvertising Tracker

advertising tracker at dcinfos-cache.abtasty.com loaded before consent

Host: dcinfos-cache.abtasty.comFired: 3198ms after load
criticalConsent Record

No recognizable consent withdrawal mechanism detected — GDPR Article 7(3) requires users can withdraw consent as easily as giving it (cookie settings link or floating button expected)

Warnings14
warningConsentUnknown

Unknown was clicked but no consent storage was written — tags may continue firing as if consent was never given

vendor logo
warningNetwork

Unknown third-party request to ubiservices.cdn.ubi.com before consent

Host: ubiservices.cdn.ubi.comFired: 460ms after load
vendor logo
warningNetwork

Unknown third-party request to static3.cdn.ubi.com before consent

Host: static3.cdn.ubi.comFired: 844ms after load
vendor logo
warningNetwork

Unknown third-party request to public-ubiservices.ubi.com before consent

Host: public-ubiservices.ubi.comFired: 2950ms after load
vendor logo
warningNetwork

Unknown third-party request to avcvysejs1-dsn.algolia.net before consent

Host: avcvysejs1-dsn.algolia.netFired: 2982ms after load
vendor logo
warningNetwork

Unknown third-party request to xely3u4lod-dsn.algolia.net before consent

Host: xely3u4lod-dsn.algolia.netFired: 2983ms after load
vendor logo
warningNetwork

Unknown third-party request to code.jquery.com before consent

Host: code.jquery.comFired: 5316ms after load
warningStorage

localStorage key "react-scan-widget-settings-v2" written before consent

Key: react-scan-widget-settings-v2Type: localStorageFired: 1332ms after load
warningStorage

sessionStorage key "hasVisitedInternally" written before consent

Key: hasVisitedInternallyType: sessionStorageFired: 1730ms after load
warningStorage

localStorage key "consentModeDefault" written before consent

Key: consentModeDefaultType: localStorageFired: 2517ms after load
warningStorage

localStorage key "hasLocalStorage" written before consent

Key: hasLocalStorageType: localStorageFired: 5308ms after load
warningStorage

localStorage key "PRODOverlayConnectLoginData" written before consent

Key: PRODOverlayConnectLoginDataType: localStorageFired: 5870ms after load
warningStorage

localStorage key "PRODOverlayConnectError" written before consent

Key: PRODOverlayConnectErrorType: localStorageFired: 5870ms after load
warningStorage

localStorage key "PRODOverlayConnectSsoExpiration" written before consent

Key: PRODOverlayConnectSsoExpirationType: localStorageFired: 5872ms after load
Info3
infoCookieFunctionalNext

Next cookie "NEXT_LOCALE" set before consent — This cookie can be set using a language switcher and then when a user comes back to the site it will leverage the locale specified in the cookie when redirecting from / to the correct locale location.

Cookie: NEXT_LOCALEDomain: www.ubisoft.comRetention: Session
infoCookieFunctional

AWS Application Load Balancer — necessary for infrastructure

Cookie: AWSALBDomain: redirection.ubisoft.com
infoCookieFunctional

AWS Application Load Balancer — necessary for infrastructure

Cookie: AWSALBCORSDomain: redirection.ubisoft.com

Is this your site?

Run a full multi-page scan with monitoring and get detailed remediation steps

Scan ubisoft.com

This audit is based on publicly observable website behavior. To request removal from the index, email support@tagleak.com