ConsentMark
Free Scan
Contentsquare logo
AnalyticsHigh complexity

Contentsquare

by contentsquare

All product names, logos, and trademarks are the property of their respective owners. Their inclusion here is for identification purposes only and does not imply endorsement by Obscurity Ltd.

Sets cookies
Yes
Sends PII
No
Cross-site tracking
No
Consent required
Analytics
Transfer mechanism
EU data centres (French company); SCCs and EU-US DPF for international transfers
Cookies
_cs_id_cs_s_cs_c_cs_mk_ga

Overview

One of the most data-intensive analytics tags found on regulated websites. Captures granular user interactions including clicks, scrolls, hovers, and full session replays, creating a detailed record of visitor behaviour that can inadvertently include sensitive personal data displayed on screen. Since acquiring Hotjar in 2021, the Contentsquare ecosystem spans both enterprise and SMB deployments, and organisations should treat any session replay capability as high-risk from a data protection standpoint.

Detection capabilities

Signature count
1
Detection methods
network
Property types
hostname

Performance impact

Performance Impact

Script size
60 KB
Requests per page
1

Common mistakes

  • 1Deploying Contentsquare without configuring comprehensive data masking, allowing session replays to capture sensitive personal data displayed on screen including financial balances, health information, and personal details
  • 2Treating Contentsquare as a standard analytics tool when session replay and detailed interaction capture constitute a more intrusive form of processing that typically requires specific consent
  • 3Not conducting a data protection impact assessment before deployment, which is generally required for session recording and detailed behavioural monitoring under GDPR Article 35
  • 4Failing to restrict Contentsquare to appropriate pages - recording sessions on login pages, account management sections, or payment flows without masking creates significant data breach risk
  • 5Not reviewing the data sharing implications when Contentsquare integrates with other analytics platforms, which can create additional data flows not covered by the original consent

Compliance considerations

Contentsquare sets first-party cookies (_cs_c, _cs_id, _cs_s) and transmits detailed interaction data including session replays to Contentsquare servers. Contentsquare is a French company and offers EU-hosted data processing, which simplifies transfer compliance for European organisations. However, session recording tools are consistently identified by European DPAs as requiring explicit consent under the ePrivacy Directive due to the depth of behavioural data captured. Contentsquare provides built-in data masking and privacy controls, but these must be actively configured - default settings may not provide sufficient protection for regulated organisations. A DPIA should be conducted before deployment, the tool should be blocked until explicit consent is obtained, and masking rules should be comprehensively tested to ensure no sensitive data appears in session replays.

Related services

Amplitude

amplitude

AnalyticsLow risk

1 detection signature

Azure Application Insights

azure-application-insights

AnalyticsMedium risk

3 detection signatures

Cloudflare Analytics

cloudflare-analytics

AnalyticsLow risk

2 detection signatures

Cooladata

cooladata

AnalyticsLow risk

2 detection signatures

Scan your site for contentsquare

Run a free Consentmark scan to see how contentsquare is loading on your site, whether it respects consent, and where governance gaps exist across your wider tag estate.

Start a free scan