24 Hour Fitness has a broken unsubscribe page. You get one of their marketing emails. You click the unsubscribe link at the bottom. It takes you here:
https://www.24hourfitness.com/members/unsubscribe
You enter your email. You click unsubscribe. You get a mysterious error message in Spanish.
I found the bug. It's one line of JavaScript. I reported it back in November 2025. No response. So I built my own unsubscribe page.
"The audacity of a Spanish error message on a US gym website." — Claude
What the heck is this? 🤔
Error de conexión al obtener el token de OneTrust.
OneTrust is an American software company that develops privacy, security, and data governance software. Their platform includes tools for consent management and regulatory compliance automation.
The irony: OneTrust is literally a consent management platform focused on regulatory compliance, and 24 Hour Fitness is using it to violate consent regulations. The error is in Spanish for some reason.
This is actually illegal
The CAN-SPAM Act requires commercial emails to have a working opt-out mechanism. Companies that violate this face serious fines:
- Verkada: $2.95 million (2024) - the largest CAN-SPAM penalty ever. They ignored opt-out requests.
- Jumpstart Technologies: $900,000 (2006) - didn't process opt-out requests in time.
- Experian: $650,000 (2023) - spammed users with emails they couldn't opt out of.
Each individual email can carry a penalty of up to $53,088.
Marketing email = psychic attack
I don't subscribe to anything. Not newsletters. Not Substacks. Not even blogs from writers I deeply care about. My inbox is for communication, not marketing.
I'm definitely not subscribing to 24 Hour Fitness marketing spam.
Since October 2025, I've received 40 marketing emails. Every single one links to the same broken unsubscribe page.
Each of these emails is a psychic attack. An attack on my attention. Here are the subject lines:
$20 off BUM Energy Cases ⚡️
I don't know what BUM energy is. I just want to lift.
3 tips for healthier holiday eating
I don't want tips. I just want to lift.
30% off creatine to power your holidays 💪
I already have creatine. I just want to lift.
Ahmed, find workouts made for you
I already have workouts. I just want to lift.
Best Personal Training Offer of the Year
I don't want personal training. I just want to lift.
Bring a Guest This Friday for Free
I already have free guest passes. I just want to lift.
Bring your workout buddy for free 💪
I already have free guest passes. I just want to lift.
Celebrating Coach Joshua 🎉
I don't know Coach Joshua. I just want to lift.
Celebrating Coach Karen 🎉
I don't know Coach Karen. I just want to lift.
Don't Miss Out: Sessions As Low as $55.08 🔥
I just want to lift.
Feel Stronger Every Time with HIIT24™
I just want to lift.
Find your community in our group classes
I just want to lift.
First session's on us 💪 let's hit your goals, Ahmed
I just want to lift.
Get better results with Personal Training
I just want to lift.
Here's what you can find at your gym
I know what's at my gym. I just want to lift.
January Slump, Ahmed? Your Nutrition Support Is Here
I'm not in a slump. I just want to lift.
Let's get started, Ahmed. Your fitness just leveled up.
I just want to lift.
One More Day To Check In and Win $5,000 💰
I don't need to win money from my gym. I just want to lift.
Our Best Training Price of the Year 🏋🏻♀️
I just want to lift.
Partner With a Dietitian to Kickstart Your 2026 Goals
I don't need a dietitian. I just want to lift.
Premium equipment. Spacious gyms. All yours.
I know. I just want to lift.
Ready for the Check-in Challenge? 🏋️
I don't want challenges. I just want to lift.
Stay Strong and Win $5,000 💰
I just want to lift.
Stock Up on Quest® on Thursdays
I just want to lift.
Story of strength: Sam Tokita 💪
I don't need more stories. I just want to lift.
Stronger Together for Breast Cancer Awareness
I just want to lift.
The Challenge Starts Today 💪
I just want to lift.
Time Is Ticking on Black Friday Savings ⏱️
I don't want Black Friday deals from my gym. I just want to lift.
Track Your Check-In Streak in 24GO
I don't want to track anything. I just want to lift.
Unlock rewards with every visit
I just want to lift.
Use Your Leftover FSA for Fitness! 🏋🏻
I don't need to use my FSA for gym stuff. I just want to lift.
We've carved out some spooktacular fun for you 🎃
I don't want spook-tacular fun. I just want to lift.
Win $5,000 This Holiday Season 💰
I just want to lift.
Work out with visiting family 🤝
I just want to lift.
Work out with visiting family 🤝
You sent this one twice. I just want to lift.
Workouts for wherever the journey takes you
I just want to lift.
Your 24GO app is smarter than you think
I don't need a smart app. I just want to lift.
Your friend's free workout is waiting 💪
I already have guest passes. I just want to lift.
Your new workout wear is here ✨
I don't need workout wear. I just want to lift.
You're Invited to a Block Party! 🎉
I don't want to go to a block party. I just want to lift.
I'm paying for this membership. I can't opt out of their spam. This is evil.
This isn't new for 24 Hour Fitness
I found this Reddit post from February 2019:
Almost 7 years ago, same problem.
24 Hour Fitness has had unsubscribe problems for at least 7 years. Not only do they make it hard to cancel your gym membership, they also make it hard to escape their marketing emails.
I hope they fix this. If I'm dealing with it, I'm sure thousands of others are too.
I reported it. No response.
I submitted a bug report via their contact form back in November 2025.
They replied: "Thank you Ahmed, for reaching out! We will make sure your comments are forwarded to the appropriate person. Please be assured we are doing our best to follow up as soon as possible, typically within 10 business days."
Weeks later. No response. Bug still broken. Emails still coming.
The one-line JavaScript fix
I looked at their code. The bug is embarrassingly simple:
$.ajax({
type: "POST",
url: m.urlPost,
data: JSON.stringify({...}),
contentType: !1,
...
})
contentType: false tells jQuery to skip the Content-Type header. The server expects JSON. It rejects the request.
The fix:
contentType: "application/json"
One line. Broken for months.
So I built my own unsubscribe page
My page calls the same API with the correct header. It just works.
If you know someone on the 24 Hour Fitness engineering team, please share this with them. It's a one-line fix.