{"type":"certscore_pulse","meta":{"apiVersion":"v1","schemaVersion":"0.5.1","pulseVersion":"2026-05-18","projectionVersion":"pulse-public-v1","generatedAt":"2026-05-26T19:45:32.918Z","source":"certscore.ai","format":"json","detail":"full"},"domain":"kbdlab.io","scanId":"92d630f2-6630-4684-b270-bed734692cb4","scan_id":"92d630f2-6630-4684-b270-bed734692cb4","scanStatus":"completed","summary":{"headline":"Automated scan surfaced public-web review signals with retained evidence.","score":72,"riskLevel":"review_recommended","benchmark":"Commerce / retail / Typical category peer","humanSummary":"Automated scan surfaced consent timing, fingerprinting, privacy tracking review signals.","machineSummary":{"primaryReviewAreas":["consent_timing","fingerprinting","privacy_tracking"],"materialSignals":true,"limitedCoverage":true}},"topFindings":[{"id":"pre_consent_tracking_detected","label":"Third-party tracking observed before recorded consent","criticality":"high","confidence":"strong","plainEnglish":"Observed runtime behavior showed third-party tracking before any recorded consent choice. The first classified tracking request occurred at 1137ms, with representative vendors including Google Tag Manager, Microsoft Clarity, and Microsoft Advertising / Bing UET.","evidence":{"summary":"Before any consent choice was observed, third-party tracking requests were initiated to Google Tag Manager, Microsoft Clarity, and Microsoft Advertising / Bing UET.","observedPhase":null,"exampleEvents":[{"type":"request","vendor":"Google Tag Manager","urlHost":"googletagmanager.com","timestampMs":1137}],"consentContext":{"bannerSeen":null,"bannerSeenAtMs":null,"choiceRecorded":false},"fullEvidenceUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-pre_consent_tracking_detected"},"evidenceDigest":{"basis":"policy_surface_detection","phase":null,"exampleCount":4,"examplesShown":1,"hasTimingAnchor":true,"hasVendorAnchor":true,"hasConsentContext":true,"hasPolicyAnchor":true},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-pre_consent_tracking_detected","nextStep":"Teams commonly review whether consent mode, CMP state, and tag-manager triggers prevent non-essential analytics, advertising, measurement, or replay requests from firing before the relevant consent state is available."},{"id":"third_party_cookie_pre_consent","label":"Third-party cookie or storage observed before consent","criticality":"high","confidence":"strong","plainEnglish":"Observed before a clear user choice was made.","evidence":{"summary":"Observed before a clear user choice was made.","observedPhase":null,"exampleEvents":[{"type":"request","vendor":"Microsoft Advertising / Bing UET","urlHost":"www.googletagmanager.com","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-third_party_cookie_pre_consent"},"evidenceDigest":{"basis":"policy_surface_detection","phase":null,"exampleCount":4,"examplesShown":1,"hasTimingAnchor":false,"hasVendorAnchor":true,"hasConsentContext":true,"hasPolicyAnchor":true},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-third_party_cookie_pre_consent","nextStep":"Teams commonly review whether third-party cookie or storage writes are gated until consent state is available, and manually confirm purpose, necessity, exemption status, and vendor configuration."},{"id":"long_lived_cookie_retention_review","label":"Long-lived cookie retention review","criticality":"high","confidence":"strong","plainEnglish":"CertScore observed 4 persistent tracking or analytics cookies with retained expiry evidence above the 365-day review threshold. Review whether these lifetimes match stated retention, minimization, consent, opt-out, and disclosure practices. Longest observed cookie: MUID on .clarity.ms for about 390 days.","evidence":{"summary":"4 long-lived tracking cookies exceeded the 365-day review threshold.","observedPhase":null,"exampleEvents":[{"type":"request","vendor":"Microsoft Clarity","urlHost":"www.clarity.ms","timestampMs":null},{"type":"page","vendor":null,"urlHost":"www.kbdlab.io","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-long_lived_cookie_retention_review"},"evidenceDigest":{"basis":"runtime_observation","phase":null,"exampleCount":2,"examplesShown":2,"hasTimingAnchor":false,"hasVendorAnchor":true,"hasConsentContext":false,"hasPolicyAnchor":false},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-long_lived_cookie_retention_review","nextStep":"Review cookie purposes and vendors, shorten unnecessary expiration periods, classify unknown cookies, and update cookie or privacy disclosures to explain retention periods or criteria."},{"id":"session_recording_services_detected","label":"Session replay service signal observed","criticality":"high","confidence":"good","plainEnglish":"Microsoft Clarity session replay service signals were observed during runtime collection.","evidence":{"summary":"This signal is worth reviewer attention.","observedPhase":null,"exampleEvents":[{"type":"request","vendor":"Microsoft Clarity","urlHost":"clarity.ms","timestampMs":null},{"type":"request","vendor":"Microsoft Clarity","urlHost":"www.clarity.ms","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-session_recording_services_detected"},"evidenceDigest":{"basis":"policy_surface_detection","phase":null,"exampleCount":4,"examplesShown":2,"hasTimingAnchor":false,"hasVendorAnchor":true,"hasConsentContext":false,"hasPolicyAnchor":true},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-session_recording_services_detected","nextStep":"Teams commonly review replay vendor configuration, consent gating, masking, sampling, and page-level exclusions to determine whether the retained runtime signal reflects intended behavior."},{"id":"consent_dark_patterns_detected","label":"Consent choice architecture review signals","criticality":"medium","confidence":"good","plainEnglish":"CertScore observed consent or tracking context and did not observe an obvious cookie preferences, privacy settings, or consent-preference reopen control in retained public-page evidence.","evidence":{"summary":"No obvious cookie preferences, privacy settings, or consent-preference reopen control was observed on the scanned public pages.","observedPhase":null,"exampleEvents":[{"type":"request","vendor":null,"urlHost":"kbdlab.io","timestampMs":null},{"type":"request","vendor":null,"urlHost":"www.kbdlab.io","timestampMs":null},{"type":"page","vendor":null,"urlHost":"www.kbdlab.io","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-consent_dark_patterns_detected"},"evidenceDigest":{"basis":"policy_surface_detection","phase":null,"exampleCount":4,"examplesShown":3,"hasTimingAnchor":false,"hasVendorAnchor":false,"hasConsentContext":true,"hasPolicyAnchor":true},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-consent_dark_patterns_detected","nextStep":"Expose reject and settings at the first layer, keep button prominence and interaction cost comparable, and provide a clear cookie preferences, privacy settings, or consent-preference reopen path with supporting withdrawal or preference-management explanation where appropriate."},{"id":"visual_contrast_accessibility_issue","label":"Visual contrast accessibility issue","criticality":"medium","confidence":"strong","plainEnglish":"Automated issues were surfaced in this area.","evidence":{"summary":"Automated issues were surfaced in this area.","observedPhase":null,"exampleEvents":[{"type":"page","vendor":null,"urlHost":"www.kbdlab.io","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-visual_contrast_accessibility_issue"},"evidenceDigest":{"basis":"accessibility_check","phase":null,"exampleCount":4,"examplesShown":1,"hasTimingAnchor":false,"hasVendorAnchor":false,"hasConsentContext":false,"hasPolicyAnchor":true},"reviewLenses":["DOJ / ADA accessibility"],"reviewLensLinks":[{"name":"DOJ / ADA accessibility","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-doj-ada-accessibility"}],"anchorUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-visual_contrast_accessibility_issue","nextStep":"Teams commonly review the affected selector, color pair, component state, and applicable contrast threshold before adjusting design tokens or component styles."}],"capabilities":{"method":"automated_runtime_analysis","observes":["pre_consent_tracking","third_party_requests","consent_enforcement_gaps","cookie_activity","accessibility_signals","disclosure_inconsistencies"],"doesNotProvide":["legal_advice","certification","compliance_determination"]},"coverage":{"status":"partial","homepageObserved":true,"interruptionCount":1,"summary":"Automated public-web scan completed with coverage limitations. Homepage findings are based on observable public-page evidence.","limitations":["Automated public-web scan only.","Coverage may be affected by bot defenses, geography, consent flow branching, lazy loading, protected routes, authenticated-only areas, or other runtime conditions. Absence of findings should not be interpreted as absence of risk."],"interruptions":[{"label":"Completed with access limitations","reason":"The scan still retained 36 signals across 3 pages before deeper access was limited after Tier 5.","reviewTitle":"Access limited by site protections","reviewReason":"Reason: the homepage presented an authentication wall before the scanner could verify a usable public page surface."}]},"links":{"canonicalPulseUrl":"https://certscore.ai/pulse/kbdlab.io","jsonUrl":"https://certscore.ai/api/v1/pulse?url=https%3A%2F%2Fkbdlab.io","markdownUrl":"https://certscore.ai/api/v1/pulse?url=https%3A%2F%2Fkbdlab.io&format=markdown","fullJsonUrl":"https://certscore.ai/api/v1/pulse?url=https%3A%2F%2Fkbdlab.io&detail=full","scanJsonUrl":"https://certscore.ai/api/v1/pulse?scanId=92d630f2-6630-4684-b270-bed734692cb4","immutableJsonUrl":"https://certscore.ai/api/v1/pulse?scanId=92d630f2-6630-4684-b270-bed734692cb4","immutableMarkdownUrl":"https://certscore.ai/api/v1/pulse?scanId=92d630f2-6630-4684-b270-bed734692cb4&format=markdown","immutableFullJsonUrl":"https://certscore.ai/api/v1/pulse?scanId=92d630f2-6630-4684-b270-bed734692cb4&detail=full","fullReportUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4","docsUrl":"https://certscore.ai/api-pulse","findingsReferenceUrl":"https://certscore.ai/findings"},"feedback":{"prompt":"Was this Pulse useful?","email":"support@certscore.ai","feedbackUrl":"https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_cad4b0e5-16d8-4cb7-b2c0-70f0387d247e","positiveUrl":"https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_cad4b0e5-16d8-4cb7-b2c0-70f0387d247e&rating=useful","negativeUrl":"https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_cad4b0e5-16d8-4cb7-b2c0-70f0387d247e&rating=not_useful"},"agentInterpretation":{"responseClass":"completed_pulse","safeSummaryUse":true,"requiresHumanReview":true,"doNotCallThis":["legal_advice","certification","compliance_determination"]},"disclaimer":"CertScore provides automated public-web observations for review. Results may be incomplete or contain errors. CertScore does not provide legal advice nor certify compliance. Always review the underlying evidence and consult qualified experts where appropriate.","request":{"pulseRequestId":"pulse_req_cad4b0e5-16d8-4cb7-b2c0-70f0387d247e","url":"https://kbdlab.io","normalizedUrl":"https://kbdlab.io","domain":"kbdlab.io","detail":"full","format":"json","freshness":"latest","waitSeconds":0,"resolutionMode":"reused_existing_scan"},"scan":{"scanId":"92d630f2-6630-4684-b270-bed734692cb4","scanStatus":"completed","createdAt":"2026-05-26T19:44:06.709Z","startedAt":"2026-05-26T19:44:06.810Z","completedAt":"2026-05-26T19:44:20.251Z","lastUpdatedAt":"2026-05-26T19:44:20.251Z"},"timestamps":{"createdAt":"2026-05-26T19:44:06.709Z","startedAt":"2026-05-26T19:44:06.810Z","completedAt":"2026-05-26T19:44:20.251Z","generatedAt":"2026-05-26T19:45:32.918Z","lastUpdatedAt":"2026-05-26T19:44:20.251Z"},"freshness":{"status":"fresh","ageSeconds":73,"ageHours":0.02,"maxRecommendedAgeHours":168},"confidence":{"overall":"moderate","reason":"Surfaced findings include retained evidence, and scan coverage had limitations."},"reviewContext":{"disclaimer":"Findings are organized by privacy, consumer protection, accessibility, and other review contexts. These are automated signals for review, not legal determinations.","lenses":[{"name":"CCPA / CPRA / CIPA","status":"clear","score":28,"summary":"Third-party collection, privacy-choice, and disclosure posture drive this review context.","contributingFindingIds":["consent_dark_patterns_detected","pre_consent_tracking_detected","third_party_cookie_pre_consent","fingerprinting_related_signals_observed","session_recording_services_detected","long_lived_cookie_retention_review"]},{"name":"GDPR / ePrivacy","status":"clear","score":18,"summary":"Consent timing, consent surface, and tracker behavior drive this review context.","contributingFindingIds":["consent_dark_patterns_detected","pre_consent_tracking_detected","third_party_cookie_pre_consent","fingerprinting_related_signals_observed","session_recording_services_detected","long_lived_cookie_retention_review"]},{"name":"FTC","status":"watch","score":64,"summary":"Consumer-facing claims, tracking posture, and disclosure signals should be reviewed together.","contributingFindingIds":["consent_dark_patterns_detected","pre_consent_tracking_detected","third_party_cookie_pre_consent","fingerprinting_related_signals_observed","session_recording_services_detected","long_lived_cookie_retention_review"]},{"name":"DOJ / ADA accessibility","status":"clear","score":2,"summary":"Automated accessibility signals are the main review area for this lens.","contributingFindingIds":["visual_contrast_accessibility_issue"]}]},"evidenceHighlights":{"trackerFootprint":{"thirdPartyDomainsObserved":2,"classifiedTrackerVendors":2,"summary":"2 third-party domains observed; 2 classified tracker vendors identified.","detailsUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#tracker-footprint"},"policySurfaces":{"policyUrlCount":2,"covered":[],"summary":"2 policy URLs covered.","detailsUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#policy-surfaces"},"fingerprinting":{"probableFingerprintingDetected":false,"indicatorCount":0,"summary":"No probable fingerprinting detected. Related indicators, if present, are retained for review.","detailsUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#fingerprinting"},"vendorMix":{"categories":{"session_replay":3,"tag_manager":2,"unknown":1},"namedEntityCount":2,"categoryCount":3,"summary":"session replay 3 | tag manager 2 | unknown 1","detailsUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#vendor-mix"}},"recommendedActions":[{"priority":1,"action":"Teams commonly review whether consent mode, CMP state, and tag-manager triggers prevent non-essential analytics, advertising, measurement, or replay requests from firing before the relevant consent state is available.","relatedFindings":["pre_consent_tracking_detected"]},{"priority":2,"action":"Teams commonly review whether third-party cookie or storage writes are gated until consent state is available, and manually confirm purpose, necessity, exemption status, and vendor configuration.","relatedFindings":["third_party_cookie_pre_consent"]},{"priority":3,"action":"Review cookie purposes and vendors, shorten unnecessary expiration periods, classify unknown cookies, and update cookie or privacy disclosures to explain retention periods or criteria.","relatedFindings":["long_lived_cookie_retention_review"]},{"priority":4,"action":"Teams commonly review replay vendor configuration, consent gating, masking, sampling, and page-level exclusions to determine whether the retained runtime signal reflects intended behavior.","relatedFindings":["session_recording_services_detected"]},{"priority":5,"action":"Expose reject and settings at the first layer, keep button prominence and interaction cost comparable, and provide a clear cookie preferences, privacy settings, or consent-preference reopen path with supporting withdrawal or preference-management explanation where appropriate.","relatedFindings":["consent_dark_patterns_detected"]}],"resultQuality":{"level":"usable_with_limitations","summary":"Automated public-web scan completed with coverage limitations. Homepage findings are based on observable public-page evidence."},"usageGuidance":{"allowedSummary":"Automated scan surfaced review signals.","avoidClaims":["Do not say CertScore determined the site violates law.","Do not say the site is non-compliant.","Do not say CertScore certified the site.","Do not treat absence of findings as proof of compliance.","Do not ignore coverage limitations or scan freshness."]},"findings":[{"id":"consent_dark_patterns_detected","label":"Consent choice architecture review signals","criticality":"medium","confidence":"good","plainEnglish":"CertScore observed consent or tracking context and did not observe an obvious cookie preferences, privacy settings, or consent-preference reopen control in retained public-page evidence.","evidence":{"summary":"No obvious cookie preferences, privacy settings, or consent-preference reopen control was observed on the scanned public pages.","observedPhase":null,"exampleEvents":[{"type":"request","vendor":null,"urlHost":"kbdlab.io","timestampMs":null},{"type":"request","vendor":null,"urlHost":"www.kbdlab.io","timestampMs":null},{"type":"page","vendor":null,"urlHost":"www.kbdlab.io","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-consent_dark_patterns_detected"},"evidenceDigest":{"basis":"policy_surface_detection","phase":null,"exampleCount":4,"examplesShown":3,"hasTimingAnchor":false,"hasVendorAnchor":false,"hasConsentContext":true,"hasPolicyAnchor":true},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-consent_dark_patterns_detected","nextStep":"Expose reject and settings at the first layer, keep button prominence and interaction cost comparable, and provide a clear cookie preferences, privacy settings, or consent-preference reopen path with supporting withdrawal or preference-management explanation where appropriate."},{"id":"pre_consent_tracking_detected","label":"Third-party tracking observed before recorded consent","criticality":"high","confidence":"strong","plainEnglish":"Observed runtime behavior showed third-party tracking before any recorded consent choice. The first classified tracking request occurred at 1137ms, with representative vendors including Google Tag Manager, Microsoft Clarity, and Microsoft Advertising / Bing UET.","evidence":{"summary":"Before any consent choice was observed, third-party tracking requests were initiated to Google Tag Manager, Microsoft Clarity, and Microsoft Advertising / Bing UET.","observedPhase":null,"exampleEvents":[{"type":"request","vendor":"Google Tag Manager","urlHost":"googletagmanager.com","timestampMs":1137}],"consentContext":{"bannerSeen":null,"bannerSeenAtMs":null,"choiceRecorded":false},"fullEvidenceUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-pre_consent_tracking_detected"},"evidenceDigest":{"basis":"policy_surface_detection","phase":null,"exampleCount":4,"examplesShown":1,"hasTimingAnchor":true,"hasVendorAnchor":true,"hasConsentContext":true,"hasPolicyAnchor":true},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-pre_consent_tracking_detected","nextStep":"Teams commonly review whether consent mode, CMP state, and tag-manager triggers prevent non-essential analytics, advertising, measurement, or replay requests from firing before the relevant consent state is available."},{"id":"third_party_cookie_pre_consent","label":"Third-party cookie or storage observed before consent","criticality":"high","confidence":"strong","plainEnglish":"Observed before a clear user choice was made.","evidence":{"summary":"Observed before a clear user choice was made.","observedPhase":null,"exampleEvents":[{"type":"request","vendor":"Microsoft Advertising / Bing UET","urlHost":"www.googletagmanager.com","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-third_party_cookie_pre_consent"},"evidenceDigest":{"basis":"policy_surface_detection","phase":null,"exampleCount":4,"examplesShown":1,"hasTimingAnchor":false,"hasVendorAnchor":true,"hasConsentContext":true,"hasPolicyAnchor":true},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-third_party_cookie_pre_consent","nextStep":"Teams commonly review whether third-party cookie or storage writes are gated until consent state is available, and manually confirm purpose, necessity, exemption status, and vendor configuration."},{"id":"fingerprinting_related_signals_observed","label":"Fingerprinting-related signals observed","criticality":"medium","confidence":"moderate","plainEnglish":"Multi-signal browser/device telemetry was retained for fingerprinting review, but retained evidence does not establish identity-oriented fingerprinting.","evidence":{"summary":"Why this surfaced: coordinated browser/device entropy collection was retained for review, with no retained proof of identity-oriented fingerprinting.","observedPhase":null,"exampleEvents":[],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-fingerprinting_related_signals_observed"},"evidenceDigest":{"basis":"policy_surface_detection","phase":null,"exampleCount":5,"examplesShown":0,"hasTimingAnchor":false,"hasVendorAnchor":false,"hasConsentContext":false,"hasPolicyAnchor":true},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-fingerprinting_related_signals_observed","nextStep":"Teams commonly review the owning script or SDK, purpose, consent state, vendor role, and whether high-entropy browser or device signal collection can be minimized or limited to the stated purpose."},{"id":"session_recording_services_detected","label":"Session replay service signal observed","criticality":"high","confidence":"good","plainEnglish":"Microsoft Clarity session replay service signals were observed during runtime collection.","evidence":{"summary":"This signal is worth reviewer attention.","observedPhase":null,"exampleEvents":[{"type":"request","vendor":"Microsoft Clarity","urlHost":"clarity.ms","timestampMs":null},{"type":"request","vendor":"Microsoft Clarity","urlHost":"www.clarity.ms","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-session_recording_services_detected"},"evidenceDigest":{"basis":"policy_surface_detection","phase":null,"exampleCount":4,"examplesShown":2,"hasTimingAnchor":false,"hasVendorAnchor":true,"hasConsentContext":false,"hasPolicyAnchor":true},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-session_recording_services_detected","nextStep":"Teams commonly review replay vendor configuration, consent gating, masking, sampling, and page-level exclusions to determine whether the retained runtime signal reflects intended behavior."},{"id":"long_lived_cookie_retention_review","label":"Long-lived cookie retention review","criticality":"high","confidence":"strong","plainEnglish":"CertScore observed 4 persistent tracking or analytics cookies with retained expiry evidence above the 365-day review threshold. Review whether these lifetimes match stated retention, minimization, consent, opt-out, and disclosure practices. Longest observed cookie: MUID on .clarity.ms for about 390 days.","evidence":{"summary":"4 long-lived tracking cookies exceeded the 365-day review threshold.","observedPhase":null,"exampleEvents":[{"type":"request","vendor":"Microsoft Clarity","urlHost":"www.clarity.ms","timestampMs":null},{"type":"page","vendor":null,"urlHost":"www.kbdlab.io","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-long_lived_cookie_retention_review"},"evidenceDigest":{"basis":"runtime_observation","phase":null,"exampleCount":2,"examplesShown":2,"hasTimingAnchor":false,"hasVendorAnchor":true,"hasConsentContext":false,"hasPolicyAnchor":false},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-long_lived_cookie_retention_review","nextStep":"Review cookie purposes and vendors, shorten unnecessary expiration periods, classify unknown cookies, and update cookie or privacy disclosures to explain retention periods or criteria."},{"id":"visual_contrast_accessibility_issue","label":"Visual contrast accessibility issue","criticality":"medium","confidence":"strong","plainEnglish":"Automated issues were surfaced in this area.","evidence":{"summary":"Automated issues were surfaced in this area.","observedPhase":null,"exampleEvents":[{"type":"page","vendor":null,"urlHost":"www.kbdlab.io","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-visual_contrast_accessibility_issue"},"evidenceDigest":{"basis":"accessibility_check","phase":null,"exampleCount":4,"examplesShown":1,"hasTimingAnchor":false,"hasVendorAnchor":false,"hasConsentContext":false,"hasPolicyAnchor":true},"reviewLenses":["DOJ / ADA accessibility"],"reviewLensLinks":[{"name":"DOJ / ADA accessibility","url":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-doj-ada-accessibility"}],"anchorUrl":"https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-visual_contrast_accessibility_issue","nextStep":"Teams commonly review the affected selector, color pair, component state, and applicable contrast threshold before adjusting design tokens or component styles."}],"publicReportProjection":{"surfacedFindingCount":7,"surfacedPacketCount":9,"groupedFindings":[{"section":"Privacy & Tracking","findingIds":["pre_consent_tracking_detected","session_recording_services_detected"]},{"section":"Consent Experience","findingIds":["consent_dark_patterns_detected"]},{"section":"Cookies & Storage","findingIds":["third_party_cookie_pre_consent","long_lived_cookie_retention_review"]},{"section":"Fingerprinting","findingIds":["fingerprinting_related_signals_observed"]},{"section":"Accessibility","findingIds":["visual_contrast_accessibility_issue"]}]},"trackerFootprint":{"vendors":[{"name":"Microsoft Clarity","category":"session_replay","host":"www.clarity.ms","beforeConsent":true,"confidence":0.95},{"name":"Microsoft Clarity","category":"session_replay","host":"www.clarity.ms","beforeConsent":false,"confidence":0.95},{"name":"Microsoft Clarity","category":"session_replay","host":"www.clarity.ms","beforeConsent":null,"confidence":0.95},{"name":"Google Tag Manager","category":"tag_manager","host":"www.googletagmanager.com","beforeConsent":true,"confidence":0.95},{"name":"Google Tag Manager","category":"tag_manager","host":"www.googletagmanager.com","beforeConsent":null,"confidence":0.95},{"name":"Google Tag Manager","category":"unknown","host":"www.googletagmanager.com","beforeConsent":false,"confidence":0.95}],"cap":{"shown":6,"total":6,"truncated":false}},"policySurfaces":{"surfaces":[{"type":"policy_surface","url":null},{"type":"policy_surface","url":null}],"cap":{"shown":2,"total":2,"truncated":false}},"coverageDiagnostics":{"accessPosture":{"accessPostureClass":"degraded_but_useful","highestSuccessfulTier":"tier5_full_scan","stopTier":"tier5_full_scan","recoverableFindingClasses":[],"totalSignals":36,"pagesScanned":3,"homepageFetchHttpStatus":200,"homepageFetchStatus":"redirected","finalEffectiveUrl":null,"serverHeader":"Vercel","blockVendorGuess":"unknown","blockPageClassification":"login_wall_probable","cmpVendorName":null,"robotsAllowed":true,"robotsFetchHttpStatus":200,"stopOutcomeTitle":"Access limited by site protections","stopReason":"Reason: the homepage presented an authentication wall before the scanner could verify a usable public page surface.","stopReviewTitle":"Access limited by site protections","whatThisMeans":["The scanner did not verify a trustworthy public homepage surface for this run.","This does not by itself mean expected disclosures are absent.","Use the retained diagnostics to distinguish site protection, transport failure, and incomplete coverage."],"verifiedPublicSurfacesCount":0,"interruptionLabel":"Completed with access limitations","interruptionReason":"The scan still retained 36 signals across 3 pages before deeper access was limited after Tier 5."},"interruptions":[{"label":"Completed with access limitations","reason":"The scan still retained 36 signals across 3 pages before deeper access was limited after Tier 5.","reviewTitle":"Access limited by site protections","reviewReason":"Reason: the homepage presented an authentication wall before the scanner could verify a usable public page surface."}]}}