# CertScore Pulse CertScore Pulse uses automated runtime analysis of public websites to detect review signals around pre-consent tracking, third-party requests, consent enforcement gaps, cookie activity, accessibility issues, and disclosure inconsistencies. | Field | Value | |---|---| | Domain | kbdlab.io | | Score | 72/100 | | Risk level | Review Recommended | | High-priority findings | 4 | | Total observations | 6 | | Scan completed | 2026-05-26T19:44:20.251Z | | Coverage status | Partial | Status: Completed Benchmark: Commerce / retail / Typical category peer Generated: 2026-05-26T19:44:54.632Z Scan completed: 2026-05-26T19:44:20.251Z Freshness: Fresh Scan ID: 92d630f2-6630-4684-b270-bed734692cb4 ## Summary Automated scan surfaced consent timing, fingerprinting, privacy tracking review signals. ## Highest-priority findings 1. Third-party tracking observed before recorded consent - Criticality: High - Confidence: Strong - Evidence: Before any consent choice was observed, third-party tracking requests were initiated to Google Tag Manager, Microsoft Clarity, and Microsoft Advertising / Bing UET. - Review context: [GDPR / ePrivacy](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy), [CCPA / CPRA / CIPA](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa), [FTC](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc) - Next step: Teams commonly review whether consent mode, CMP state, and tag-manager triggers prevent non-essential analytics, advertising, measurement, or replay requests from firing before the relevant consent state is available. - Evidence link: https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-pre_consent_tracking_detected 2. Third-party cookie or storage observed before consent - Criticality: High - Confidence: Strong - Evidence: Observed before a clear user choice was made. - Review context: [GDPR / ePrivacy](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy), [CCPA / CPRA / CIPA](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa), [FTC](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc) - Next step: Teams commonly review whether third-party cookie or storage writes are gated until consent state is available, and manually confirm purpose, necessity, exemption status, and vendor configuration. - Evidence link: https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-third_party_cookie_pre_consent 3. Long-lived cookie retention review - Criticality: High - Confidence: Strong - Evidence: 4 long-lived tracking cookies exceeded the 365-day review threshold. - Review context: [GDPR / ePrivacy](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy), [CCPA / CPRA / CIPA](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa), [FTC](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc) - Next step: Review cookie purposes and vendors, shorten unnecessary expiration periods, classify unknown cookies, and update cookie or privacy disclosures to explain retention periods or criteria. - Evidence link: https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-long_lived_cookie_retention_review 4. Session replay service signal observed - Criticality: High - Confidence: Good - Evidence: This signal is worth reviewer attention. - Review context: [GDPR / ePrivacy](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy), [CCPA / CPRA / CIPA](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa), [FTC](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc) - Next step: Teams commonly review replay vendor configuration, consent gating, masking, sampling, and page-level exclusions to determine whether the retained runtime signal reflects intended behavior. - Evidence link: https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-session_recording_services_detected 5. Consent choice architecture review signals - Criticality: Medium - Confidence: Good - Evidence: No obvious cookie preferences, privacy settings, or consent-preference reopen control was observed on the scanned public pages. - Review context: [GDPR / ePrivacy](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy), [CCPA / CPRA / CIPA](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa), [FTC](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc) - Next step: Expose reject and settings at the first layer, keep button prominence and interaction cost comparable, and provide a clear cookie preferences, privacy settings, or consent-preference reopen path with supporting withdrawal or preference-management explanation where appropriate. - Evidence link: https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-consent_dark_patterns_detected 6. Visual contrast accessibility issue - Criticality: Medium - Confidence: Strong - Evidence: Automated issues were surfaced in this area. - Review context: [DOJ / ADA accessibility](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-doj-ada-accessibility) - Next step: Teams commonly review the affected selector, color pair, component state, and applicable contrast threshold before adjusting design tokens or component styles. - Evidence link: https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#finding-visual_contrast_accessibility_issue ## Review lenses - [CCPA / CPRA / CIPA review context: Third-party collection, privacy-choice, and disclosure posture drive this review context.](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ccpa-cpra-cipa) - Review context retained - [GDPR / ePrivacy review context: Consent timing, consent surface, and tracker behavior drive this review context.](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-gdpr-eprivacy) - Review context retained - [FTC review context: Consumer-facing claims, tracking posture, and disclosure signals should be reviewed together.](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-ftc) - Review context retained - [DOJ / ADA accessibility review context: Automated accessibility signals are the main review area for this lens.](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#review-lens-doj-ada-accessibility) - Review context retained ## Privacy and consent signals - [Tracker footprint: 2 third-party domains observed](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#tracker-footprint) - [Classified tracker vendors: 2](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#tracker-footprint) - [Consent-related findings: 4](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#coverage-section-consent_controls_enforcement) ## Cookie and third-party request activity - [Tracker footprint: 2 third-party domains observed; 2 classified tracker vendors identified.](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#tracker-footprint) - [Vendor mix: session replay 3 | tag manager 2 | unknown 1](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#vendor-mix) ## Accessibility signals - Accessibility-related findings: 1 ## Disclosure and trust signals - [Policy URLs covered: 2](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#policy-surfaces) - [Probable fingerprinting: No probable fingerprinting detected](https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4#fingerprinting) ## Coverage and limitations Automated public-web scan completed with coverage limitations. Homepage findings are based on observable public-page evidence. Limitations: - Automated public-web scan only. - Coverage may be affected by bot defenses, geography, consent flow branching, lazy loading, protected routes, authenticated-only areas, or other runtime conditions. Absence of findings should not be interpreted as absence of risk. ## Feedback Was this Pulse useful? Send comments to support@certscore.ai or use: https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_b8c1dc9c-c37c-468e-b49b-7d757d8021fb ## Links Full report: https://certscore.ai/scan/92d630f2-6630-4684-b270-bed734692cb4 JSON: https://certscore.ai/api/v1/pulse?url=https%3A%2F%2Fkbdlab.io Immutable JSON: https://certscore.ai/api/v1/pulse?scanId=92d630f2-6630-4684-b270-bed734692cb4 Immutable Markdown: https://certscore.ai/api/v1/pulse?scanId=92d630f2-6630-4684-b270-bed734692cb4&format=markdown Full JSON: https://certscore.ai/api/v1/pulse?scanId=92d630f2-6630-4684-b270-bed734692cb4&detail=full API docs: https://certscore.ai/api-pulse Findings reference: https://certscore.ai/findings ## Disclaimer CertScore provides automated public-web observations for review. Results may be incomplete or contain errors. CertScore does not provide legal advice nor certify compliance. Always review the underlying evidence and consult qualified experts where appropriate.