{"type":"certscore_pulse","meta":{"apiVersion":"v1","schemaVersion":"0.5.1","pulseVersion":"2026-05-18","projectionVersion":"pulse-public-v1","generatedAt":"2026-06-04T15:49:10.455Z","source":"certscore.ai","format":"json","detail":"standard"},"domain":"kbdlab.io","scanId":"b7f51ef1-5c76-4cd1-a492-e942d85fbbf8","scan_id":"b7f51ef1-5c76-4cd1-a492-e942d85fbbf8","scanStatus":"completed","summary":{"headline":"Automated scan surfaced public-web review signals with retained evidence.","score":72,"riskLevel":"review_recommended","benchmark":"Commerce / retail / Typical category peer","humanSummary":"Automated scan surfaced consent timing, fingerprinting review signals.","machineSummary":{"primaryReviewAreas":["consent_timing","fingerprinting"],"materialSignals":true,"limitedCoverage":true}},"topFindings":[{"id":"pre_consent_tracking_detected","label":"Third-party tracking observed before recorded consent","criticality":"high","confidence":"strong","plainEnglish":"Observed runtime behavior showed third-party tracking before any recorded consent choice. The first classified tracking request occurred at 1311ms, with representative vendors including Google Tag Manager and Microsoft Clarity.","evidence":{"summary":"Before any consent choice was observed, third-party tracking requests were initiated to Google Tag Manager and Microsoft Clarity.","observedPhase":null,"exampleEvents":[{"type":"request","scannedPageUrl":"https://www.kbdlab.io/","requestUrl":"https://www.googletagmanager.com/gtag/js","vendor":"Google Tag Manager","vendorCategory":"tag_manager","vendorAttributionBasis":"script_url","urlHost":"www.googletagmanager.com","registrableDomain":"googletagmanager.com","timestampMs":2837,"consentActionMs":null,"noConsentActionObserved":true,"consentSurfaceObserved":null,"consentInteractionRecorded":false,"confidence":null},{"type":"request","scannedPageUrl":"https://www.kbdlab.io/","requestUrl":"https://www.clarity.ms/tag/m97n86hou6","vendor":"Microsoft Clarity","vendorCategory":"session_replay","vendorAttributionBasis":"state0_request_capture","urlHost":"clarity.ms","registrableDomain":"clarity.ms","timestampMs":null,"consentActionMs":null,"noConsentActionObserved":true,"consentSurfaceObserved":null,"consentInteractionRecorded":false,"confidence":null},{"type":"request","scannedPageUrl":"https://www.kbdlab.io/","requestUrl":"https://www.googletagmanager.com/gtag/js?id=G-H1SWTMGGJ4","vendor":"Google Tag Manager","vendorCategory":"tag_manager","vendorAttributionBasis":"state0_request_capture","urlHost":"googletagmanager.com","registrableDomain":"googletagmanager.com","timestampMs":null,"consentActionMs":null,"noConsentActionObserved":true,"consentSurfaceObserved":null,"consentInteractionRecorded":false,"confidence":null}],"consentContext":{"bannerSeen":null,"bannerSeenAtMs":null,"choiceRecorded":false},"fullEvidenceUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#finding-pre_consent_tracking_detected"},"evidenceDigest":{"basis":"policy_surface_detection","phase":null,"exampleCount":4,"examplesShown":3,"hasTimingAnchor":true,"hasVendorAnchor":true,"hasConsentContext":true,"hasPolicyAnchor":true},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#finding-pre_consent_tracking_detected","nextStep":"Teams commonly review whether consent mode, CMP state, and tag-manager triggers prevent non-essential analytics, advertising, measurement, or replay requests from firing before the relevant consent state is available."},{"id":"third_party_cookie_pre_consent","label":"Third-party cookie or storage observed before consent","criticality":"high","confidence":"strong","plainEnglish":"Observed before a clear user choice was made.","evidence":{"summary":"Observed before a clear user choice was made.","observedPhase":null,"exampleEvents":[{"type":"request","vendor":"Microsoft Advertising / Bing UET","urlHost":"www.googletagmanager.com","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#finding-third_party_cookie_pre_consent"},"evidenceDigest":{"basis":"policy_surface_detection","phase":null,"exampleCount":4,"examplesShown":1,"hasTimingAnchor":false,"hasVendorAnchor":true,"hasConsentContext":true,"hasPolicyAnchor":true},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#finding-third_party_cookie_pre_consent","nextStep":"Teams commonly review whether third-party cookie or storage writes are gated until consent state is available, and manually confirm purpose, necessity, exemption status, and vendor configuration."},{"id":"long_lived_cookie_retention_review","label":"Long-lived cookie retention review","criticality":"high","confidence":"strong","plainEnglish":"CertScore observed 4 persistent tracking or analytics cookies with retained expiry evidence above the 365-day review threshold. Review whether these lifetimes match stated retention, minimization, consent, opt-out, and disclosure practices. Longest observed cookie: MUID on .bing.com for about 390 days.","evidence":{"summary":"4 long-lived tracking cookies exceeded the 365-day review threshold.","observedPhase":null,"exampleEvents":[{"type":"request","vendor":"Microsoft Clarity","urlHost":"www.clarity.ms","timestampMs":null},{"type":"page","vendor":null,"urlHost":"www.kbdlab.io","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#finding-long_lived_cookie_retention_review"},"evidenceDigest":{"basis":"runtime_observation","phase":null,"exampleCount":2,"examplesShown":2,"hasTimingAnchor":false,"hasVendorAnchor":true,"hasConsentContext":false,"hasPolicyAnchor":false},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#finding-long_lived_cookie_retention_review","nextStep":"Review cookie purposes and vendors, shorten unnecessary expiration periods, classify unknown cookies, and update cookie or privacy disclosures to explain retention periods or criteria."},{"id":"session_recording_services_detected","label":"Session replay service signal observed","criticality":"high","confidence":"good","plainEnglish":"Microsoft Clarity session replay service signals were observed during runtime collection.","evidence":{"summary":"This signal is worth reviewer attention.","observedPhase":null,"exampleEvents":[{"type":"request","vendor":"Microsoft Clarity","urlHost":"clarity.ms","timestampMs":null},{"type":"request","vendor":"Microsoft Clarity","urlHost":"www.clarity.ms","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#finding-session_recording_services_detected"},"evidenceDigest":{"basis":"policy_surface_detection","phase":null,"exampleCount":4,"examplesShown":2,"hasTimingAnchor":false,"hasVendorAnchor":true,"hasConsentContext":false,"hasPolicyAnchor":true},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#finding-session_recording_services_detected","nextStep":"Teams commonly review replay vendor configuration, consent gating, masking, sampling, and page-level exclusions to determine whether the retained runtime signal reflects intended behavior."},{"id":"visual_contrast_accessibility_issue","label":"Visual contrast accessibility issue","criticality":"medium","confidence":"strong","plainEnglish":"Automated issues were surfaced in this area.","evidence":{"summary":"Automated issues were surfaced in this area.","observedPhase":null,"exampleEvents":[{"type":"page","vendor":null,"urlHost":"www.kbdlab.io","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#finding-visual_contrast_accessibility_issue"},"evidenceDigest":{"basis":"accessibility_check","phase":null,"exampleCount":4,"examplesShown":1,"hasTimingAnchor":false,"hasVendorAnchor":false,"hasConsentContext":false,"hasPolicyAnchor":true},"reviewLenses":["DOJ / ADA accessibility"],"reviewLensLinks":[{"name":"DOJ / ADA accessibility","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-doj-ada-accessibility"}],"anchorUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#finding-visual_contrast_accessibility_issue","nextStep":"Teams commonly review the affected selector, color pair, component state, and applicable contrast threshold before adjusting design tokens or component styles."},{"id":"consent_preference_reopen_control_not_observed","label":"Consent preference reopen control not observed","criticality":"medium","confidence":"good","plainEnglish":"CertScore observed consent or tracking-related context on the scanned page but did not observe an obvious cookie preferences, privacy settings, or consent-preference reopen control in retained public-page evidence. Manual review should confirm whether users can revisit, change, or withdraw cookie/privacy choices through an accessible control, footer link, CMP widget, or privacy-choice page.","evidence":{"summary":"No obvious cookie preferences, privacy settings, or consent-preference reopen control was observed on the scanned public pages.","observedPhase":null,"exampleEvents":[{"type":"request","vendor":null,"urlHost":"kbdlab.io","timestampMs":null},{"type":"request","vendor":null,"urlHost":"www.kbdlab.io","timestampMs":null},{"type":"page","vendor":null,"urlHost":"www.kbdlab.io","timestampMs":null}],"consentContext":null,"fullEvidenceUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#finding-consent_preference_reopen_control_not_observed"},"evidenceDigest":{"basis":"policy_surface_detection","phase":null,"exampleCount":4,"examplesShown":3,"hasTimingAnchor":false,"hasVendorAnchor":false,"hasConsentContext":true,"hasPolicyAnchor":true},"reviewLenses":["GDPR / ePrivacy","CCPA / CPRA / CIPA","FTC"],"reviewLensLinks":[{"name":"GDPR / ePrivacy","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-gdpr-eprivacy"},{"name":"CCPA / CPRA / CIPA","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-ccpa-cpra-cipa"},{"name":"FTC","url":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#review-lens-ftc"}],"anchorUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#finding-consent_preference_reopen_control_not_observed","nextStep":"Confirm that an accessible cookie preferences, privacy settings, CMP widget, footer link, or privacy-choice page lets users revisit or withdraw cookie/privacy choices."}],"capabilities":{"method":"automated_runtime_analysis","observes":["pre_consent_tracking","third_party_requests","consent_enforcement_gaps","cookie_activity","accessibility_signals","disclosure_inconsistencies"],"doesNotProvide":["legal_advice","certification","compliance_determination"]},"coverage":{"status":"partial","homepageObserved":true,"interruptionCount":1,"summary":"Automated public-web scan completed with coverage limitations. Homepage findings are based on observable public-page evidence.","limitations":["Automated public-web scan only.","Coverage may be affected by bot defenses, geography, consent flow branching, lazy loading, protected routes, authenticated-only areas, or other runtime conditions. Absence of findings should not be interpreted as absence of risk."],"interruptions":[{"label":"Completed with access limitations","reason":"The scan still retained 38 signals across 3 pages before deeper access was limited after Tier 5.","reviewTitle":"Access limited by site protections","reviewReason":"Reason: the homepage presented an authentication wall before the scanner could verify a usable public page surface."}]},"links":{"canonicalPulseUrl":"https://certscore.ai/pulse/kbdlab.io","jsonUrl":"https://certscore.ai/api/v1/pulse?url=https%3A%2F%2Fkbdlab.io%2F","markdownUrl":"https://certscore.ai/api/v1/pulse?url=https%3A%2F%2Fkbdlab.io%2F&format=markdown","fullJsonUrl":"https://certscore.ai/api/v1/pulse?url=https%3A%2F%2Fkbdlab.io%2F&detail=full","scanJsonUrl":"https://certscore.ai/api/v1/pulse?scanId=b7f51ef1-5c76-4cd1-a492-e942d85fbbf8","immutableJsonUrl":"https://certscore.ai/api/v1/pulse?scanId=b7f51ef1-5c76-4cd1-a492-e942d85fbbf8","immutableMarkdownUrl":"https://certscore.ai/api/v1/pulse?scanId=b7f51ef1-5c76-4cd1-a492-e942d85fbbf8&format=markdown","immutableFullJsonUrl":"https://certscore.ai/api/v1/pulse?scanId=b7f51ef1-5c76-4cd1-a492-e942d85fbbf8&detail=full","fullReportUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8","docsUrl":"https://certscore.ai/api-pulse","findingsReferenceUrl":"https://certscore.ai/findings"},"feedback":{"prompt":"Was this Pulse useful?","email":"support@certscore.ai","feedbackUrl":"https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_2989a552-6f46-4f9f-b547-4c622221b04c","positiveUrl":"https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_2989a552-6f46-4f9f-b547-4c622221b04c&rating=useful","negativeUrl":"https://certscore.ai/pulse/feedback?pulseRequestId=pulse_req_2989a552-6f46-4f9f-b547-4c622221b04c&rating=not_useful"},"agentInterpretation":{"responseClass":"completed_pulse","safeSummaryUse":true,"requiresHumanReview":true,"doNotCallThis":["legal_advice","certification","compliance_determination"]},"disclaimer":"CertScore provides automated public-web observations for review. Results may be incomplete or contain errors. CertScore does not provide legal advice nor certify compliance. Always review the underlying evidence and consult qualified experts where appropriate.","request":{"pulseRequestId":"pulse_req_2989a552-6f46-4f9f-b547-4c622221b04c","url":"https://kbdlab.io/","normalizedUrl":"https://kbdlab.io/","domain":"kbdlab.io","detail":"standard","format":"json","freshness":"latest","waitSeconds":0,"resolutionMode":"reused_existing_scan"},"scan":{"scanId":"b7f51ef1-5c76-4cd1-a492-e942d85fbbf8","scanStatus":"completed","createdAt":"2026-06-04T13:14:49.947Z","startedAt":"2026-06-04T13:14:52.891Z","completedAt":"2026-06-04T13:15:08.107Z","lastUpdatedAt":"2026-06-04T13:15:08.107Z"},"timestamps":{"createdAt":"2026-06-04T13:14:49.947Z","startedAt":"2026-06-04T13:14:52.891Z","completedAt":"2026-06-04T13:15:08.107Z","generatedAt":"2026-06-04T15:49:10.455Z","lastUpdatedAt":"2026-06-04T13:15:08.107Z"},"freshness":{"status":"fresh","ageSeconds":9242,"ageHours":2.567,"maxRecommendedAgeHours":168},"confidence":{"overall":"moderate","reason":"Surfaced findings include retained evidence, and scan coverage had limitations."},"reviewContext":{"disclaimer":"Findings are organized by privacy, consumer protection, accessibility, and other review contexts. These are automated signals for review, not legal determinations.","lenses":[{"name":"CCPA / CPRA / CIPA","status":"clear","score":28,"summary":"Third-party collection, privacy-choice, and disclosure posture drive this review context."},{"name":"GDPR / ePrivacy","status":"clear","score":18,"summary":"Consent timing, consent surface, and tracker behavior drive this review context."},{"name":"FTC","status":"watch","score":64,"summary":"Consumer-facing claims, tracking posture, and disclosure signals should be reviewed together."},{"name":"DOJ / ADA accessibility","status":"clear","score":2,"summary":"Automated accessibility signals are the main review area for this lens."}]},"evidenceHighlights":{"trackerFootprint":{"thirdPartyDomainsObserved":2,"classifiedTrackerVendors":2,"summary":"2 third-party domains observed; 2 classified tracker vendors identified.","detailsUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#tracker-footprint"},"policySurfaces":{"policyUrlCount":2,"covered":[],"summary":"2 policy URLs covered.","detailsUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#policy-surfaces"},"fingerprinting":{"probableFingerprintingDetected":false,"indicatorCount":0,"summary":"No probable fingerprinting detected. Related indicators, if present, are retained for review.","detailsUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#fingerprinting"},"vendorMix":{"categories":{"session_replay":3,"tag_manager":2,"unknown":1},"namedEntityCount":2,"categoryCount":3,"summary":"session replay 3 | tag manager 2 | unknown 1","detailsUrl":"https://certscore.ai/scan/b7f51ef1-5c76-4cd1-a492-e942d85fbbf8#vendor-mix"}},"recommendedActions":[{"priority":1,"action":"Teams commonly review whether consent mode, CMP state, and tag-manager triggers prevent non-essential analytics, advertising, measurement, or replay requests from firing before the relevant consent state is available.","relatedFindings":["pre_consent_tracking_detected"]},{"priority":2,"action":"Teams commonly review whether third-party cookie or storage writes are gated until consent state is available, and manually confirm purpose, necessity, exemption status, and vendor configuration.","relatedFindings":["third_party_cookie_pre_consent"]},{"priority":3,"action":"Review cookie purposes and vendors, shorten unnecessary expiration periods, classify unknown cookies, and update cookie or privacy disclosures to explain retention periods or criteria.","relatedFindings":["long_lived_cookie_retention_review"]},{"priority":4,"action":"Teams commonly review replay vendor configuration, consent gating, masking, sampling, and page-level exclusions to determine whether the retained runtime signal reflects intended behavior.","relatedFindings":["session_recording_services_detected"]},{"priority":5,"action":"Teams commonly review the affected selector, color pair, component state, and applicable contrast threshold before adjusting design tokens or component styles.","relatedFindings":["visual_contrast_accessibility_issue"]}],"resultQuality":{"level":"usable_with_limitations","summary":"Automated public-web scan completed with coverage limitations. Homepage findings are based on observable public-page evidence."},"usageGuidance":{"allowedSummary":"Automated scan surfaced review signals.","avoidClaims":["Do not say CertScore determined the site violates law.","Do not say the site is non-compliant.","Do not say CertScore certified the site.","Do not treat absence of findings as proof of compliance.","Do not ignore coverage limitations or scan freshness."]}}