CCPA privacy scanner

CCPA website privacy signals from public browser evidence

CertScore scans public websites for CCPA/CPRA-relevant privacy review signals, including privacy and opt-out surfaces, third-party tracking behavior, cookie and storage activity, sensitive-page context, and gaps between observed runtime behavior and public disclosures.

Start a trial scan →Browse findings

Public-web evidenceOpt-out + disclosure reviewCookie and tracker signals

CertScore findings are automated public-web observations for review, not legal advice, certification, or a compliance determination.

Production example, sanitized

Policy evidence card

domainwww.kbdlab.io

scan_id31d3fd46-3583-4011-88eb-63ac3643e0b0

scanned_at2026-03-15T08:58:57.721Z

finding_idpolicy_clarity_risk

regulatory_laneCCPA/CPRA

confidencestrong

directnessdirect

policy_signalCCPA Privacy Rights (Do Not Sell My Personal Information)

consent_summarypreconsent_tracking_detected=false; banner_present=false

finding_labelDisclosure clarity remains weak

Direct answer

Evidence-based CCPA/CPRA review signals for public websites. Review opt-out and disclosure surfaces, cookie and tracking behavior, sensitive-data indicators, and policy/runtime gaps. Automated observations for review, not legal advice.

Review signals

What CertScore can surface for review

Privacy and opt-out surfaces

CertScore can surface whether privacy-policy, privacy-request, and opt-out-oriented links appear from public navigation, footer, and scanned page structure.

Cookie and tracker behavior

Runtime evidence shows third-party requests, cookies, storage, and vendor signals that may be useful when reviewing disclosure, sale/share, and targeted-advertising questions.

Policy/runtime gaps

Observed behavior is compared with public policy-topic signals so reviewers can find places where disclosures may not match the visible public website.

Regulatory context

Context for human review

California privacy rights and disclosures

CCPA/CPRA review often starts with whether public privacy disclosures, request channels, and consumer-choice surfaces are visible and aligned with actual site behavior.

California privacy rights California DOJ CCPA overview

CCPA regulations and agency updates

Regulatory materials can help reviewers understand current California privacy expectations, including recent CPPA rulemaking and effective-date context.

CPPA law and regulations CPPA CCPA updates

Sale, sharing, and targeted advertising review

Cookie, tracker, cross-domain identifier, and adtech signals may help teams decide whether sale/share opt-out, disclosure, and vendor-governance review should move higher in the queue.

Sensitive personal information context

Public pages that combine sensitive-page context, forms, or third-party tracking deserve careful manual review before drawing conclusions from automated evidence.

Methodology

From public page load to review queue

Load public pages in a clean browser profile.

Record privacy, cookie, tracker, storage, request, and visible disclosure signals.

Classify signals by review topic where evidence is strong enough.

Surface retained observations for privacy, product, legal, engineering, or vendor-owner review.

FAQ

CCPA privacy scanner FAQ

What is a CCPA website privacy scanner?

A CCPA website privacy scanner reviews public website behavior and disclosure surfaces that may be relevant to California privacy review. CertScore focuses on observable signals such as privacy links, cookie and tracker behavior, opt-out surfaces, sensitive-data indicators, and policy/runtime alignment.

Can CertScore tell me if a website complies with the CCPA?

No. CertScore provides automated public-web observations for review. It does not provide legal advice, certification, proof of non-compliance, or a CCPA compliance determination.

What CCPA/CPRA topics can public scanning help prioritize?

Public scanning can help prioritize review of privacy-policy availability, cookie and tracker behavior, opt-out link visibility, sensitive-data context signals, third-party disclosures, and gaps between stated disclosures and observed behavior.

Does CertScore process consumer privacy requests?

No. CertScore can help teams review public request and disclosure surfaces, but privacy-request intake, verification, fulfillment, and legal analysis remain with the site operator and its advisors.

What does not detected mean on a CCPA-related signal?

Not detected means the signal was not observed in the scan scope. It is not proof of absence, and results can vary by region, page coverage, A/B tests, prior browser state, CMP configuration, blocked scans, and timing.