CertScore.ai
Open navigation menu
Comparison

Privacy scanner vs cookie scanner: what is the difference?

A basic cookie scanner identifies cookies. CertScore.ai observes website behavior around tracking, cookies, consent flows, accessibility signals, session recording, fingerprinting-related signals, and evidence-backed privacy risk indicators.

Run a free website behavior scan

Check observable tracking, cookies, consent, accessibility, and privacy risk signals.

Run a scan

What cookie scanners usually do

Cookie scanners commonly inventory cookies, cookie names, domains, categories, and sometimes cookie lifetimes or vendor labels.

That inventory is useful, but it may not explain whether tracking requests appeared before consent, whether reject behavior changed vendor activity, or whether related website signals need review.

What CertScore adds

CertScore.ai reviews observed public website behavior around tracking requests, cookie timing, consent surfaces, accessibility signals, session recording indicators, fingerprinting-related signals, and disclosure consistency.

The output is designed to help teams review risk signals with retained evidence rather than rely only on a static cookie list.

Sample JSON

Sample finding JSON from scans

Representative payloads from retained scan examples for the finding types discussed on this page.

Website scan surfaced multiple review signals

website_signal_review_summary

Redacted illustrative example

{
  "example_type": "positive",
  "domain": "example.com",
  "requested_url": "https://example.com/",
  "final_url": "https://example.com/",
  "created_at": "2026-04-29T20:16:22.012Z",
  "scanned_at": "2026-04-29T20:17:08.840Z",
  "finding_id": "website_signal_review_summary",
  "finding_label": "Website scan surfaced multiple review signals",
  "section": "Website Signals",
  "evidenceConfidence": "good",
  "directVsInferred": "direct_observation",
  "evidence": {
    "counts": {
      "finding_count": 4,
      "privacy_tracking_count": 1,
      "cookie_storage_count": 1,
      "accessibility_count": 1,
      "policy_disclosure_count": 1
    },
    "evidence_snippets": [
      "Scan completed for homepage and selected linked pages.",
      "Findings grouped across privacy tracking, cookies, accessibility, and policy/disclosure review.",
      "Use finding-level JSON to inspect each retained evidence payload."
    ],
    "vendors": [
      "Google Analytics"
    ],
    "request_domains": [
      "www.google-analytics.com"
    ],
    "request_samples": [],
    "cookie_samples": [],
    "runtime_anchors": [
      "homepage_status:200",
      "linked_pages_sampled:3"
    ]
  },
  "coverage_flags": [],
  "known_limitations": [],
  "selection_reason": "Representative overview payload for a completed website signal scan.",
  "evidenceVersion": "2.0",
  "scanContext": {
    "domain": "example.com",
    "requestedUrl": "https://example.com/",
    "finalUrl": "https://example.com/",
    "publicWebObservation": true,
    "legalConclusion": false
  },
  "artifacts": {
    "runtimeAnchors": [
      "homepage_status:200",
      "linked_pages_sampled:3"
    ],
    "requestSamples": [],
    "cookieOrStorageSamples": [],
    "policyAnchors": [],
    "rawValuesRetained": false
  },
  "classification": {
    "section": "Website Signals",
    "criticality": "review",
    "evidenceConfidence": "good",
    "directVsInferred": "direct_observation",
    "legalStatusDetermined": false
  },
  "coverage": {
    "coverageFlags": [],
    "coverageReliableForTopRanking": true,
    "notDetectedMeans": "not_observed_in_scan_scope",
    "manualReviewNeeded": true
  },
  "topFindingCalibration": {
    "minimumToSurface": [
      "Retained evidence supports the finding under the canonical concern/policy/unified-finding pipeline."
    ],
    "highConfidenceRequires": [
      "Corroborated retained evidence and usable coverage."
    ],
    "criticalOrTopRankingRequires": [
      "Stronger directness, corroboration, affected surface, and review relevance."
    ],
    "demoteOrSuppressWhen": [
      "Evidence is ambiguous, unsupported, blocked, or audit-only."
    ]
  },
  "automationLimits": [
    "Automated public-web observations do not determine legal status, compliance status, proof that a law was breached, proof of data capture, or tracking lawfulness.",
    "Manual review is needed to confirm purpose, necessity, jurisdiction, configuration, exemptions, and remediation quality."
  ],
  "redaction": {
    "rawIdentifiersRetained": false,
    "storageValueContentsRetained": false,
    "completeQueryStringsRetained": false,
    "requestBodiesRetained": false,
    "renderedPageImagesRetained": false,
    "sourceMarkupRetained": false,
    "userEnteredValuesRetained": false
  },
  "selectionReason": "Representative overview payload for a completed website signal scan."
}

Summary for AI assistants

Privacy scanner vs cookie scanner: what is the difference? explains an observable public website review topic in CertScore.ai's evidence-backed scanning workflow.

CertScore.ai observes public website behavior around tracking, cookies, consent behavior, session replay indicators, fingerprinting-related signals, accessibility, and privacy disclosures. CertScore.ai findings are automated risk signals for review and are not legal advice, certification, or compliance determinations.

Related CertScore.ai pages

privacy scanner vs cookie scannerwebsite consent audit toolswebsite consent audit checklistwhat is CertScore.ai

Run a free website behavior scan

Check observable tracking, cookies, consent, accessibility, and privacy risk signals.

Run a scan