connect.facebook.net
PixelEnforceUnknown marketing pixel blocked by trust policy
Guardian by Lokker
Your last line of defense against
data leaks
A single JavaScript snippet monitors every outbound script, pixel, and telemetry request on your site, and enforces your organization's trust rules in real time, from the edge. If it doesn't belong, it never leaves.
Sub-ms overhead
Edge-deployed globally
Works with your CMP
Install Guardian Snippet
Easy tiger
Love the energy. This snippet will not enforce anything on your site until your Guardian account is provisioned and your site GUID is activated.
We will help you wire it up, validate traffic, and confirm enforcement is live.
<script src="https://privacyedge-lokker.com/guardian.[SITE-GUID].js" crossorigin="anonymous"></script>
Runtime Enforcement Stream
3 blocked 3 evaluating 2 allowed
static.doubleclick.net
XHREvaluatePayload check in progress for identifier leakage
js.stripe.com
ScriptEnforceTrusted strictly-necessary payment vendor allowed
Runtime visibility
Watch Guardian classify and enforce in real time
Guardian classifies each request, checks trust level, inspects payloads (headers/query/post data), decodes encoded values, and applies policy decisions live.
Blocked
3
Allowed
2
DLP signals
2
Detectors
8
Policy controls
DLP detectors
Observed requests
5 trackedDecision trace
Blocked by explicit domain ruleClassify request
pixel from connect.facebook.net
Explicit block rule
Domain appears in block list. Request denied immediately.
DLP findings
No active detector matched this request.
Payload inspector
queryid
clean12345
queryev
cleanLead
The problem
Consent tools alone leave the back door open
Consent management platforms check at the front door. But third parties don't always use the front door.
Consent tools have blind spots
Most consent management platforms are misconfigured, outdated, or missing entirely. Scripts added by vendors, tag managers, or new team members routinely bypass the consent layer, and no alert fires.
- Misconfigured banners that fire consent signals incorrectly
- Vendor-injected scripts that were never reviewed for consent
- Tag manager rules that haven't kept pace with the live tag library
One unblocked request can mean real exposure
A single pixel in the wrong context can transmit PII, health data, or behavioural signals to a third party. Under HIPAA, GDPR, and state privacy laws, that's not a technicality: it's a violation.
- Email addresses leaking through pixel query strings
- Medical context exposed via page-path telemetry
- Cookie sync payloads crossing consent boundaries silently
How Guardian works
Intercept. Evaluate. Enforce.
Guardian operates at the network layer, classifying outbound calls before they leave the browser.
1
Intercept
Guardian observes script tags, pixels, fetch, and XHR calls as they are created before requests leave the browser.
2
Evaluate
Each request is matched against trust policies from Privacy Edge with payload-aware checks for sensitive data.
3
Enforce
Trusted requests pass. Unknown or policy-violating traffic is blocked and logged with full audit detail.
1
Intercept
Guardian observes script tags, pixels, fetch, and XHR calls as they are created before requests leave the browser.
2
Evaluate
Each request is matched against trust policies from Privacy Edge with payload-aware checks for sensitive data.
3
Enforce
Trusted requests pass. Unknown or policy-violating traffic is blocked and logged with full audit detail.
What Guardian delivers
Full control over every third party on your site
Full outbound visibility
Every script tag, pixel, XHR, and fetch call is observed at creation, including those added by tag managers, vendors, or injected dynamically at runtime.
Payload-aware blocking
Guardian inspects request payloads for PII, email addresses, medical identifiers, and cookie sync parameters before allowing them to leave the browser.
Granular trust-rule engine
Allow, block, or set blanket rules for unknown third parties. Rules are defined in Privacy Edge and pushed to Guardian instantly, with no deployments required.
Full audit trail
Every decision (allowed, blocked, or pending) is logged with domain, request type, payload signals, and timestamp. Compliance teams get evidence-grade records.
Edge-deployed, sub-ms overhead
Guardian is served from globally distributed edge nodes and built for performance. Multiple caching layers ensure rules are applied with negligible latency.
Complements your CMP
Guardian works alongside your existing consent management platform. Where a CMP controls consent at the door, Guardian enforces behavior inside, catching what the CMP misses.
A better way to think about it
Your CMP is the bouncer. Guardian is the venue.
Even if something slips past the door, Guardian makes sure it can't cause trouble inside.
Your CMP
The Bouncer at the Door
A consent management platform checks whether visitors have given permission before letting scripts in. It works well in theory, but 90% of CMPs are misconfigured, out of date, or simply not comprehensive enough. Scripts still find a way in through side doors: vendor tags, injected snippets, and tag manager misses.
Necessary, but not sufficient on its own
Guardian
The Rules Inside the Venue
Guardian doesn't care how a script got onto the page. Once it tries to make an outbound call, Guardian evaluates it against your rules (payload, domain, trust level) and decides whether that request leaves the venue. If it's misbehaving, it's out. No appeal, no exceptions, no data leak.
The enforcement layer your CMP never had
Real-world scenario
The Meta Pixel that keeps coming back
Marketing team churn means the same trackers get re-added time and again. Guardian doesn't rely on institutional memory: it enforces rules automatically, every time.
Step 1
A new marketing hire adds the Meta Pixel directly to the site without going through the approval process.
Step 2
Guardian intercepts the outbound pixel request and checks it against your organization's trust rules.
Step 3
No trust rule exists for connect.facebook.net. Your blanket policy blocks all unknown third parties.
Step 4
The block is logged in Privacy Edge. Your team receives an alert, and the pixel never fires.
Result
Zero data sent to Meta. Full audit record retained.
Every time the pixel is re-added in the future, Guardian blocks it automatically, regardless of who added it or when.
FAQ
Guardian implementation questions teams ask first
Start with these practical questions, then request a walkthrough tailored to your stack.
See Guardian in action
Talk to our team about adding Guardian to your privacy stack, and get full visibility and enforcement across every third party on your site.