Privacy Edge by Lokker

Complete privacy intelligence. Across every
web property.

Privacy Edge scans your sites, distills thousands of network events into the risks that matter, and gives every stakeholder exactly the view they need, from a live portfolio dashboard to litigation-ready payload exports.

Any-scale portfolio

0–1000 risk scoring

Daily & weekly alerts

Request a Demo

https://privacyedge.lokker.com/

www.veldrastore.com Scanning

Privacy risk score (0–1000)

450/ 1000Moderate Risk

↑ 70 from last scanWorse than S&P 500(S&P 500: 255)

Google Analytics 4

12 pages

Analytics Loads in opt-out

Meta Pixel

8 pages

Advertising Loads in opt-out

HubSpot Tracking

3 pages

CRM Stopped in opt-out

Stripe.js

2 pages

Payment Strictly necessary

Session Replay

6 pages

Replay Loads in opt-out

Login Form Capture

2 pages

Form Data Loads in opt-out

Optimizely Web

5 pages

A/B Testing Loads in opt-out

Datadog RUM

9 pages

Monitoring Strictly necessary

GPC Not Honored

13 Trackers Found

Live analysis

From scan to remediation in one workflow

Privacy Edge continuously analyzes request behavior, links each reason code to page-level evidence, and prioritizes practical remediation guidance.

Runtime monitor

Live

Domain scan started

18 domains, 246 pages queued

Analyzing

Critical reason code

session replay before consent on /quote

Flagged

Evidence + remediation

4 fixes mapped with page-level proof

Verified

Domains monitored

active portfolio scope

Critical findings

requiring immediate review

Fixes suggested

ready-to-implement actions

Signal from noise

We scan every request across every page and distill thousands of network events into the findings that actually matter: critical and high reason codes, each with evidence and actionable remediation steps.

Portfolio-wide visibility

One login, every web property. Risk scores ranked from 0–1000, graded across 7 risk categories, and benchmarked against the S&P 500 average so you know exactly where you stand.

Evidence for every audience

PDF reports, Excel payloads, and in-app dashboards, each tailored for privacy teams, insurance underwriters, and legal counsel so the right person always has the right format.

Portfolio

Every web property, ranked by risk

The portfolio view is your command centre. At a glance you see every site's risk score (ranked highest to lowest) with letter grades across 7 risk categories and a comparison to the S&P 500 average. Sites with litigation-precedent findings surface automatically at the top as a critical alert.

Aggregate portfolio score Aggregate portfolio score benchmarked against the S&P 500 average, trending up or down week on week
Critical alert banner Critical alert banner surfaces only when findings match patterns with documented litigation or regulatory action
Filter and sort by risk level letter grade to instantly isolate sites with E-rated trackers or missing consent

7 risk categories scored

Cookies C-

Form Data A+

Session Replay D-

Trackers E

Consent B+

Geo A+

Perimeter A+

Risk LevelsScore: 563

CookiesC-

Form DataA+

Session ReplayD-

TrackersE

ConsentB+

GeoA+

PerimeterA+

Grades range A+ (lowest risk) through E (highest). Filter the portfolio by any grade.

Reason Codes

The needles in the haystack

Reason codes are context-aware findings mapped to specific laws, industry standards, and risk combinations (HIPAA, VPPA, CCPA/CPRA, GDPR, and more). We detect industry context automatically, so a healthcare site gets evaluated against HIPAA exposure, a site with California traffic gets evaluated against CCPA as amended by the CPRA (including sale-and-sharing and sensitive personal information flows), and generic tracker rules are the floor, not the ceiling. Every reason code includes step-by-step remediation guidance so your team knows exactly what to change and where.

Critical

Findings where litigation, regulatory action, or court cases have already been recorded for the same pattern detected on your site. These demand immediate attention.

Meta Pixel receiving PHI on a healthcare page
Session replay tool active during checkout
Trackers firing without GPC signal detection

High

Significant privacy risks with real exposure potential. Not yet litigation-precedent level, but commonly cited in enforcement actions and privacy audits.

Third-party cookies set without consent
Page URL shared with ad networks
No consent banner detected on any page

Medium

Findings worth monitoring and scheduling for remediation. These may become high-severity as privacy regulations evolve or scanning data accumulates.

Third-party scripts loading from high-risk geos
Analytics tools without documented consent
Unclassified domains receiving form data

Low

Informational findings and best-practice gaps. Useful context for privacy teams and engineers during periodic reviews.

Long-lived cookies with no expiry
Unverified third-party script authors
Minor consent banner formatting issues

From the reason code library

sample of active checks

Critical Trackers

Healthcare industry + trackers

Site operates in a healthcare context. Presence of ad trackers or session replay may constitute unauthorized PHI disclosure.

HIPAA

remediation

Critical Trackers

VPPA exposure

Video content detected alongside advertising trackers. Sharing video-viewing data with third parties creates VPPA liability.

VPPA

remediation

Critical Consent

GPC signal not detected

The site is not reading the browser's Global Privacy Control opt-out signal; trackers fire regardless of user intent.

CCPACPRA

remediation

Critical Consent

Trackers active in opt-out state

Tracking scripts continue to load when GPC is active or the user has opted out via the consent banner.

CCPAGDPR

remediation

High Session Replay

Session replay on form pages

A session replay tool is active on pages with personal data form fields, potentially capturing keystrokes and sensitive input.

CCPAGDPR

remediation

High Session Replay

Session replay + chatbot

Both a session replay tool and a chatbot are active simultaneously, combining full session recordings with conversation capture.

CCPAHIPAA

remediation

High Consent

No consent banner detected

No consent management platform or banner was found on any scanned page, so visitors have no mechanism to opt out.

GDPRCCPA

remediation

Medium Consent

"Do Not Sell" link absent

The required "Do Not Sell or Share My Personal Information" footer link was not found on any scanned page.

CCPACPRA

remediation

Every finding ships with step-by-step remediation

Whether it's updating tag manager consent rules, configuring your CMP to honour GPC, removing a tracker from specific page templates, or adding a "Do Not Sell" footer link. Each reason code tells your team exactly what to do, not just that a problem exists. No guesswork, no consultant required for the obvious fixes.

Stay notified without logging in

Subscribe to daily or weekly email digests for critical and high reason code violations, per site or across your full portfolio. Never miss a significant change.

Critical alerts High alertsDaily or weekly

Behind the page

What visitors see is only half the story.

Drag the slider to compare a typical marketing surface to the requests, pixels, and policy gaps that actually run in the browser: the parts that are easy to miss in a visual review alone.

Exposure summary

Page /appointments

Same URL as the patient portal: findings map to reason codes, evidence, and remediation your teams can execute.

Risk score

612 / 1000

Critical

High

CriticalPIXEL_PRE_CONSENT

Marketing pixel fired before consent was recorded

Outbound requests to a major ad pixel included purchase-style parameters while the CMP still showed “preferences not saved.”

Remediation

Gate the pixel behind your CMP’s “analytics/advertising” bucket and verify with a fresh session.
Remove duplicate container loads so one tag cannot bypass the other.

HighMETA_PIXEL_HEALTH_CONTEXT

Meta Pixel and session replay on pages with scheduling and contact fields

A Meta Pixel and a third-party session replay tool are both present where visitors can enter appointment or contact details. On a healthcare site, that pairing creates outsized HIPAA-related privacy risk, even before you argue whether a given field is “PHI” on its own.

Remediation

Remove or strictly gate the pixel until consent and purpose align with your health-data policies.
Mask or disable session replay on flows that collect health-adjacent or identifiable information.

MediumTAG_SPRAWL_PRE_CLICK

Tag manager injected six vendors before first deliberate click

Several hosts were not reflected in your public cookie disclosure at the time of scan.

Remediation

Tighten container triggers to “consent granted” + meaningful interaction.
Publish an updated disclosure that matches measured third-party reality.

PolicyGPC_SIGNAL_IGNORED

GPC honored in UI copy but ignored on a consent API

The browser sent GPC=1 on the consent verification POST; the response still treated the session as marketable.

Remediation

Thread opt-out signals through backend consent verification, not only the banner script.
Add an automated check that GPC alters the same endpoints your CMP claims to control.

Request trace 14 hosts · 6 pre-interaction

GET /appointments · 200 · document

GET connect.facebook.net/…/fbevents.js · 200

POST pixel.vendor/collect · body: event=Lead…

https://portal.wellhartclinic.org/appointments

Wellhart Clinic

Primary & specialty care

Privacy choices. We use cookies and similar technologies. Manage preferences or accept to continue.

Clinical team collaborating: illustrative photo for a fictional patient portal

Board-certified providers · Virtual & in-person

Photo by National Cancer Institute on Unsplash

Same-day & scheduled visits

Care that fits your schedule

Book appointments, message your care team, and see test results: the experience patients expect from a modern health system.

Book an appointment Find a location

Illustrative example, not a real clinic.

Popular on this site

Primary care

Video visit

Test results

Secure sign-in · Messages in transit encrypted

Drag the grip to move the split (clicking the page does not jump it). Scroll the panel on the right independently. Left: patient-facing page · Right: findings and request trace.

Site Dashboard

Deep privacy intelligence per site, going back as far as you need

Every site in your portfolio has a dedicated dashboard. Explore the last 30 days in the UI to spot changes, investigate trends, and drill into per-page findings. Every scan is stored indefinitely, so when an allegation arrives months or years later, the evidence is already there.

Scan

Privacy Edge scans your site pages on a scheduled cadence, observing every network request, cookie, and form interaction across all URLs in scope.

Analyze

Every request is enriched with our domain intelligence database, GPC signal testing, fake PII injection for form tracing, and geo origin mapping.

Drill Down

From the portfolio summary to a per-page payload breakdown, every layer of detail is accessible, searchable, and exportable for the audience that needs it.

Scan

Privacy Edge scans your site pages on a scheduled cadence, observing every network request, cookie, and form interaction across all URLs in scope.

Analyze

Every request is enriched with our domain intelligence database, GPC signal testing, fake PII injection for form tracing, and geo origin mapping.

Drill Down

From the portfolio summary to a per-page payload breakdown, every layer of detail is accessible, searchable, and exportable for the audience that needs it.

Complete scan history

Explore the last 30 days in the dashboard UI, or request forensic analysis on any scan, going back as far as we've been monitoring your site. Every scan is retained indefinitely.

Cookie inventory

First and third-party cookies enumerated with name, domain, max-age, secure flag, SameSite attribute, and the company behind every cookie that appears.

Form data tracing

We inject synthetic PII into form fields and track where it travels. Any third party receiving that data is surfaced, even if it's a benign form provider.

Session replay detection

Identify every session replay tool operating on your site, which pages it covers, and whether it's active during sensitive interactions like checkout or login.

Geo risk mapping

See which countries third-party requests are resolving to. Flag any traffic to high-risk jurisdictions (North Korea, Belarus, Russia, China) automatically.

Perimeter check

Verify that your site's trust boundary is intact. Perimeter check surfaces unexpected script origins, rogue sub-resources, and supply chain anomalies.

Every scan, stored forever, not just 30 days

The dashboard surfaces the last 30 days for day-to-day monitoring, but Privacy Edge retains every scan indefinitely in our data lake. If an allegation surfaces nine months from now, or two years from now, our team can retrieve exactly what was running on your site at any point in time: payloads, trackers, cookies, and all. That historical evidence can be the difference between a defensible position and an expensive settlement.

Indefinite scan retention Litigation-ready forensics Point-in-time payload retrieval

Visualize

Follow the data, wherever it travels

JavaScript is dynamic: what loads on a page today can be entirely different an hour from now. Privacy Edge captures that moment-in-time reality with two complementary views of every page's request network.

Interactive

Constellation View

A 3D interactive graph of every parent–child request relationship on a page. Drag, zoom, and click any node to explore who introduced a third party, what they load, when they first appeared, and how they're classified.

1st party

3rd party

Tracker

Drag nodes · click to inspect · filter by risk type

Structured

Waterfall View

The same parent–child network, presented as an expandable tree. Each row shows the script or domain, how many children it spawned, and the risk classification. Ideal for tracing exactly which script introduced a tracker.

tmz.com/38 children

t.co/1/adsctTracker

ep2.adtrafficquality.google7 children

static.doubleclick.netTracker

fonts.googleapis.com1st party

Unique per page · unique per scan · exportable

JavaScript is dynamic: every scan is a unique snapshot

A third-party script loaded today may not appear tomorrow, especially on sites with A/B testing, personalization, or ad-slot content. Both views capture the exact state of the network at the moment of each scan.

Reports

Evidence for every audience

Not everyone who needs Privacy Edge findings works in the product. We produce a suite of shareable reports, from executive PDFs to engineer-ready Excel exports, so the right information reaches the right person.

PDF

Risk & Remediation Report

Lists all critical and high reason codes with evidence pages, scan dates, and concrete remediation steps. The go-to document for privacy reviews, board briefings, and vendor negotiations.

Privacy teamsLegal counselExecutive stakeholders

PDF

GPC Compliance Report

Shows exactly how your site behaves when a Global Privacy Control opt-out signal is active: third-party cookies still firing, trackers still loading, consent gaps identified.

Privacy engineersConsent managersRegulatory teams

Excel

Payload Explorer

Per-scan breakdown of every payload sent to every third party: query parameters, cookies, event data, and POST body keys. Built for litigation discovery and technical forensics.

Defense lawyersPrivacy engineersInsurance adjusters

Excel

Digital Objects Report

Flattened scan data with one row per third-party domain: tracker flag, session replay flag, form data received, cookies set, initiation chain, and example pages. Ideal for engineers tracing how a domain appeared on your site.

Web engineersPrivacy opsCompliance auditors

Enforcement

Discover risks. Then enforce your rules.

When you use Lokker's Guardian alongside Privacy Edge, every third-party domain uncovered during scanning becomes actionable inside Privacy Edge. Classify domains, create trust rules, and push enforcement policy, all without a deployment.

3rd Party Categories

Respectable Malware Form Data Session Replay Tracker Bad SSL

connect.facebook.net

Tracker

www.google-analytics.com

Tracker

clarity.ms

Session Replay

api.hubspot.com

Tracker

Assign Trusted or Blocked status per category. Guardian enforces those rules in real time.

Guardian Telemetry Live

14,832

Requests Allowed

2,419

Requests Blocked

Blocked by category today

Trackers

72%

Session Replay

48%

Ad Networks

31%

Form Data

18%

Guardian enforcement runs from the edge, but all telemetry and rule management lives in Privacy Edge, giving you one place to see, control, and audit everything. Learn about Guardian →

Built for

Privacy intelligence for every stakeholder

Privacy Edge is used by the teams who need different angles on the same scan data.

Privacy & Compliance Teams

Monitor your ongoing privacy risk posture across all web properties. Subscribe to weekly digests for critical and high findings. Drill into dashboards when something changes.

30-day dashboard view + indefinite scan archive
Reason code alerts (daily / weekly)
Per-page drill-down for remediation

Insurance Underwriters

Assess privacy risk across your entire book (hundreds or hundreds of thousands of sites) from a single portfolio view, with S&P 500 benchmarking and exportable evidence.

Portfolio view across any scale
S&P 500 risk benchmarking
PDF reports shared with brokers

Legal & Defense Counsel

Access payload-level evidence of exactly what data each third party received, when, and on which pages, formatted for legal discovery and regulatory response.

Payload Explorer for litigation
Reason codes as evidence basis
Scan-date–stamped findings

FAQ

Privacy Edge questions from legal, privacy, and engineering teams

These are the common implementation and reporting questions we hear before launch.

Ready to see your privacy risk posture?

Talk to our team about a Privacy Edge trial. We'll run a scan across your web properties and show you exactly what we find before you commit to anything.

Request a Demo Contact Us

Want a quick educational walkthrough first? Try the fingerprinting demo

Complete privacy intelligence. Across everyweb property.

From scan to remediation in one workflow

Signal from noise

Portfolio-wide visibility

Evidence for every audience

Every web property, ranked by risk

The needles in the haystack

Critical

High

Medium

Low

From the reason code library

Every finding ships with step-by-step remediation

Stay notified without logging in

What visitors see is only half the story.

Care that fits your schedule

Deep privacy intelligence per site, going back as far as you need

Scan

Analyze

Drill Down

Scan

Analyze

Drill Down

Complete scan history

Cookie inventory

Form data tracing

Session replay detection

Geo risk mapping

Perimeter check

Every scan, stored forever, not just 30 days

Follow the data, wherever it travels

Constellation View

Waterfall View

Evidence for every audience

Risk & Remediation Report

GPC Compliance Report

Payload Explorer

Digital Objects Report

Discover risks. Then enforce your rules.

Privacy intelligence for every stakeholder

Privacy & Compliance Teams

Insurance Underwriters

Legal & Defense Counsel

Privacy Edge questions from legal, privacy, and engineering teams

Ready to see your privacy risk posture?

Complete privacy intelligence. Across every
web property.