Domain Privacy Risk Assessment
Understand what makes a domain high or low risk for privacy, and how to assess the signals that matter.
What Is Domain Privacy Risk
Domain privacy risk measures how aggressively a website collects, shares, and exposes visitor data. It is determined by observable technical signals — the scripts a page loads, the cookies it sets, the security headers it configures, and the encryption protocols it uses.
A high-risk domain loads many third-party trackers, uses fingerprinting techniques to identify visitors without consent, sets insecure cookies, and lacks basic security headers. A low-risk domain minimizes external connections, secures its cookies, and implements defense-in-depth with proper headers and modern TLS.
Privacy risk is not a binary judgment. It exists on a spectrum, and different signals carry different weight. A single advertising tracker is a minor concern; active fingerprinting combined with 20+ trackers and missing security headers is a serious one.
Signals We Track
GeckoAdvisor assesses domain privacy risk across five signal categories:
- Trackers — Third-party scripts from known tracking networks (ad tech, analytics, retargeting). Matched against EasyPrivacy and WhoTracks.me databases. More trackers means more data shared with external parties.
- Fingerprinting — Techniques that identify users without cookies: canvas fingerprinting, WebGL rendering, audio context analysis, and font enumeration. These are difficult for users to detect or prevent.
- Cookies — First-party and third-party cookies, their security flags (Secure, HttpOnly, SameSite), duration, and purpose. Insecure cookies can be intercepted or used for cross-site tracking.
- Security Headers — HTTP response headers that protect visitors: Content-Security-Policy (CSP), HTTP Strict Transport Security (HSTS), Referrer-Policy, Permissions-Policy, and X-Content-Type-Options.
- TLS Configuration — Encryption protocol version, certificate validity, and HSTS enforcement. Modern TLS 1.3 with HSTS provides the strongest transport security.
High vs Low Risk
The following table summarizes key differences between low-risk and high-risk domain configurations:
| Signal | Low Risk | High Risk |
|---|---|---|
| Trackers | 0–3 trackers | 15+ trackers |
| Fingerprinting | Not detected | Active fingerprinting |
| Cookies | Proper security flags | Missing Secure/HttpOnly |
| Security Headers | CSP, HSTS, Referrer-Policy | Missing key headers |
| TLS | TLS 1.3 with HSTS | TLS 1.2 without HSTS |
| Score | 80–100 | 0–59 |
Check a Domain
Use the Domain Risk Checker to scan any domain and receive a full privacy risk assessment. The scan runs in under 60 seconds and produces an evidence-based report with specific findings, severity ratings, and actionable recommendations.
For programmatic access, the Domain Intelligence API provides the same assessment data in a structured format suitable for integration into security dashboards, procurement workflows, and compliance tooling.
Methodology
Privacy scores start at 100 and are reduced based on detected issues. Each signal category has a maximum penalty cap to prevent single issues from dominating the overall score. Tracker detection uses EasyPrivacy and WhoTracks.me as reference databases. Security header assessment follows Mozilla Observatory recommendations.
For the full scoring breakdown, category weights, and limitation disclosures, see the complete methodology page.