Privacy Assessment
The Privacy Assessment module in Attackmetricx is a comprehensive privacy and compliance auditing engine designed to help organizations assess, understand, and improve the privacy posture of their websites.
Unlike basic compliance checkers, Attackmetricx performs behavior-based analysis by observing how a website actually behaves before and after user consent, providing organizations with a clear, defensible, and evidence-based view of their real privacy compliance status.
This module bridges the gap between legal privacy requirements (such as GDPR) and technical website behavior, translating complex privacy rules into actionable and measurable insights.
Privacy Regulations and Why They Matter
Privacy regulations such as the General Data Protection Regulation (GDPR) govern how personal data is collected, processed, stored, and shared.
From a website perspective, these regulations focus on:
User consent before tracking or data collection
Transparency in how data is used
Control over cookies and third-party services
Clear and accessible privacy and cookie policies
Failure to comply may result in:
Legal penalties and regulatory fines
Loss of user trust and brand credibility
Enforcement actions by regulatory authorities
Attackmetricx enables organizations to proactively identify privacy risks and demonstrate compliance through continuous, automated monitoring.
Privacy Assessment Dashboard
Purpose of the Page
The Privacy Assessment page provides a centralized view of all organizational websites registered in Attackmetricx and their current privacy assessment status.
From this page, users can:
Add new websites for privacy assessment
Monitor scan results and overall privacy status
Access detailed assessment reports per website
Track scan history and last activity
Website List View
Each website entry includes:
Website URL The domain or full URL being assessed.
Status
Completed: The privacy assessment finished successfully and results are available.
Blocked: The assessment could not be fully completed due to access restrictions or technical limitations.
Added Date The date the website was first registered in Attackmetricx.
Last Scan The timestamp of the most recent privacy assessment.
Actions
Re-scan the website
Remove the website from monitoring
Details (>>) Opens the detailed Website Privacy Assessment report.
Adding a Website
Users can add a new website using the Add Website action located in the top-right corner of the page.
How It Works
Enter the website URL
Attackmetricx schedules a privacy assessment
The system analyzes website behavior under real conditions
Results are mapped against privacy and consent best practices
No code changes, scripts, or installations are required on the target website.
Website Privacy Assessment
To view detailed results, users can click the “>>” icon on the right side of a website record. This action opens the Website Privacy Assessment page, which contains the full privacy breakdown and detailed analysis for the selected website.
This page represents the core of the Privacy Assessment feature.
Audit Metadata
At the top of the assessment report, Attackmetricx displays key scan information and actions:
Rescan Website Allows users to manually trigger a new privacy assessment. This is useful after updating cookie banners, modifying tracking behavior, or applying privacy-related fixes.
Website Displays the assessed domain.
Scan Date Shows the exact date and time the privacy assessment was performed.
Website Screenshot
Displays a visual snapshot of the website when available
Helps confirm visibility and accessibility during the scan
Pre-Consent Analysis
This section answers a critical privacy question:
What happens on the website before the user gives consent?
Attackmetricx evaluates whether any tracking or third-party activity occurs before consent is granted, which is a key requirement under privacy regulations.
Metrics Analyzed Before Consent
Third-Party Trackers
Third-Party Cookies
Third-Party Fonts
Third-Party Domains
Each metric is counted and clearly displayed to allow instant identification of privacy violations.
Cookie Banner Detection
Why It Matters
A cookie banner is required whenever cookies or third-party services are used that are not strictly necessary.
What Attackmetricx Checks
Presence of a visible cookie banner
Ability to delay non-essential cookies until consent
Alignment with consent and transparency best practices
If no banner is detected, Attackmetricx flags this as a privacy compliance risk.
Third-Party Trackers
This section analyzes tracking technologies such as analytics tools, marketing pixels, and behavioral trackers.
What Is Evaluated
Total trackers detected
Trackers loaded before consent
Trackers loaded after consent
Trackers must not activate before user permission. Attackmetricx verifies actual runtime behavior, not just configuration settings.
Third-Party Cookies
This section evaluates cookies set by third-party services and their compliance with privacy consent rules.
What Attackmetricx Evaluates
Total Detected The total number of third-party cookies identified.
Before Consent Third-party cookies set before user consent, which may indicate a privacy violation unless strictly necessary.
After Consent Cookies activated only after user consent, representing correct behavior.
Cookie-Level Details
For each cookie, Attackmetricx displays:
Cookie Name
Domain that set the cookie
Expiration Date
Consent Status (Before or After Consent)
Risk Status
This allows teams to quickly identify problematic services and required remediation.
Cookie-Level Details
For each detected cookie, Attackmetricx provides:
Cookie Name
Domain that set the cookie
Expiration Date
Consent Status (Before or After Consent)
Risk Status (e.g. Medium Risk)
This level of visibility helps teams quickly identify which services are violating consent rules and where remediation is required.
Fonts Analysis
The Fonts section evaluates how fonts are loaded and whether they pose a privacy risk.
Why Fonts Matter
External font providers may:
Expose user IP addresses
Share metadata with third parties
Require explicit user consent in some regions
What Attackmetricx Checks
Total Detected The total number of fonts used by the website.
Third-Party Fonts Identifies fonts loaded from external providers.
Locally hosted fonts are highlighted as a privacy-friendly best practice and classified as No Risk.
Third-Party Domains
This section identifies external domains contacted by the website during page load or runtime.
Why This Is Critical
Each third-party domain represents a potential:
Data transfer
Tracking endpoint
Privacy compliance risk
Non-essential third-party domains must not be contacted before user consent.
What Attackmetricx Analyzes
Total detected domains
Domains contacted before consent
Domains contacted after consent
Domain-Level Breakdown
For each domain, Attackmetricx provides:
Domain Name
Consent Status
Risk Level
This helps teams identify unexpected dependencies and data-sharing paths.
First-Party Cookies
Not all cookies are restricted under privacy regulations.
What Is Allowed
Strictly necessary cookies (e.g. session management)
Security-related cookies
Attackmetricx confirms that:
Only essential cookies load before consent
Optional cookies respect user permission
Cookie Policy Detection
What Attackmetricx Checks
Presence of a cookie policy page
Accessibility and visibility
Alignment with detected cookie behavior
Missing policies are flagged as privacy gaps requiring attention.
Privacy Policy Detection
A privacy policy is a fundamental requirement under modern privacy regulations.
Attackmetricx Verifies
Whether a privacy policy exists
Whether it is accessible from the website
Whether it supports transparency requirements
Missing or inaccessible policies are clearly flagged to reduce legal and reputational risk.
Why Attackmetricx Stands Out
Attackmetricx goes beyond surface-level privacy checks by:
Analyzing real website behavior
Separating before vs after consent
Mapping technical findings to privacy principles
Providing clear, actionable insights
Supporting continuous monitoring, not one-time scans
This makes the Privacy Assessment module a powerful tool for security teams, compliance officers, legal teams, and website owners.
Last updated
Was this helpful?