@consenttheater/playbill 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/README.md +49 -59
  2. package/dist/actors/advertising.json +2413 -2412
  3. package/dist/actors/analytics.json +2653 -2648
  4. package/dist/actors/consent.json +89 -89
  5. package/dist/actors/data_leak.json +822 -819
  6. package/dist/actors/fingerprinting.json +205 -205
  7. package/dist/actors/functional.json +1098 -1092
  8. package/dist/actors/marketing.json +728 -727
  9. package/dist/actors/security.json +90 -90
  10. package/dist/actors/session_recording.json +161 -161
  11. package/dist/actors/social.json +325 -325
  12. package/dist/actors/tag_manager.json +44 -44
  13. package/dist/index.d.ts +16 -10
  14. package/dist/index.d.ts.map +1 -1
  15. package/dist/index.js +20 -12
  16. package/dist/types.d.ts +25 -29
  17. package/dist/types.d.ts.map +1 -1
  18. package/dist/types.js +8 -3
  19. package/package.json +3 -7
  20. package/dist/scorer.d.ts +0 -42
  21. package/dist/scorer.d.ts.map +0 -1
  22. package/dist/scorer.js +0 -97
package/dist/actors/security.json CHANGED
@@ -3,97 +3,97 @@
3
3
  "description": "Bot detection, CAPTCHA, CSRF protection, fraud prevention, DDoS mitigation",
4
4
  "stats": { "cookies": 44, "domains": 46, "companies": 33 },
5
5
  "cookies": {
6
- "AEC": { "company": "Google", "service": "Google", "category": "security", "description": "Ensures requests within a browsing session are made by the user and not by other sites", "severity": "low", "lifetime": "6 months", "docs_url": "https://policies.google.com/technologies/cookies" },
7
- "G_AUTHUSER_H": { "company": "Google", "service": "Google Sign-In", "category": "security", "description": "Google multi-account sign-in cookie indicating which logged-in account to use for embedded services", "severity": "low", "lifetime": "2 years", "docs_url": "https://policies.google.com/technologies/cookies" },
8
- "NID": { "company": "Google", "service": "Google", "category": "security", "description": "Google NID cookie storing preferences and CAPTCHA verification for reCAPTCHA and Google services", "severity": "medium", "lifetime": "6 months", "note": "While categorized by Google as 'preferences', this cookie enables cross-site user identification", "docs_url": "https://policies.google.com/technologies/cookies" },
9
- "RT": { "company": "Akamai", "service": "Akamai mPulse", "category": "security", "description": "Akamai mPulse real user monitoring round-trip time cookie for performance measurement", "severity": "low", "lifetime": "7 days", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
10
- "TS*": { "company": "F5", "service": "F5 Shape Security", "category": "security", "description": "F5 Shape Security bot defense cookie for traffic classification and fraud prevention", "severity": "medium", "pattern": true, "lifetime": "session", "docs_url": "https://www.f5.com/company/policies/privacy-notice" },
11
- "_GRECAPTCHA": { "company": "Google", "service": "reCAPTCHA", "category": "security", "description": "Google reCAPTCHA challenge token — sets third-party cookie on google.com, leaking visitor IP and behavior data to Google", "severity": "medium", "lifetime": "6 months", "note": "Despite being 'security', this cookie enables Google cross-site tracking. Privacy alternatives: hCaptcha, Friendly Captcha, Cloudflare Turnstile", "docs_url": "https://developers.google.com/recaptcha/docs/faq" },
12
- "__Host-GAPS": { "company": "Google", "service": "Google Accounts", "category": "security", "description": "Google Account Protection Service cookie preventing cross-site request attacks on Google accounts", "severity": "low", "lifetime": "2 years", "docs_url": "https://policies.google.com/technologies/cookies" },
13
- "__Secure-ROLLOUT_TOKEN": { "company": "Google", "service": "YouTube / Google", "category": "security", "description": "Google A/B testing rollout token set on third-party domain — tracks feature flag assignments across sites", "severity": "medium", "lifetime": "session", "note": "Third-party cookie from youtube.com/google.com used for experiment bucketing — leaks browsing context to Google", "docs_url": "https://policies.google.com/technologies/cookies" },
14
- "__cf_bm": { "company": "Cloudflare", "service": "Cloudflare Bot Management", "category": "security", "description": "Identifies and distinguishes between humans and bots to mitigate automated abuse", "severity": "low", "lifetime": "30 minutes", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
15
- "__cf_turnstile_*": { "company": "Cloudflare", "service": "Cloudflare Turnstile", "category": "security", "description": "Cloudflare Turnstile privacy-preserving CAPTCHA challenge state cookie", "severity": "low", "pattern": true, "lifetime": "session", "docs_url": "https://developers.cloudflare.com/turnstile/" },
16
- "__cflb": { "company": "Cloudflare", "service": "Cloudflare Load Balancing", "category": "security", "description": "Cloudflare load balancer affinity cookie for routing requests to the same backend server", "severity": "low", "lifetime": "24 hours", "docs_url": "https://developers.cloudflare.com/load-balancing/understand-basics/session-affinity/" },
17
- "__cfruid": { "company": "Cloudflare", "service": "Cloudflare", "category": "security", "description": "Cloudflare cookie for rate limiting identification to prevent denial-of-service attacks", "severity": "low", "lifetime": "session", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
18
- "__ddg1_": { "company": "DuckDuckGo", "service": "DuckDuckGo", "category": "security", "description": "DuckDuckGo first-party cookie for preventing automated abuse while preserving privacy", "severity": "low", "lifetime": "1 year", "docs_url": "https://duckduckgo.com/privacy" },
19
- "__imp_apg_r_*": { "company": "Imperva", "service": "Imperva (Incapsula) Bot Protection", "category": "security", "description": "Imperva/Incapsula bot mitigation cookie for WAF and DDoS protection", "severity": "medium", "pattern": true, "lifetime": "session", "docs_url": "https://www.imperva.com/trust-center/privacy-statement/" },
20
- "_abck": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager cookie for advanced bot detection using behavioral analysis", "severity": "medium", "lifetime": "1 year", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
21
- "_cfuvid": { "company": "Cloudflare", "service": "Cloudflare", "category": "security", "description": "Cloudflare unique visitor ID cookie for rate limiting per-visitor rather than per-IP", "severity": "low", "lifetime": "session", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
22
- "_dd_cookie_test_*": { "company": "DataDome", "service": "DataDome Bot Protection", "category": "security", "description": "DataDome cookie test to verify browser cookie support for bot detection", "severity": "low", "pattern": true, "lifetime": "session", "docs_url": "https://datadome.co/privacy-policy/" },
23
- "_dd_s": { "company": "DataDome", "service": "DataDome Bot Protection", "category": "security", "description": "DataDome bot detection session cookie for distinguishing humans from automated traffic", "severity": "medium", "lifetime": "session", "docs_url": "https://datadome.co/privacy-policy/" },
24
- "_geetest_*": { "company": "GeeTest", "service": "GeeTest CAPTCHA", "category": "security", "description": "GeeTest CAPTCHA verification cookie for bot detection and challenge state", "severity": "medium", "pattern": true, "lifetime": "session", "docs_url": "https://www.geetest.com/en/privacy" },
25
- "_grecaptcha": { "company": "Google", "service": "reCAPTCHA", "category": "security", "description": "Google reCAPTCHA localStorage token — persists challenge state and behavioral fingerprint data on the client", "severity": "medium", "lifetime": "persistent", "note": "Stored in localStorage, harder to clear than cookies. Contains device fingerprint signals", "docs_url": "https://developers.google.com/recaptcha/docs/faq" },
26
- "_px3": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Bot Defense", "category": "security", "description": "PerimeterX/HUMAN advanced bot detection cookie with behavioral analysis data", "severity": "medium", "lifetime": "session", "docs_url": "https://www.humansecurity.com/privacy" },
27
- "_pxhd": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Bot Defense", "category": "security", "description": "PerimeterX/HUMAN bot detection cookie storing browser fingerprint data", "severity": "medium", "lifetime": "1 year", "docs_url": "https://www.humansecurity.com/privacy" },
28
- "_pxvid": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Bot Defense", "category": "security", "description": "PerimeterX/HUMAN visitor identifier cookie for bot risk assessment", "severity": "medium", "lifetime": "1 year", "docs_url": "https://www.humansecurity.com/privacy" },
29
- "ak_bmsc": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager session cookie for distinguishing human from bot traffic", "severity": "medium", "lifetime": "session", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
30
- "arkose_token": { "company": "Arkose Labs", "service": "Arkose Labs Bot Detection", "category": "security", "description": "Arkose Labs fraud prevention token cookie for CAPTCHA challenge verification", "severity": "medium", "lifetime": "session", "docs_url": "https://www.arkoselabs.com/privacy-policy/" },
31
- "bm_mi": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager machine identity cookie for advanced device fingerprinting", "severity": "medium", "lifetime": "session", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
32
- "bm_sv": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager session verification cookie for real-time bot scoring", "severity": "medium", "lifetime": "session", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
33
- "bm_sz": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager sizing cookie for recording client device capabilities for bot scoring", "severity": "medium", "lifetime": "session", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
34
- "castle_session_*": { "company": "Castle", "service": "Castle Account Security", "category": "security", "description": "Castle account security session cookie for device fingerprinting and anomaly detection", "severity": "medium", "pattern": true, "lifetime": "session", "docs_url": "https://castle.io/privacy/" },
35
- "cf_clearance": { "company": "Cloudflare", "service": "Cloudflare", "category": "security", "description": "Stores proof that a visitor has passed a Cloudflare challenge to avoid repeated challenges", "severity": "low", "lifetime": "30 minutes", "note": "Functional security cookie, typically exempt from consent under GDPR Article 6(1)(f)", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
36
- "cf_ob_info": { "company": "Cloudflare", "service": "Cloudflare Always Online", "category": "security", "description": "Cloudflare Always Online cookie storing origin error info for cached page delivery", "severity": "low", "lifetime": "session", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
37
- "ct0": { "company": "X Corp", "service": "X (Twitter)", "category": "security", "description": "Stores a unique CSRF token to protect against cross-site request forgery on X/Twitter", "severity": "low", "lifetime": "6 hours", "docs_url": "https://help.twitter.com/en/rules-and-policies/twitter-cookies" },
38
- "datadome": { "company": "DataDome", "service": "DataDome Bot Protection", "category": "security", "description": "DataDome persistent bot protection cookie storing device fingerprint and risk score", "severity": "medium", "lifetime": "1 year", "docs_url": "https://datadome.co/privacy-policy/" },
39
- "incap_ses_*": { "company": "Imperva", "service": "Imperva (Incapsula) Bot Protection", "category": "security", "description": "Incapsula session cookie for maintaining security state during a visit", "severity": "medium", "pattern": true, "lifetime": "session", "docs_url": "https://www.imperva.com/trust-center/privacy-statement/" },
40
- "kasada_*": { "company": "Kasada", "service": "Kasada Bot Defense", "category": "security", "description": "Kasada bot mitigation cookie for proof-of-work challenge verification", "severity": "medium", "pattern": true, "lifetime": "session", "docs_url": "https://www.kasada.io/privacy-policy/" },
41
- "nfp_*": { "company": "Netacea", "service": "Netacea Bot Management", "category": "security", "description": "Netacea bot management fingerprint cookie for distinguishing legitimate traffic from automated bots", "severity": "medium", "pattern": true, "lifetime": "session", "docs_url": "https://www.netacea.com/privacy-policy/" },
42
- "reese84": { "company": "F5", "service": "F5 Shape Security", "category": "security", "description": "F5 Shape Security bot detection cookie using telemetry data for automated threat classification", "severity": "medium", "lifetime": "session", "docs_url": "https://www.f5.com/company/policies/privacy-notice" },
43
- "sb": { "company": "Meta", "service": "Facebook", "category": "security", "description": "Stores browser details for Facebook security and login verification", "severity": "low", "lifetime": "2 years", "docs_url": "https://www.facebook.com/policies/cookies/" },
44
- "shield_*": { "company": "Shield Security", "service": "Shield Security (WP)", "category": "security", "description": "Shield Security WordPress plugin cookie for login protection, bot blocking, and firewall state", "severity": "low", "pattern": true, "lifetime": "session", "docs_url": "https://getshieldsecurity.com/privacy/" },
45
- "sucuri_cloudproxy_uuid_*": { "company": "GoDaddy (Sucuri)", "service": "Sucuri WAF", "category": "security", "description": "Sucuri CloudProxy WAF session cookie for maintaining security state during traffic filtering", "severity": "low", "pattern": true, "lifetime": "session", "docs_url": "https://sucuri.net/privacy/" },
46
- "visid_incap_*": { "company": "Imperva", "service": "Imperva (Incapsula) Bot Protection", "category": "security", "description": "Incapsula visitor identifier for bot detection and security analysis", "severity": "medium", "pattern": true, "lifetime": "1 year", "docs_url": "https://www.imperva.com/trust-center/privacy-statement/" },
47
- "wfwaf-authcookie-*": { "company": "Defiant Inc.", "service": "Wordfence WAF", "category": "security", "description": "Wordfence WordPress WAF authentication cookie for bypassing firewall rules for logged-in admins", "severity": "low", "pattern": true, "lifetime": "12 hours", "docs_url": "https://www.wordfence.com/help/firewall/optimizing-the-firewall/" },
48
- "x-amz-captcha-1": { "company": "Amazon", "service": "Amazon Security", "category": "security", "description": "Amazon CAPTCHA verification cookie for bot protection during security challenges", "severity": "low", "lifetime": "session", "docs_url": "https://www.amazon.com/gp/help/customer/display.html?nodeId=201890250" },
49
- "x-amz-captcha-2": { "company": "Amazon", "service": "Amazon Security", "category": "security", "description": "Secondary Amazon CAPTCHA token for multi-step bot verification challenges", "severity": "low", "lifetime": "session", "docs_url": "https://www.amazon.com/gp/help/customer/display.html?nodeId=201890250" }
6
+ "AEC": { "company": "Google", "service": "Google", "category": "security", "description": "Ensures requests within a browsing session are made by the user and not by other sites", "consent_burden": "minimal", "lifetime": "6 months", "docs_url": "https://policies.google.com/technologies/cookies" },
7
+ "G_AUTHUSER_H": { "company": "Google", "service": "Google Sign-In", "category": "security", "description": "Google multi-account sign-in cookie indicating which logged-in account to use for embedded services", "consent_burden": "minimal", "lifetime": "2 years", "docs_url": "https://policies.google.com/technologies/cookies" },
8
+ "NID": { "company": "Google", "service": "Google", "category": "security", "description": "Google NID cookie storing preferences and CAPTCHA verification for reCAPTCHA and Google services", "consent_burden": "contested", "lifetime": "6 months", "note": "While categorized by Google as 'preferences', this cookie enables cross-site user identification", "docs_url": "https://policies.google.com/technologies/cookies" },
9
+ "RT": { "company": "Akamai", "service": "Akamai mPulse", "category": "security", "description": "Akamai mPulse real user monitoring round-trip time cookie for performance measurement", "consent_burden": "minimal", "lifetime": "7 days", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
10
+ "TS*": { "company": "F5", "service": "F5 Shape Security", "category": "security", "description": "F5 Shape Security bot defense cookie for traffic classification and fraud prevention", "consent_burden": "contested", "pattern": true, "lifetime": "session", "docs_url": "https://www.f5.com/company/policies/privacy-notice" },
11
+ "_GRECAPTCHA": { "company": "Google", "service": "reCAPTCHA", "category": "security", "description": "Google reCAPTCHA challenge token — sets third-party cookie on google.com, leaking visitor IP and behavior data to Google", "consent_burden": "contested", "lifetime": "6 months", "note": "Despite being 'security', this cookie enables Google cross-site tracking. Privacy alternatives: hCaptcha, Friendly Captcha, Cloudflare Turnstile", "docs_url": "https://developers.google.com/recaptcha/docs/faq" },
12
+ "__Host-GAPS": { "company": "Google", "service": "Google Accounts", "category": "security", "description": "Google Account Protection Service cookie preventing cross-site request attacks on Google accounts", "consent_burden": "minimal", "lifetime": "2 years", "docs_url": "https://policies.google.com/technologies/cookies" },
13
+ "__Secure-ROLLOUT_TOKEN": { "company": "Google", "service": "YouTube / Google", "category": "security", "description": "Google A/B testing rollout token set on third-party domain — tracks feature flag assignments across sites", "consent_burden": "contested", "lifetime": "session", "note": "Third-party cookie from youtube.com/google.com used for experiment bucketing — leaks browsing context to Google", "docs_url": "https://policies.google.com/technologies/cookies" },
14
+ "__cf_bm": { "company": "Cloudflare", "service": "Cloudflare Bot Management", "category": "security", "description": "Identifies and distinguishes between humans and bots to mitigate automated abuse", "consent_burden": "minimal", "lifetime": "30 minutes", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
15
+ "__cf_turnstile_*": { "company": "Cloudflare", "service": "Cloudflare Turnstile", "category": "security", "description": "Cloudflare Turnstile privacy-preserving CAPTCHA challenge state cookie", "consent_burden": "minimal", "pattern": true, "lifetime": "session", "docs_url": "https://developers.cloudflare.com/turnstile/" },
16
+ "__cflb": { "company": "Cloudflare", "service": "Cloudflare Load Balancing", "category": "security", "description": "Cloudflare load balancer affinity cookie for routing requests to the same backend server", "consent_burden": "minimal", "lifetime": "24 hours", "docs_url": "https://developers.cloudflare.com/load-balancing/understand-basics/session-affinity/" },
17
+ "__cfruid": { "company": "Cloudflare", "service": "Cloudflare", "category": "security", "description": "Cloudflare cookie for rate limiting identification to prevent denial-of-service attacks", "consent_burden": "minimal", "lifetime": "session", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
18
+ "__ddg1_": { "company": "DuckDuckGo", "service": "DuckDuckGo", "category": "security", "description": "DuckDuckGo first-party cookie for preventing automated abuse while preserving privacy", "consent_burden": "minimal", "lifetime": "1 year", "docs_url": "https://duckduckgo.com/privacy" },
19
+ "__imp_apg_r_*": { "company": "Imperva", "service": "Imperva (Incapsula) Bot Protection", "category": "security", "description": "Imperva/Incapsula bot mitigation cookie for WAF and DDoS protection", "consent_burden": "contested", "pattern": true, "lifetime": "session", "docs_url": "https://www.imperva.com/trust-center/privacy-statement/" },
20
+ "_abck": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager cookie for advanced bot detection using behavioral analysis", "consent_burden": "contested", "lifetime": "1 year", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
21
+ "_cfuvid": { "company": "Cloudflare", "service": "Cloudflare", "category": "security", "description": "Cloudflare unique visitor ID cookie for rate limiting per-visitor rather than per-IP", "consent_burden": "minimal", "lifetime": "session", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
22
+ "_dd_cookie_test_*": { "company": "DataDome", "service": "DataDome Bot Protection", "category": "security", "description": "DataDome cookie test to verify browser cookie support for bot detection", "consent_burden": "minimal", "pattern": true, "lifetime": "session", "docs_url": "https://datadome.co/privacy-policy/" },
23
+ "_dd_s": { "company": "DataDome", "service": "DataDome Bot Protection", "category": "security", "description": "DataDome bot detection session cookie for distinguishing humans from automated traffic", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://datadome.co/privacy-policy/" },
24
+ "_geetest_*": { "company": "GeeTest", "service": "GeeTest CAPTCHA", "category": "security", "description": "GeeTest CAPTCHA verification cookie for bot detection and challenge state", "consent_burden": "contested", "pattern": true, "lifetime": "session", "docs_url": "https://www.geetest.com/en/privacy" },
25
+ "_grecaptcha": { "company": "Google", "service": "reCAPTCHA", "category": "security", "description": "Google reCAPTCHA localStorage token — persists challenge state and behavioral fingerprint data on the client", "consent_burden": "contested", "lifetime": "persistent", "note": "Stored in localStorage, harder to clear than cookies. Contains device fingerprint signals", "docs_url": "https://developers.google.com/recaptcha/docs/faq" },
26
+ "_px3": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Bot Defense", "category": "security", "description": "PerimeterX/HUMAN advanced bot detection cookie with behavioral analysis data", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://www.humansecurity.com/privacy" },
27
+ "_pxhd": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Bot Defense", "category": "security", "description": "PerimeterX/HUMAN bot detection cookie storing browser fingerprint data", "consent_burden": "contested", "lifetime": "1 year", "docs_url": "https://www.humansecurity.com/privacy" },
28
+ "_pxvid": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Bot Defense", "category": "security", "description": "PerimeterX/HUMAN visitor identifier cookie for bot risk assessment", "consent_burden": "contested", "lifetime": "1 year", "docs_url": "https://www.humansecurity.com/privacy" },
29
+ "ak_bmsc": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager session cookie for distinguishing human from bot traffic", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
30
+ "arkose_token": { "company": "Arkose Labs", "service": "Arkose Labs Bot Detection", "category": "security", "description": "Arkose Labs fraud prevention token cookie for CAPTCHA challenge verification", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://www.arkoselabs.com/privacy-policy/" },
31
+ "bm_mi": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager machine identity cookie for advanced device fingerprinting", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
32
+ "bm_sv": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager session verification cookie for real-time bot scoring", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
33
+ "bm_sz": { "company": "Akamai", "service": "Akamai Bot Manager", "category": "security", "description": "Akamai Bot Manager sizing cookie for recording client device capabilities for bot scoring", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
34
+ "castle_session_*": { "company": "Castle", "service": "Castle Account Security", "category": "security", "description": "Castle account security session cookie for device fingerprinting and anomaly detection", "consent_burden": "contested", "pattern": true, "lifetime": "session", "docs_url": "https://castle.io/privacy/" },
35
+ "cf_clearance": { "company": "Cloudflare", "service": "Cloudflare", "category": "security", "description": "Stores proof that a visitor has passed a Cloudflare challenge to avoid repeated challenges", "consent_burden": "minimal", "lifetime": "30 minutes", "note": "Functional security cookie, typically exempt from consent under GDPR Article 6(1)(f)", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
36
+ "cf_ob_info": { "company": "Cloudflare", "service": "Cloudflare Always Online", "category": "security", "description": "Cloudflare Always Online cookie storing origin error info for cached page delivery", "consent_burden": "minimal", "lifetime": "session", "docs_url": "https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/" },
37
+ "ct0": { "company": "X Corp", "service": "X (Twitter)", "category": "security", "description": "Stores a unique CSRF token to protect against cross-site request forgery on X/Twitter", "consent_burden": "minimal", "lifetime": "6 hours", "docs_url": "https://help.twitter.com/en/rules-and-policies/twitter-cookies" },
38
+ "datadome": { "company": "DataDome", "service": "DataDome Bot Protection", "category": "security", "description": "DataDome persistent bot protection cookie storing device fingerprint and risk score", "consent_burden": "contested", "lifetime": "1 year", "docs_url": "https://datadome.co/privacy-policy/" },
39
+ "incap_ses_*": { "company": "Imperva", "service": "Imperva (Incapsula) Bot Protection", "category": "security", "description": "Incapsula session cookie for maintaining security state during a visit", "consent_burden": "contested", "pattern": true, "lifetime": "session", "docs_url": "https://www.imperva.com/trust-center/privacy-statement/" },
40
+ "kasada_*": { "company": "Kasada", "service": "Kasada Bot Defense", "category": "security", "description": "Kasada bot mitigation cookie for proof-of-work challenge verification", "consent_burden": "contested", "pattern": true, "lifetime": "session", "docs_url": "https://www.kasada.io/privacy-policy/" },
41
+ "nfp_*": { "company": "Netacea", "service": "Netacea Bot Management", "category": "security", "description": "Netacea bot management fingerprint cookie for distinguishing legitimate traffic from automated bots", "consent_burden": "contested", "pattern": true, "lifetime": "session", "docs_url": "https://www.netacea.com/privacy-policy/" },
42
+ "reese84": { "company": "F5", "service": "F5 Shape Security", "category": "security", "description": "F5 Shape Security bot detection cookie using telemetry data for automated threat classification", "consent_burden": "contested", "lifetime": "session", "docs_url": "https://www.f5.com/company/policies/privacy-notice" },
43
+ "sb": { "company": "Meta", "service": "Facebook", "category": "security", "description": "Stores browser details for Facebook security and login verification", "consent_burden": "minimal", "lifetime": "2 years", "docs_url": "https://www.facebook.com/policies/cookies/" },
44
+ "shield_*": { "company": "Shield Security", "service": "Shield Security (WP)", "category": "security", "description": "Shield Security WordPress plugin cookie for login protection, bot blocking, and firewall state", "consent_burden": "minimal", "pattern": true, "lifetime": "session", "docs_url": "https://getshieldsecurity.com/privacy/" },
45
+ "sucuri_cloudproxy_uuid_*": { "company": "GoDaddy (Sucuri)", "service": "Sucuri WAF", "category": "security", "description": "Sucuri CloudProxy WAF session cookie for maintaining security state during traffic filtering", "consent_burden": "minimal", "pattern": true, "lifetime": "session", "docs_url": "https://sucuri.net/privacy/" },
46
+ "visid_incap_*": { "company": "Imperva", "service": "Imperva (Incapsula) Bot Protection", "category": "security", "description": "Incapsula visitor identifier for bot detection and security analysis", "consent_burden": "contested", "pattern": true, "lifetime": "1 year", "docs_url": "https://www.imperva.com/trust-center/privacy-statement/" },
47
+ "wfwaf-authcookie-*": { "company": "Defiant Inc.", "service": "Wordfence WAF", "category": "security", "description": "Wordfence WordPress WAF authentication cookie for bypassing firewall rules for logged-in admins", "consent_burden": "minimal", "pattern": true, "lifetime": "12 hours", "docs_url": "https://www.wordfence.com/help/firewall/optimizing-the-firewall/" },
48
+ "x-amz-captcha-1": { "company": "Amazon", "service": "Amazon Security", "category": "security", "description": "Amazon CAPTCHA verification cookie for bot protection during security challenges", "consent_burden": "minimal", "lifetime": "session", "docs_url": "https://www.amazon.com/gp/help/customer/display.html?nodeId=201890250" },
49
+ "x-amz-captcha-2": { "company": "Amazon", "service": "Amazon Security", "category": "security", "description": "Secondary Amazon CAPTCHA token for multi-step bot verification challenges", "consent_burden": "minimal", "lifetime": "session", "docs_url": "https://www.amazon.com/gp/help/customer/display.html?nodeId=201890250" }
50
50
  },
51
51
  "domains": {
52
- "api-js.datadome.co": { "company": "DataDome", "service": "DataDome Bot Protection", "category": "security", "severity": "medium", "docs_url": "https://datadome.co/privacy-policy/" },
53
- "api.akismet.com": { "company": "Automattic", "service": "Akismet Anti-Spam", "category": "security", "severity": "low", "note": "WordPress Akismet anti-spam plugin transmits comment data and IP for spam detection", "docs_url": "https://automattic.com/privacy/" },
54
- "api.arkoselabs.com": { "company": "Arkose Labs", "service": "Arkose Labs Bot Detection", "category": "security", "severity": "medium", "docs_url": "https://www.arkoselabs.com/privacy-policy/" },
55
- "api.castle.io": { "company": "Castle", "service": "Castle API", "category": "security", "severity": "medium", "docs_url": "https://castle.io/privacy/" },
56
- "api.cleantalk.org": { "company": "CleanTalk", "service": "CleanTalk Anti-Spam", "category": "security", "severity": "medium", "note": "CleanTalk anti-spam service sends visitor IP for spam database lookup", "docs_url": "https://cleantalk.org/publicoffer" },
57
- "api.friendlycaptcha.com": { "company": "Friendly Captcha", "service": "Friendly Captcha API", "category": "security", "severity": "low", "docs_url": "https://friendlycaptcha.com/legal/privacy/" },
58
- "api.netacea.com": { "company": "Netacea", "service": "Netacea API", "category": "security", "severity": "medium", "docs_url": "https://www.netacea.com/privacy-policy/" },
59
- "captcha.perimeterx.net": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Bot Defense", "category": "security", "severity": "medium", "docs_url": "https://www.humansecurity.com/privacy" },
60
- "cdn.akamai.com/bot-defense": { "company": "Akamai", "service": "Akamai Bot Defense CDN", "category": "security", "severity": "medium", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
61
- "cdn.antibot.cloud": { "company": "AntiBot", "service": "AntiBot Cloud Protection", "category": "security", "severity": "medium", "docs_url": "https://antibot.cloud/privacy/" },
62
- "cdn.barracuda.com": { "company": "Barracuda Networks", "service": "Barracuda WAF", "category": "security", "severity": "medium", "docs_url": "https://www.barracuda.com/company/legal/trust-center/data-privacy" },
63
- "cdn.castle.io": { "company": "Castle", "service": "Castle Account Security", "category": "security", "severity": "medium", "docs_url": "https://castle.io/privacy/" },
64
- "cdn.datadome.co": { "company": "DataDome", "service": "DataDome CDN", "category": "security", "severity": "medium", "docs_url": "https://datadome.co/privacy-policy/" },
65
- "cdn.fastly.com/shield": { "company": "Fastly", "service": "Fastly Bot Shield", "category": "security", "severity": "low", "docs_url": "https://www.fastly.com/privacy/" },
66
- "cdn.humansecurity.com": { "company": "HUMAN Security", "service": "HUMAN Security CDN", "category": "security", "severity": "medium", "docs_url": "https://www.humansecurity.com/privacy" },
67
- "cdn.kasada.io": { "company": "Kasada", "service": "Kasada Bot Defense", "category": "security", "severity": "medium", "docs_url": "https://www.kasada.io/privacy-policy/" },
68
- "cdn.netacea.com": { "company": "Netacea", "service": "Netacea Bot Management", "category": "security", "severity": "medium", "docs_url": "https://www.netacea.com/privacy-policy/" },
69
- "cdn.perimeterx.net/resources": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Resources", "category": "security", "severity": "medium", "docs_url": "https://www.humansecurity.com/privacy" },
70
- "cdn.prosopo.io": { "company": "Prosopo", "service": "Prosopo CAPTCHA CDN", "category": "security", "severity": "low", "docs_url": "https://prosopo.io/privacy/" },
71
- "cdn.radware.com": { "company": "Radware", "service": "Radware Bot Manager", "category": "security", "severity": "medium", "docs_url": "https://www.radware.com/legal-notice/privacy-policy/" },
72
- "cdn.reblaze.com": { "company": "Reblaze", "service": "Reblaze Cloud WAF", "category": "security", "severity": "medium", "docs_url": "https://www.reblaze.com/privacy-policy/" },
73
- "cdn.shape.com": { "company": "F5", "service": "F5 Shape Security CDN", "category": "security", "severity": "medium", "docs_url": "https://www.f5.com/company/policies/privacy-notice" },
74
- "cdn.sucuri.net": { "company": "GoDaddy (Sucuri)", "service": "Sucuri WAF CDN", "category": "security", "severity": "medium", "docs_url": "https://sucuri.net/privacy/" },
75
- "cdn.wordfence.com": { "company": "Defiant Inc.", "service": "Wordfence WAF CDN", "category": "security", "severity": "medium", "docs_url": "https://www.wordfence.com/terms-of-use-and-privacy-policy/" },
76
- "challenges.cloudflare.com": { "company": "Cloudflare", "service": "Cloudflare Turnstile", "category": "security", "severity": "low", "docs_url": "https://developers.cloudflare.com/turnstile/" },
77
- "client-api.arkoselabs.com": { "company": "Arkose Labs", "service": "Arkose Labs Bot Detection", "category": "security", "severity": "medium", "docs_url": "https://www.arkoselabs.com/privacy-policy/" },
78
- "client.perimeterx.net": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Bot Defense", "category": "security", "severity": "medium", "docs_url": "https://www.humansecurity.com/privacy" },
79
- "ct.geetest.com": { "company": "GeeTest", "service": "GeeTest CAPTCHA", "category": "security", "severity": "medium", "docs_url": "https://www.geetest.com/en/privacy" },
80
- "datadome.co": { "company": "DataDome", "service": "DataDome Bot Protection", "category": "security", "severity": "medium", "docs_url": "https://datadome.co/privacy-policy/" },
81
- "friendly-captcha.com": { "company": "Friendly Captcha", "service": "Friendly Captcha", "category": "security", "severity": "low", "note": "Privacy-friendly CAPTCHA alternative using proof-of-work; GDPR-compliant by design", "docs_url": "https://friendlycaptcha.com/legal/privacy/" },
82
- "gcaptcha4.geetest.com": { "company": "GeeTest", "service": "GeeTest CAPTCHA v4", "category": "security", "severity": "medium", "docs_url": "https://www.geetest.com/en/privacy" },
83
- "hcaptcha.com": { "company": "hCaptcha", "service": "hCaptcha", "category": "security", "severity": "low", "docs_url": "https://www.hcaptcha.com/privacy" },
84
- "js.shield.com": { "company": "Shield", "service": "Shield Fraud Prevention", "category": "security", "severity": "medium", "docs_url": "https://shield.com/privacy-policy" },
85
- "mtcaptcha.com": { "company": "MTCaptcha", "service": "MTCaptcha", "category": "security", "severity": "low", "note": "GDPR-compliant CAPTCHA with EU-only data processing", "docs_url": "https://www.mtcaptcha.com/privacy-policy" },
86
- "newassets.hcaptcha.com": { "company": "hCaptcha", "service": "hCaptcha", "category": "security", "severity": "low", "docs_url": "https://www.hcaptcha.com/privacy" },
87
- "prosopo.io": { "company": "Prosopo", "service": "Prosopo CAPTCHA", "category": "security", "severity": "low", "note": "Web3-based CAPTCHA alternative using proof-of-work; privacy-first design", "docs_url": "https://prosopo.io/privacy/" },
88
- "r.stripe.com": { "company": "Stripe", "service": "Stripe Radar", "category": "security", "severity": "medium", "docs_url": "https://stripe.com/privacy" },
89
- "recaptcha.net": { "company": "Google", "service": "reCAPTCHA (CN)", "category": "security", "severity": "medium", "note": "Google reCAPTCHA alternative domain used in regions where google.com is restricted", "docs_url": "https://www.google.com/recaptcha/about/" },
90
- "service.mtcaptcha.com": { "company": "MTCaptcha", "service": "MTCaptcha Service", "category": "security", "severity": "low", "docs_url": "https://www.mtcaptcha.com/privacy-policy" },
91
- "ssl.google-analytics.com": { "company": "Google", "service": "Google Analytics SSL", "category": "security", "severity": "medium", "note": "SSL endpoint for Google Analytics; may be used for consent verification", "docs_url": "https://policies.google.com/privacy" },
92
- "t.humansecurity.com": { "company": "HUMAN Security", "service": "HUMAN Security Tracking", "category": "security", "severity": "medium", "docs_url": "https://www.humansecurity.com/privacy" },
93
- "vercel.live": { "company": "Vercel", "service": "Vercel Web Analytics (Security)", "category": "security", "severity": "low", "note": "Vercel edge middleware for bot protection and rate limiting", "docs_url": "https://vercel.com/legal/privacy-policy" },
94
- "waf.sucuri.net": { "company": "GoDaddy (Sucuri)", "service": "Sucuri WAF", "category": "security", "severity": "medium", "docs_url": "https://sucuri.net/privacy/" },
95
- "www.google.com/recaptcha": { "company": "Google", "service": "reCAPTCHA", "category": "security", "severity": "medium", "note": "reCAPTCHA leaks visitor IP and behavior data to Google. Privacy alternatives: hCaptcha, Friendly Captcha, Cloudflare Turnstile", "docs_url": "https://developers.google.com/recaptcha/docs/faq" },
96
- "www.google.com/recaptcha/enterprise": { "company": "Google", "service": "reCAPTCHA Enterprise", "category": "security", "severity": "medium", "note": "Enterprise reCAPTCHA with risk scoring; sets tracking cookies alongside security function", "docs_url": "https://cloud.google.com/recaptcha-enterprise/docs/overview" },
97
- "www.gstatic.com/recaptcha": { "company": "Google", "service": "reCAPTCHA", "category": "security", "severity": "low", "docs_url": "https://developers.google.com/recaptcha/docs/faq" }
52
+ "api-js.datadome.co": { "company": "DataDome", "service": "DataDome Bot Protection", "category": "security", "consent_burden": "contested", "docs_url": "https://datadome.co/privacy-policy/" },
53
+ "api.akismet.com": { "company": "Automattic", "service": "Akismet Anti-Spam", "category": "security", "consent_burden": "minimal", "note": "WordPress Akismet anti-spam plugin transmits comment data and IP for spam detection", "docs_url": "https://automattic.com/privacy/" },
54
+ "api.arkoselabs.com": { "company": "Arkose Labs", "service": "Arkose Labs Bot Detection", "category": "security", "consent_burden": "contested", "docs_url": "https://www.arkoselabs.com/privacy-policy/" },
55
+ "api.castle.io": { "company": "Castle", "service": "Castle API", "category": "security", "consent_burden": "contested", "docs_url": "https://castle.io/privacy/" },
56
+ "api.cleantalk.org": { "company": "CleanTalk", "service": "CleanTalk Anti-Spam", "category": "security", "consent_burden": "contested", "note": "CleanTalk anti-spam service sends visitor IP for spam database lookup", "docs_url": "https://cleantalk.org/publicoffer" },
57
+ "api.friendlycaptcha.com": { "company": "Friendly Captcha", "service": "Friendly Captcha API", "category": "security", "consent_burden": "minimal", "docs_url": "https://friendlycaptcha.com/legal/privacy/" },
58
+ "api.netacea.com": { "company": "Netacea", "service": "Netacea API", "category": "security", "consent_burden": "contested", "docs_url": "https://www.netacea.com/privacy-policy/" },
59
+ "captcha.perimeterx.net": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Bot Defense", "category": "security", "consent_burden": "contested", "docs_url": "https://www.humansecurity.com/privacy" },
60
+ "cdn.akamai.com/bot-defense": { "company": "Akamai", "service": "Akamai Bot Defense CDN", "category": "security", "consent_burden": "contested", "docs_url": "https://www.akamai.com/legal/privacy-statement" },
61
+ "cdn.antibot.cloud": { "company": "AntiBot", "service": "AntiBot Cloud Protection", "category": "security", "consent_burden": "contested", "docs_url": "https://antibot.cloud/privacy/" },
62
+ "cdn.barracuda.com": { "company": "Barracuda Networks", "service": "Barracuda WAF", "category": "security", "consent_burden": "contested", "docs_url": "https://www.barracuda.com/company/legal/trust-center/data-privacy" },
63
+ "cdn.castle.io": { "company": "Castle", "service": "Castle Account Security", "category": "security", "consent_burden": "contested", "docs_url": "https://castle.io/privacy/" },
64
+ "cdn.datadome.co": { "company": "DataDome", "service": "DataDome CDN", "category": "security", "consent_burden": "contested", "docs_url": "https://datadome.co/privacy-policy/" },
65
+ "cdn.fastly.com/shield": { "company": "Fastly", "service": "Fastly Bot Shield", "category": "security", "consent_burden": "minimal", "docs_url": "https://www.fastly.com/privacy/" },
66
+ "cdn.humansecurity.com": { "company": "HUMAN Security", "service": "HUMAN Security CDN", "category": "security", "consent_burden": "contested", "docs_url": "https://www.humansecurity.com/privacy" },
67
+ "cdn.kasada.io": { "company": "Kasada", "service": "Kasada Bot Defense", "category": "security", "consent_burden": "contested", "docs_url": "https://www.kasada.io/privacy-policy/" },
68
+ "cdn.netacea.com": { "company": "Netacea", "service": "Netacea Bot Management", "category": "security", "consent_burden": "contested", "docs_url": "https://www.netacea.com/privacy-policy/" },
69
+ "cdn.perimeterx.net/resources": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Resources", "category": "security", "consent_burden": "contested", "docs_url": "https://www.humansecurity.com/privacy" },
70
+ "cdn.prosopo.io": { "company": "Prosopo", "service": "Prosopo CAPTCHA CDN", "category": "security", "consent_burden": "minimal", "docs_url": "https://prosopo.io/privacy/" },
71
+ "cdn.radware.com": { "company": "Radware", "service": "Radware Bot Manager", "category": "security", "consent_burden": "contested", "docs_url": "https://www.radware.com/legal-notice/privacy-policy/" },
72
+ "cdn.reblaze.com": { "company": "Reblaze", "service": "Reblaze Cloud WAF", "category": "security", "consent_burden": "contested", "docs_url": "https://www.reblaze.com/privacy-policy/" },
73
+ "cdn.shape.com": { "company": "F5", "service": "F5 Shape Security CDN", "category": "security", "consent_burden": "contested", "docs_url": "https://www.f5.com/company/policies/privacy-notice" },
74
+ "cdn.sucuri.net": { "company": "GoDaddy (Sucuri)", "service": "Sucuri WAF CDN", "category": "security", "consent_burden": "contested", "docs_url": "https://sucuri.net/privacy/" },
75
+ "cdn.wordfence.com": { "company": "Defiant Inc.", "service": "Wordfence WAF CDN", "category": "security", "consent_burden": "contested", "docs_url": "https://www.wordfence.com/terms-of-use-and-privacy-policy/" },
76
+ "challenges.cloudflare.com": { "company": "Cloudflare", "service": "Cloudflare Turnstile", "category": "security", "consent_burden": "minimal", "docs_url": "https://developers.cloudflare.com/turnstile/" },
77
+ "client-api.arkoselabs.com": { "company": "Arkose Labs", "service": "Arkose Labs Bot Detection", "category": "security", "consent_burden": "contested", "docs_url": "https://www.arkoselabs.com/privacy-policy/" },
78
+ "client.perimeterx.net": { "company": "HUMAN Security", "service": "HUMAN (PerimeterX) Bot Defense", "category": "security", "consent_burden": "contested", "docs_url": "https://www.humansecurity.com/privacy" },
79
+ "ct.geetest.com": { "company": "GeeTest", "service": "GeeTest CAPTCHA", "category": "security", "consent_burden": "contested", "docs_url": "https://www.geetest.com/en/privacy" },
80
+ "datadome.co": { "company": "DataDome", "service": "DataDome Bot Protection", "category": "security", "consent_burden": "contested", "docs_url": "https://datadome.co/privacy-policy/" },
81
+ "friendly-captcha.com": { "company": "Friendly Captcha", "service": "Friendly Captcha", "category": "security", "consent_burden": "minimal", "note": "Privacy-friendly CAPTCHA alternative using proof-of-work; GDPR-compliant by design", "docs_url": "https://friendlycaptcha.com/legal/privacy/" },
82
+ "gcaptcha4.geetest.com": { "company": "GeeTest", "service": "GeeTest CAPTCHA v4", "category": "security", "consent_burden": "contested", "docs_url": "https://www.geetest.com/en/privacy" },
83
+ "hcaptcha.com": { "company": "hCaptcha", "service": "hCaptcha", "category": "security", "consent_burden": "minimal", "docs_url": "https://www.hcaptcha.com/privacy" },
84
+ "js.shield.com": { "company": "Shield", "service": "Shield Fraud Prevention", "category": "security", "consent_burden": "contested", "docs_url": "https://shield.com/privacy-policy" },
85
+ "mtcaptcha.com": { "company": "MTCaptcha", "service": "MTCaptcha", "category": "security", "consent_burden": "minimal", "note": "GDPR-compliant CAPTCHA with EU-only data processing", "docs_url": "https://www.mtcaptcha.com/privacy-policy" },
86
+ "newassets.hcaptcha.com": { "company": "hCaptcha", "service": "hCaptcha", "category": "security", "consent_burden": "minimal", "docs_url": "https://www.hcaptcha.com/privacy" },
87
+ "prosopo.io": { "company": "Prosopo", "service": "Prosopo CAPTCHA", "category": "security", "consent_burden": "minimal", "note": "Web3-based CAPTCHA alternative using proof-of-work; privacy-first design", "docs_url": "https://prosopo.io/privacy/" },
88
+ "r.stripe.com": { "company": "Stripe", "service": "Stripe Radar", "category": "security", "consent_burden": "contested", "docs_url": "https://stripe.com/privacy" },
89
+ "recaptcha.net": { "company": "Google", "service": "reCAPTCHA (CN)", "category": "security", "consent_burden": "contested", "note": "Google reCAPTCHA alternative domain used in regions where google.com is restricted", "docs_url": "https://www.google.com/recaptcha/about/" },
90
+ "service.mtcaptcha.com": { "company": "MTCaptcha", "service": "MTCaptcha Service", "category": "security", "consent_burden": "minimal", "docs_url": "https://www.mtcaptcha.com/privacy-policy" },
91
+ "ssl.google-analytics.com": { "company": "Google", "service": "Google Analytics SSL", "category": "security", "consent_burden": "contested", "note": "SSL endpoint for Google Analytics; may be used for consent verification", "docs_url": "https://policies.google.com/privacy" },
92
+ "t.humansecurity.com": { "company": "HUMAN Security", "service": "HUMAN Security Tracking", "category": "security", "consent_burden": "contested", "docs_url": "https://www.humansecurity.com/privacy" },
93
+ "vercel.live": { "company": "Vercel", "service": "Vercel Web Analytics (Security)", "category": "security", "consent_burden": "minimal", "note": "Vercel edge middleware for bot protection and rate limiting", "docs_url": "https://vercel.com/legal/privacy-policy" },
94
+ "waf.sucuri.net": { "company": "GoDaddy (Sucuri)", "service": "Sucuri WAF", "category": "security", "consent_burden": "contested", "docs_url": "https://sucuri.net/privacy/" },
95
+ "www.google.com/recaptcha": { "company": "Google", "service": "reCAPTCHA", "category": "security", "consent_burden": "contested", "note": "reCAPTCHA leaks visitor IP and behavior data to Google. Privacy alternatives: hCaptcha, Friendly Captcha, Cloudflare Turnstile", "docs_url": "https://developers.google.com/recaptcha/docs/faq" },
96
+ "www.google.com/recaptcha/enterprise": { "company": "Google", "service": "reCAPTCHA Enterprise", "category": "security", "consent_burden": "contested", "note": "Enterprise reCAPTCHA with risk scoring; sets tracking cookies alongside security function", "docs_url": "https://cloud.google.com/recaptcha-enterprise/docs/overview" },
97
+ "www.gstatic.com/recaptcha": { "company": "Google", "service": "reCAPTCHA", "category": "security", "consent_burden": "minimal", "docs_url": "https://developers.google.com/recaptcha/docs/faq" }
98
98
  }
99
99
  }