This page, audited live in your browser.
Most sites tell you they respect your privacy. This one proves it about itself, right now: every number below is measured live in your browser — requests, origins and bytes from the Resource Timing API, cookies from document.cookie, motion preference from matchMedia. Nothing is hardcoded and nothing is uploaded. (The server's Content-Security-Policy is a response header the page can't read, so it's shown separately for reference — with a command to verify it.)
Don't trust the readout — check it: open DevTools → Network and reload. You'll see the same.
Content-Security-Policy response header. There's nothing to hide.Why this exists
CoreGuard's whole pitch is that it's honest and local-only — the app makes zero network connections, and the site carries zero third-party scripts, fonts, or trackers. Anyone can say that. So instead, this page audits itself and shows you the receipts: the real requests, the real origins, the real byte count. If a tracker ever crept in, this report would show it.
What the numbers mean
- Third-party requests — anything loaded from an origin other than
coreguard.app. We aim for zero. A CDN font, an analytics beacon, or an ad pixel would each show up here. - KB over the wire — bytes actually transferred on this load. A cached resource reports 0, so the number shrinks on repeat visits — that's honest, not a trick.
- JS-visible cookies — cookies this site set that JavaScript can read. No account, no analytics, so there's nothing to set. (
HttpOnlycookies, if any, aren't readable from JS — check DevTools → Application to be thorough.) - Web fonts — downloaded font files. We use your system's font stack, so this is zero and the page can't leak a request to a font CDN.
This is the same posture the app takes: observe and prove, don't ask for trust. Every hardware-danger warning in the app is free, too.