Back to Insights
COMPANY

The confidence system: how Vakteye separates facts from guesses

Vakteye TeamMar 17, 20266 min read

Not all findings are equal

A tracking cookie found by matching a name against a database is different from a tracking cookie that appeared after the visitor clicked Reject. Most scanners treat both the same. Tracking cookie detected. Move on.

We don't. The method of proof matters as much as the finding itself.

Think of it like a courtroom. Security camera footage carries more weight than hearsay. An eyewitness is stronger than someone who heard about it secondhand. Compliance evidence works the same way. A behavioral recording of a violation is stronger than a pattern match. Both might point to the same problem, but the certainty is different. Vakteye makes that distinction explicit.

CERTAIN: We saw it happen

CERTAIN is the highest confidence level. It means we have behavioral proof: we observed the violation, recorded it, and can replay it.

  • A tracking cookie persisted after the visitor clicked Reject. Consent violation, caught on camera.
  • A security vulnerability produced a measurable, repeatable response from the server. The server confirmed the flaw.
  • Fingerprinting scripts were caught actively probing the visitor's browser settings.
  • Data was sent to a tracking service after the visitor opted out. The evidence followed the data to its destination.
  • A cookie was deleted and came back on its own. It respawned.

CERTAIN means we have a recording of the violation happening. Not a guess. Not a pattern. A recording.

FIRM: Multiple signals agree

FIRM means two or more independent signals point to the same conclusion. No single signal is proof on its own. Together, they build a compelling case.

  • A cookie matches a known tracker database AND the domain it belongs to points to advertising infrastructure
  • The consent banner was detected AND the reject action was confirmed AND tracking survived the rejection
  • The server is located outside the EU AND the hosting provider is confirmed as US-based AND no adequacy mechanism was found

Like three witnesses independently telling the same story. None of them coordinated. None of them had reason to agree. But they all point the same direction.

TENTATIVE: One clue, needs context

TENTATIVE means a single pattern matched. It could be a real violation. It could also be benign. There is not enough evidence to say for sure.

  • A cookie name matches a known tracker database, but common names sometimes overlap with legitimate cookies
  • A domain matches a known advertising network, but the request might be serving non-tracking content
  • A security header is missing, but it might be handled at a different layer

One witness. Credible, but not conclusive. TENTATIVE findings are always reviewed by a human expert before they appear in a certified report.

UNVERIFIED: We couldn't reproduce it

UNVERIFIED means the verification step could not reproduce the evidence. This is not the same as a false positive. It means the proof was not strong enough to stand on its own.

Maybe the behavior was intermittent. Maybe it depends on geography or time of day. Maybe the website changed between the scan and the verification attempt.

UNVERIFIED findings never appear in certified reports without explicit human approval. Might be true. Cannot prove it yet.

Why this matters for your business

Each confidence level demands a different response.

  • CERTAIN: Act immediately. The evidence is conclusive. A regulator reviewing the same data would reach the same conclusion.
  • FIRM: Strong evidence. Plan remediation. These rarely turn out to be false positives.
  • TENTATIVE: Investigate. Check with your development team. There may be context that explains the finding.
  • UNVERIFIED: Don't panic. Review during your next audit cycle. May need manual investigation.

Most compliance tools give you High/Medium/Low severity. That tells you how bad the problem is, but not how confident they are it's real. Vakteye separates the two: severity tells you how bad, confidence tells you how sure.

Severity and confidence are two different things. A CERTAIN finding with low severity means something minor is definitely happening. A TENTATIVE finding with high severity means something serious might be happening but needs verification. Both pieces of information matter. Conflating them leads to wasted effort or missed risks.

How the system gets smarter

Confidence levels are not static labels. They improve over time.

When a human reviewer marks a finding as a false positive, that correction is stored. The next time the scanner encounters the same pattern, it remembers. After multiple independent confirmations, the system automatically adjusts.

Accuracy is tracked weekly for every finding type. Patterns that generate too many false positives get flagged for review. Patterns with a strong track record earn higher default confidence. Every scan makes the next one more accurate.

Confidence you can verify

Every Vakteye finding comes with its confidence level and the evidence behind it. See it for yourself.

Run a Free Scan
Previous

Vakteye vs cookie scanners: what we do that they can't

Next

Why every Vakteye finding is reviewed by a human

Related Articles

COMPANY5 min read

How Vakteye's Compliance Scanner Works

Automated scanning, consent testing, contradiction detection, and human review. Here's how Vakteye actually audits your website.

COMPANY5 min read

Evidence-based compliance: why screenshots and HAR files beat checklists

Regulators want proof, not promises. Vakteye's forensic evidence system produces browser session recordings, HAR files, and cookie diffs that hold up under regulatory scrutiny.

COMPANY5 min read

Continuous compliance monitoring: why one-time scans aren't enough

Websites change constantly. A clean scan today means nothing in three months. Continuous monitoring catches compliance drift before regulators do.