Guard.ch opens links you do not trust in a browser built to be thrown away, and writes down every move the page makes while you watch from a safe distance. This is what goes on the record, and the report it leaves you.
See what it recordsYou drive the page like any visitor, from your own tab, over video. Underneath, the record builds itself. Five moments from one capture, in the order Guard.ch wrote them down.
A payment reminder from a sender you almost recognise. A shared file from a colleague who never shares files. An invoice you never ordered. You do not want to click it on your machine, but you cannot just ignore it either.
Paste the link at guard.ch and click Analyze. A fresh container boots in our cloud with an instrumented Chrome inside, and the recording starts. Nothing has touched your machine, and nothing will.
While the first request is still in flight, Guard.ch pulls the paperwork: WHOIS and RDAP, registrar and nameservers, the TLS certificate presented at the door. A domain registered nine days ago has told you plenty before a single pixel renders.
Every request and the response it got, every cookie, every storage write and WebSocket frame, stamped onto one timeline in the order it happened. Nothing is reconstructed later: this is the same stream your report is built from.
Somewhere in its scripts, the page reads back a hidden canvas and probes the GPU. That is fingerprinting. Guard.ch flags the exact moment, names the technique, and keeps the API calls as evidence. The fingerprint it harvested belongs to a browser that is about to die.
The container is destroyed with everything the page left on it: cookies, storage, that fingerprint of nobody. What survives is the capture, the whole visit in one file, at a link you can hand to anyone who needs to see what you saw.
When the browser is gone, the report stays: a panel for every kind of signal it recorded, all driven from the same timeline you just watched, none of it reconstructed after the fact. Eight of those panels opened up here, and the grid itself goes further.
The visit on video, with a scrubber. Every signal is a marker you can jump straight to.
Every request, headers in full. Bodies you can read are kept whole.
Every cookie and every write to local, session and IndexedDB storage, with the values that landed.
Everything the page said to itself, in the order it said it.
Registrar, dates, nameservers and contacts, alongside the bounded raw record.
Where the domain resolved: the ASN, the host behind the address, and the geography of the edge that answered.
The stack the page ships: framework, CMS, analytics, CDN, each matched from evidence in the capture.
Nine techniques, each finding backed by the exact API calls underneath.
And the grid keeps going: the TLS certificate presented at the door, every hostname the page contacted, the permissions it asked for, WebRTC connections, blacklist and web-rank checks, the exceptions it never showed you. If the capture saw it, the report has a place for it.
Guard.ch names the framework, shop system, analytics and CDN behind the page, with the evidence for every match. A bank login on a free site builder is often the loudest signal of all.
No second probe: matches come from what the capture already holds.
Each match carries a confidence, a version where visible, and its evidence.
Every name explained in plain words, with how common it is across the web.
That moment at 0:24 is common enough that fingerprinting gets its own panel in every report, built on a model of nine techniques. Guard.ch names the ones the page reached for and keeps the raw calls under each finding, so you can check its work.
Drawing to a hidden canvas and reading the pixels back for a per-device hash.
WebGL vendor, renderer and precision probes that pin down your graphics stack.
Running the audio engine to measure tiny, device-specific differences.
Cores, memory, touch points and platform, read straight off the browser.
Resolution, colour depth and pixel ratio of the display behind you.
Language, region and clock offset, usually the first thing to leak.
Enumerating the cameras, microphones and speakers on the machine.
Charge level and status, a quiet but surprisingly stable identifier.
Looking for the tells of a bot or a headless browser, including ours.
Ask a question in plain language and an AI analyst reads the whole capture for you. The answer comes back as a saved card with tables and clickable timestamps. Sensitive values are masked before anything reaches the model.
Evidence, not a verdict.
Scanners hand out verdicts, and they are wrong often enough to matter. Guard.ch never scores a page: it gives you the receipts instead. The requests, the writes, the lookups, the fingerprint attempts. When you are unsure, re-run it, share it, or ask the analyst. The call stays yours, made on facts rather than on a colour someone else picked.
A fresh container boots the moment you click and is destroyed the moment you leave. It never reuses a cookie, a storage entry or a fingerprint between visits.
Your inputs go out over WebRTC and pixels come back. DNS and traffic leave our ASN, so the site never learns your IP, your fonts or your device.
Captures are stored in Helsinki, and the edge nodes that run the live browser never write to disk. Every capture carries a visible expiry date, and when it passes, the capture is gone for good.
Every capture runs on a clock and an event budget you can see before you start. When either runs out, the recording ends cleanly and the record stays intact. Limits up front, not surprises later.
Add a card to start, we will not charge it until the trial ends, and cancelling is just a few clicks away.
