Paste a link you do not trust and Guard opens it in a browser built to be thrown away, while every move the page makes goes on the record. This page follows one capture, from the first click to the report it leaves behind.
The home page shows you how to open a link safely. This is what happens underneath while you do: five moments from one ninety-second investigation, in the order Guard wrote them down.
An invoice you never ordered. A login page in almost the right blue. You paste it at guard.ch and click Analyze, and a fresh container boots in our cloud with an instrumented Chrome inside. Nothing has touched your machine, and nothing will.
While the first request is still in flight, Guard pulls the paperwork: WHOIS and RDAP, registrar and nameservers, the TLS certificate presented at the door. A domain registered nine days ago has told you plenty before a single pixel renders.
You drive the page like any visitor, from your own tab, over video. Underneath, every request and response, every cookie, every storage write and WebSocket frame is stamped onto one timeline, in order, as it happens.
Somewhere in its scripts, the page reads back a hidden canvas and probes the GPU. That is fingerprinting. Guard flags the exact moment, names the technique, and keeps the API calls as evidence. The fingerprint it harvested belongs to a browser that is about to die.
The container is destroyed with everything the page left on it: cookies, storage, that fingerprint of nobody. What survives is the capture, the whole visit in one file, at a link you can hand to anyone who needs to see what you saw.
When the browser is gone, the report stays: six panels, every one driven from the same timeline you just watched. Nothing is reconstructed after the fact.
The visit on video, with a scrubber. Every signal is a marker you can jump straight to.
Every request, headers in full. Bodies you can read are kept whole.
Every cookie and every write to local, session and IndexedDB storage, with the values that landed.
Registrar, dates, nameservers and contacts, alongside the bounded raw record.
Everything the page said to itself, in the order it said it.
Nine techniques, each finding backed by the exact API calls underneath.
Guard keeps what you can read, and only the shape of what you cannot. That is a deliberate line, not a limitation.
That moment at 0:15 is common enough that fingerprinting gets its own panel in every report, built on a model of nine techniques. Guard names the ones the page reached for and keeps the raw calls under each finding, so you can check its work.
Drawing to a hidden canvas and reading the pixels back for a per-device hash.
WebGL vendor, renderer and precision probes that pin down your graphics stack.
Running the audio engine to measure tiny, device-specific differences.
Cores, memory, touch points and platform, read straight off the browser.
Resolution, colour depth and pixel ratio of the display behind you.
Language, region and clock offset, usually the first thing to leak.
Enumerating the cameras, microphones and speakers on the machine.
Charge level and status, a quiet but surprisingly stable identifier.
Looking for the tells of a bot or a headless browser, including ours.
Reading a hundred requests is work, so Guard reads them for you, on demand. Ask a question and an agent runs across the capture in your own tab: the metadata, the raw event stream, the timeline, even frames of the recording. It answers as a self-contained card, with tables and timestamps you can click to seek.
Sensitive cookie and storage values are masked before any of it reaches the model, and the cards are saved with the capture, ready to regenerate or remove.
Generate one on a real captureNo score. No traffic light. Guard shows you what actually happened and trusts you to read it.
Scanners hand out a verdict, and they are wrong often enough to matter. Guard gives you the receipts instead: the requests, the writes, the lookups, the fingerprint attempts. When you are unsure, re-run it, share it, or ask the analyst. The call stays yours, made on facts rather than on a colour someone else picked.
A fresh container boots the moment you click and is destroyed the moment you leave. It never reuses a cookie, a storage entry or a fingerprint between visits.
Your inputs go out over WebRTC and pixels come back. DNS and traffic leave our ASN, so the site never learns your IP, your fonts or your device.
Captures are stored in Helsinki, and the edge nodes that run the live browser never write to disk. Free captures last a day, paid captures a month, then they are gone.
A free capture runs 60 seconds on a 3,000-event budget, a paid one runs five minutes on ten thousand. Limits you can see, not surprises you find later.
Add a card to start, we will not charge it until the trial ends, and cancelling is just a few clicks away.