B-82%
Quality Score
7
Pages
119
Issues
8.0
Avg Confidence
7.9
Avg Priority
47 Critical54 High18 Medium
>_ Testers.AI
AI Analysis
Dilkarishta was tested and 119 issues were detected across the site. The most critical finding was: Unconsented Google Analytics tracking data transmitted to Google services. Issues span Security, Performance, A11y, Other categories. Persona feedback rated Visual highest (8/10) and Accessibility lowest (6/10).
Qualitative Quality
Dilkarishta
Category Avg
Best in Category
Pages Tested · 7 screenshots
Homepage
www.dilkarishta.com
www.dilkarishta.com
www.dilkarishta.com
www.dilkarishta.com
www.dilkarishta.com
www.dilkarishta.com
Detected Issues · 119 total
1
Unconsented Google Analytics tracking data transmitted to Google services
CRIT P9
Prompt to Fix
Actionable prompt: 'Wrap Google Analytics (gtag/collect) loading in a consent check. If user has not given analytics consent, do not load https://www.google-analytics.com/g/collect or related GTM scripts. Add a CMP banner and store consent state in a cookie/.ts. Update GA config to enable anonymize_ip and disable collection of any PII (no names, emails, phone numbers). Ensure data minimization by removing non-essential query params from GA calls. Provide a minimal code snippet to dynamically insert GA scripts only after consent.'
Why it's a bug
The network traffic includes Google Analytics collection calls (g/collect) and related GTM/GA endpoints, transmitting pageview data and identifiers to a third-party analytics provider without clear evidence of user consent. This enables cross-site profiling and data sharing with a third party beyond the user's obvious control, undermining privacy expectations.
Why it might not be a bug
If a robust consent management platform (CMP) is implemented and visibly honored on the page (including opt-in for analytics), loading GA/GTMs after consent may be acceptable. The logs do not confirm the presence or usage of a CMP or explicit user consent at the time of these requests.
Suggested Fix
Implement a Consent Management Platform and require explicit user consent before loading any 3rd-party analytics scripts (Google Analytics, GTM). Load GA/GTMs only after consent. Enable IP anonymization (anonymize_ip), ensure no PII is collected, and avoid sending identifiers beyond what is strictly necessary for analytics. Consider offering a clear privacy notice and an option to opt out of tracking.
Why Fix
Fixing this reduces risk of regulatory penalties, improves user trust, and aligns with privacy best practices by minimizing data collection and ensuring user consent for tracking.
Route To
Privacy Engineer
Page
Tester
Pete · Privacy Networking Analyzer
Technical Evidence
Console:
⚠️ POTENTIAL ISSUE: Tracking request detectedNetwork:
POST https://www.google-analytics.com/g/collect?v=2&tid=G-JS9BM7E0HB>m=45je63p0h2v9227058385za200zd9227058385&_p=1774519104188&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=2138807627.1774519104&ul=en-us&sr=800x600&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~115938466~115938469~116024733~117484252~117884344&sid=1774519104&sct=1&seg=0&dl=https%3A%2F%2Fwww.dilkarishta.com%2F&dt=Dil%20Ka%20Rishta%3A%20Pakistan%27s%20Largest%20Matrimonial%20App&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=11102
Unconsented third-party tracking via Facebook Pixel and Google Analytics
CRIT P9
Prompt to Fix
In the site code, wrap loading of Facebook Pixel (fbevents.js, tr/? calls) and Google Analytics g/collect behind a consent check. Integrate a CMP banner and store user consent. Only load analytics scripts after consent is granted. Enable data minimization (e.g., IP anonymization in GA), disable sending unnecessary user data, and provide a clear opt-out option. Update privacy policy to reflect third-party sharing and cross-site tracking practices.
Why it's a bug
The network activity includes loading of Facebook Pixel (tr/events) and Google Analytics g/collect calls, which transmit user interaction data to third-party services. There is no clear evidence of a consent prompt or opt-in prior to loading these trackers in the captured activity. This enables cross-site tracking and behavioral profiling without explicit user consent, raising privacy and regulatory concerns.
Why it might not be a bug
If a privacy CMP or consent banner is present elsewhere in the user flow and suppresses analytics until consent is granted, this tracking could be allowed. The log alone does not confirm consent status, so the observed tracking behavior may still represent a privacy risk.
Suggested Fix
Implement a robust consent management workflow: load third-party analytics and tracking scripts only after explicit user consent; provide an accessible cookie/privacy banner with clear description of data collected; consider first-party analytics or server-side tracking to minimize data exposure; enable IP anonymization in GA and minimize data sent to third parties; allow users to customize tracking preferences.
Why Fix
Reducing or delaying third-party data sharing and profiling improves user privacy, aligns with regulatory expectations, and can improve user trust and engagement by giving users control over their data.
Route To
Privacy Engineer / Frontend Engineer
Page
Tester
Pete · Privacy Networking Analyzer
Technical Evidence
Console:
⚠️ POTENTIAL ISSUE: Tracking request detectedNetwork:
GET https://www.facebook.com/tr/?id=1133554490877320&ev=PageView&dl=https%3A%2F%2Fwww.dilkarishta.com%2Ffaqs&rl=&if=false&ts=1774519112579&sw=800&sh=600&v=2.9.281&r=stable&ec=0&o=12318&fbp=fb.1.1774519105316.130335223385542988&ler=empty&cdl=API_unavailable&pmd[title]=Dil%20Ka%20Rishta%3A%20Pakistan%27s%20Largest%20Matrimonial%20App...&rqm=GET GET https://connect.facebook.net/en_US/fbevents.js GET https://www.google-analytics.com/g/collect?v=2&tid=G-JS9BM7E0HB>m=45je63p0h2v9227058385za200zd9227058385&_p=1774519112488&dl=https%3A%2F%2Fwww.dilkarishta.com%2Ffaqs&dt=Dil%20Ka%20Rishta%3A%20Pakistan%27s%20Largest%20Matrimonial%20App&en=page_view&_ee=1&tfd=5284 POST https://www.google-analytics.com/g/collect?v=2&tid=G-JS9BM7E0HB>m=45je63p0h2v9227058385za200zd9227058385&_p=1774519112488&dl=https%3A%2F%2Fwww.dilkarishta.com%2Ffaqs&en=page_view&_ee=1&tfd=52843
Production-quality: AI/LLM endpoint detection logs on page load
CRIT P9
Prompt to Fix
Remove production-time console warnings about AI/LLM endpoints. Ensure any AI calls are gated behind user action or explicit consent, and implement a build-time flag to strip such logs in production. Do not expose internal endpoint names in client code or logs.
Why it's a bug
Console shows '⚠️ AI/LLM ENDPOINT DETECTED' messages, implying AI tooling endpoints are being referenced or logged during initial paint. This can leak internal infrastructure, cause performance/privacy concerns, and indicate non-deterministic or unnecessary AI calls in production code.
Why it might not be a bug
If this is a test harness/debug flag accidentally shipped to production, it’s not intended behavior and should be removed; otherwise it signals a real issue with AI-related flows starting too early.
Suggested Fix
Remove debug AI-endpoint logs from production builds. Defer any AI/LLM calls behind explicit user interaction or consent, and ensure no internal endpoint names are exposed in client code or console logs. Add a feature flag to enable AI calls only in development.
Why Fix
Reduces risk of endpoint exposure, improves performance, privacy compliance, and overall product quality by avoiding unintended AI work on page load.
Route To
Frontend Security Engineer
Page
Tester
Jason · GenAI Code Analyzer
Technical Evidence
Console:
⚠️ AI/LLM ENDPOINT DETECTED