webXray

Be the First to Know.

Top US class action law firms and Fortune 100 in-house compliance teams use webXray to find actionable privacy violations first.

Request a Demo

Our Mission

The privacy industry sells a fantasy: all it takes to meet data protection law is a cookie banner, a few checkboxes, and a reassuring statement that "we value your privacy." In courtrooms across the US and Europe, that fantasy is collapsing, and the costs of noncompliance are adding up.

Measured with Real Browsers. Validated in Real Courtrooms

Sites with a cookie banner set ad cookies before consent

73%

US hospitals that set advertising cookies at page load

46%

Websites about religion and spiritual beliefs that leak data to Meta

1 in 3

Sites directed at children that expose IP addresses to Google

93%

Case Study: California CCPA Privacy Audit

Google-approved CMPs don't block Google's own cookies

We proved that CMPs pass the buck on CCPA compliance to website operators. We scanned the web from California with Global Privacy Control enabled, and we found an industry in crisis. We've made our dataset searchable, check your site for free.

View Case Study

One platform engineered to elevate your entire team. Navigate every legal challenge with purpose-built tools.

Litigation: Make Your Case BulletproofLitigation: Make Your Case Bulletproof

Litigation: Make Your Case Bulletproof

We pioneered pixel tracking research and supported a decade of privacy lawsuits. Stop racing headlines - find violations first. Search 1.2M sites for specific trackers. Forensic website preservation. Consent bypass analysis. Expert assistance & testimony.

Learn More
Enterprise: Be the First to KnowEnterprise: Be the First to Know

Enterprise: Be the First to Know

Your CMPs don't work, vibe-coded violations ship faster than you can audit, and new laws drop every quarter. We make compliance manageable. Full site scans via sitemap or URL list. Distributed scanning from real locations. Built-in privacy search engine. Forensic data export & integration.

Learn More
Defense: Don't Get Left BehindDefense: Don't Get Left Behind

Defense: Don't Get Left Behind

Plaintiff firms are using our technology. You should know what they know. Impartial facts, without fear or favor. Scan client properties instantly. Privacy tool validation. Fact-check complaints in minutes. Evidence export for counsel.

Learn More

The World's Largest Cookie Audit

The founder of webXray spent two years as cookie compliance lead at Google, conducting the world's largest-ever enterprise cookie audit. According to Google's Data Protection Officer:

Dr. Libert...drafted Google's internal cookie guidelines in 2021 and early 2022, which applies to all cookies or cookies-like objects, and outlines processes on managing cookies, storing cookies, logging data associated with cookies, server protocols, policies on data collection, and data linkage. In developing the cookie and web storage policy, Dr. Libert also led an audit of each Google-owned cookie to determine whether any did not comply with the policy.

Kristie Chon Flynn

Google Data Protection Officer

Evidence Produced Since 2012

2.4M+

Pages Scanned

900+

Peer-Reviewed Citations

20+

Major Press Outlets

Dr. Timothy Libert, Founder & CEO

Tim built webXray in 2012 as an academic research tool, then spent the next decade proving what it could do. He conducted the first million-site study of third-party tracking on the web, published the first peer-reviewed research on pixel tracking on medical websites - work that opened the door to hundreds of millions of dollars in settlements - and was the first to systematically compare what privacy policies say to what the code on a website actually does. That research was cited in Supreme Court briefs, featured on Good Morning America and All Things Considered, and covered by the New York Times, the BBC, the Financial Times, Wired, and dozens of other outlets. Over 900 peer-reviewed studies now cite his work.

His academic path ran through a PhD at the University of Pennsylvania, a postdoctoral fellowship at the University of Oxford, fellowships at the Alexander von Humboldt Institute and Central European University, and a faculty appointment at Carnegie Mellon's School of Computer Science, where he taught in the Privacy Engineering program and conducted research at CyLab. He then joined Google as a Staff Privacy Engineer, where he wrote the company's internal cookie and web storage policy, built compliance architectures at Google scale, and led an audit of every Google-owned cookie - the largest enterprise cookie audit ever conducted.

In 2023 he left Google to found webXray LLC, commercializing a decade of academic research and two years of Big Tech operations into a platform built for litigation, compliance, and enforcement. There is no one else in the industry who has published the foundational research, built the technology, written the compliance policy at the world's largest internet company, and then turned around to offer that expertise commercially. When courts, regulators, and Fortune 500 privacy teams need the final word on what a website is actually doing, they call Tim.

Our data has been scrutinized by

  • Ars Technica
  • Axios
  • BBC
  • Business Insider
  • Fast Company
  • Financial Times
  • Gizmodo
  • Mashable
  • NBC
  • New Scientist
  • NPR
  • The New York Times
  • The Guardian
  • The Next Web
  • The Register
  • The Verge
  • Vice
  • Vox
  • Wired

Don't Be the Last to Know

Talk to an ExpertRequest a Demo