The playground

Try any of 1042 endpoints — live.

Pick an endpoint, load a working example, tweak the params, and send — no signup to try. Results render the way the data deserves; raw JSON, headers & code are one tab away.

Playground demo key · api.reefapi.com

post/privacy-scan/v1/score3 credits

Composite privacy score (0-100, higher=more private) + grade + GDPR risk verdict (minimal/low/medium/high/critical) + ranked recommendations + transparent penalties.

Working example

Parameters

urlrequired

The page to scan. Full URL (https://example.com/page) or a bare domain (example.com → https:// assumed). Only http/https; private/internal/metadata targets are SSRF-blocked. Alias: domain/site/website.

follow_redirectsoptional

Follow redirects (http→https, apex→www) before scanning the final page (default true). Each hop is independently SSRF-validated.

renderoptional

How to capture the tracker graph. DEFAULT 'always': a full headless browser renders the page and captures live third-party requests — ad-tech, tag-manager-injected trackers, Consent Mode signals — plus the complete cookie jar. This is the most thorough scan (a missed tracker injected by JavaScript would be a false 'clean'). Set render=false (alias: never) for a fast, lightweight static-only scan suited to bulk runs. 'auto' starts static and escalates to a full render only when the page appears JavaScript-heavy.

request preview

curl -X POST https://api.reefapi.com/privacy-scan/v1/score \
  -H "x-api-key: $REEF_KEY" \
  -H "content-type: application/json" \
  -d '{"url":"https://www.nytimes.com"}'

Hit Send to run this endpoint live.