Guides
Triage findings
A scan can surface dozens of findings. Triage is how you turn that list into a short, ordered set of actions — and keep the noise down on every rescan after.
Prioritize by severity and page type
Two dimensions decide what to fix first: severity and the page type the finding sits on. A high-severity tracker on an intake_form or appointment page is your top priority — it is exactly the pattern behind the 2022–2023 OCR and FTC actions. A low-severity header gap on a marketing page can wait.
A practical order: critical findings anywhere → high findings on patient-facing pages → remaining high findings → medium → low → info.
The status workflow
| Status | Meaning |
|---|---|
| open | Default for a new finding. It counts against your score until you act. |
| acknowledged | You've seen it and plan to address it, or accept the risk for now. Keeps it visible without treating it as ignored. |
| resolved | You believe it's fixed. The next scan confirms — if the indicator is gone it stays resolved; if it reappears you get a new alert. |
| false_positive | The finding doesn't apply (e.g. a 'tracker' that's actually first-party). Suppresses it and tunes future scans. |
Move findings through the workflow in the console, or via POST /v1/sites/{id}/findings/{finding_id}/ack. On teams, assign findings to an owner and leave comments so the trail is auditable.
False positives are trust-critical