Why is the trust badge a live embed and not just an image?
A static badge image can be Photoshopped, copied to a site that never earned it, or left up long after the score behind it changed. AI Trust Scanner's badge is a script that fetches the current score every time the page renders, verifies the embedding domain against a signed token, and blanks itself if the score expires or drops below the display threshold — so what visitors see is always current, not archived.
A score nobody can verify is a JPEG. That's the problem with most trust badges: they're static images, which means anything a browser can display, anyone can save and re-upload — on a different site, with a different score, months after the original scan expired. There's no way for a shopper looking at a badge image to know if it's current, or if it even belongs to the site it's on.
AI Trust Scanner's badge fixes this by being a small script — badge.js — instead of an image file. Each embed is bound to a specific domain, plan, and issue date through a signed token, and the script checks that token against window.location.hostname before it renders anything, so a badge copied onto a different domain simply won't display. Every time the badge renders, it also checks the score's age: past 90 days without a re-scan, it switches to "Score expired — re-scan pending" instead of showing a stale number as if it were current.
There's a display floor too — a minimum score of 70 to render at all. Below that, the embed shows nothing, not a public low score, because the badge is meant to be a positive signal a store chooses to display, not a shaming mechanic forced onto a page. And because it's revocable, a store later found to be gaming its signals, or one whose subscription lapses, sees its badge blank out within minutes rather than continuing to display a score that's no longer backed by anything. See the full mechanics, tier treatments, and installation snippet on the badge page.
Related questions
Related pages