Why do we need another website scanner? 🤨

Why do we need another website scanner? 🤨

I got asked this at sTARTUp Day event in Tartu, Estonia, and honestly, it’s a fair question.

There are already a lot of tools that scan websites for Privacy and GDPR.

But while building SecureSpells, I kept running into the same issue:

Most scanners show what exists — cookies, scripts, trackers.

They don’t show what actually happens.

For example: A site might look compliant on paper, or even offer its own "compliance scanner", but still track users before consent, send data outside the EU, or miss basic privacy requirements. (Yes, surprisingly I did find some such sites when doing my market research).

Not because anyone intended to break compliance, but because modern websites are complex..

Laws are evolving, and building a compliant site is surprisingly hard. (I’ve experienced this firsthand)

Scripts load in unexpected ways, plugins change behavior and things break silently.

That made me realize the real problem isn’t visibility.

It’s understanding behavior.

So instead of just listing cookies, I focused on observing runtime behavior and translating that into something actionable like a risk score, clear fixes, and developer-ready guidance.

If you’ve worked on privacy, compliance, or analytics:

Do you trust existing scanners — or have you seen gaps too?