Sell compliant websites with runtime-backed evidence.
SecureSpells helps agencies prove what actually runs after launch, hand off PDF evidence to clients, and keep accounts on monitoring when privacy risk changes over time.
By running this scan, you confirm you are authorized to audit this domain and agree to our Terms of Service and Privacy Policy.
Use the free scan to surface live GDPR and ePrivacy issues on an existing client site, then move the account into recurring monitoring or a deeper audit path.
Cookies Before Consent
Description
Cookies are set before user consent is obtained, violating GDPR data minimization principles.
Relevant GDPR Articles
Why agencies need runtime compliance proof
The agency opportunity is not just finding violations. It is proving what shipped, keeping clients on monitoring, and turning silent risk drift into proactive service work.
CMP Installation Is Not Proof
Agencies can install a CMP correctly and still miss what actually fires at runtime. Compliance is judged on browser behavior, not setup intent.
Clients Need Defendable Handoff Evidence
A polished launch is not enough. Agencies need a report they can hand to clients to show the current state of cookies, trackers, and consent behavior.
Risk Creeps Back After Launch
New scripts, tag-manager edits, and plugin updates quietly reintroduce compliance problems. Agencies need monitoring to catch drift before the client does.
Alerts Create Revenue Opportunities
Runtime alerts give agencies a reason to step back in with fixes, reviews, and monitoring-led retainers instead of waiting for compliance issues to escalate.
Agency urgency is real, not hypothetical
Public runtime aggregates from recent audits show how often consent and tracking failures still appear on real websites. This is why agency compliance delivery and monitoring remain a recurring revenue opportunity.
Audits analyzed
—
Last 30 days
Avg findings per site
—
Signals scope and remediation load
Cookies before consent
—
Risk appears on audited live sites
Marketing tags before consent
—
Common source of compliance exposure
Build runtime compliance into how your agency sells
The strongest use case is not generic scanning. It is helping agencies prove what shipped, keep clients on monitoring, and step back in when runtime risk changes.
Client Portfolio Monitoring
Manage multiple client sites under one account and keep compliance monitoring attached to the website long after launch.
- Multiple domains under one workflow
- Monitoring-led retainers
- Portfolio visibility
Alerts That Trigger Follow-On Work
When risk scores change, agencies get a reason to reach back out, fix issues, and protect client trust before problems become visible externally.
- Risk-change awareness
- Account protection
- Proactive remediation workflow
Choose the path that fits how you sell
SecureSpells supports multiple commercial motions, but they are not equal. Agencies are the primary path, Partner API is the resale path, and self-serve exists as a secondary fallback for direct buyers.
Agency Plan
Best for agencies delivering client websites, handing off runtime evidence and white-label PDF proof, and keeping accounts on monitoring after launch.
- Sell compliant, audited website delivery
- Use reports as current-state handoff evidence
- Turn monitoring alerts into follow-on work
Partner API
Best for platforms, legal marketplaces, and compliance products that want to embed and resell audits inside their own workflow.
- Resell audits to an existing customer base
- Use SecureSpells as embedded runtime audit infrastructure
- Validate workflow with docs and partner onboarding
Self-Serve
Best for direct buyers who need a one-off audit report or ongoing monitoring for their own website without an agency workflow.
- Buy a one-off report for a single deep review
- Choose Pro for direct recurring monitoring
- Use free scan to validate fit before purchase
Start with the commercial path that fits
Agency is the default path. Self-serve exists for direct buyers.
Choose Agency when you manage client sites, use Partner API when audits belong inside another product, and use One-Off or Pro when you are buying for your own website.
Use SecureSpells to hand off runtime evidence, keep clients on monitoring, and turn risk changes into proactive account work.
Choose Pro or a One-Off report when you need compliance visibility for your own site, not an agency delivery workflow.
Partner API is the better fit if audits belong inside your own product or compliance platform.
Explore Partner APIAll plans include SSL-encrypted scanning and GDPR-compliant data processing.
Risk Score System
SecureSpells assigns a Risk Score (1–5) to each compliance check, helping you prioritize fixes based on severity and regulatory focus.
How serious the legal or privacy impact is
How likely the issue is to occur on real-world websites
How actively regulators (CNIL, ICO, etc.) pursue and fine over the issue
Degree to which end-user rights or privacy is affected
Turn runtime compliance
into a sellable agency advantage
Use SecureSpells to prove what shipped, hand clients defendable evidence, and keep monitoring attached after launch so your agency finds regressions before trust erodes.