Scantide Observe
A Shared View of Website Behavior for End Users, Security Teams, and Privacy Review
Scantide Observe shows what a website is doing behind the scenes: which outside services it uses, where those services are located, how securely they are delivered, and whether hidden third-party systems may affect trust, privacy, or operational safety. This manual explains each panel for three different audiences so the same finding can be understood in the right context.
One Interface, Multiple Meanings
A tracker, remote server, or weak security setting may mean one thing to a private user, another to an operator, and something else to a privacy or compliance reviewer. This manual breaks those meanings apart clearly.
Useful at Different Levels
End users can use it to judge trust. Security teams can use it to spot drift and exposure. Privacy reviewers can use it to understand data flows, providers, and jurisdictional risk.
Focused on Observable Behavior
Scantide Observe focuses on what the browser can actually see: requests, scripts, headers, certificates, routing context, storage behavior, and supporting infrastructure.
Who This Manual Is For
The same panel can answer different questions depending on who is looking at it.
End User
You want to know whether a site looks trustworthy, whether it uses too many outside services, and whether anything looks unusual or invasive.
Security Operations
You want to know what changed, what external dependencies are active, where controls are weak, and what to investigate or fix next.
Privacy / Security Review
You want to know which services collect data, how data may move between providers, and whether jurisdictions or vendors create privacy or governance risk.
Fast Review Flow
Most page reviews start the same way, even if the final questions are different.
1
Start with the overall score
Use the score as a quick summary of whether the page looks routine or deserves closer review.
2
Check what the page talks to
Review Live Network, Trackers, Active Scripts, and Embedded Elements to see which outside systems are involved.
3
Check location and controls
Review Server Locations, Encryption, Server Headers, and Mail Servers to understand where services are hosted and how safely they are configured.
Scantide Pro
More Detection. More Ownership Context. More Review Depth.
- 850+ Tracker Definitions: Broader coverage for tracking, analytics, and collection systems.
- Corporate Ownership Mapping: More visibility into provider ownership and jurisdiction context.
- API Key Access: Support for synchronized workflows and future export/reporting features.
850+
Detection Signatures
Access Levels
Using Scantide Observe With vs Without API Access
Scantide Observe works immediately after installation, but connecting it to the Scantide backend with an API key unlocks deeper analysis, reporting, and broader intelligence.
Without API Key (Out of the box)
- What you get: Real-time browser-based analysis
- Cookie security and tracking detection
- Server header and security configuration checks
- Active scripts, network calls, and embedded elements
- Immediate risk scoring based on observed behavior
- Implication: You see what the browser can directly observe
With API Key (Scantide Connected)
- What you unlock: Backend-enriched intelligence
- π Jurisdiction and provider risk analysis (Cloud Act, GDPR context)
- π§ Mail infrastructure analysis (MX, SPF, DMARC, DKIM)
- β οΈ Detection of weak configurations (e.g.
DMARC p=none, shadow SPF) - π Ability to generate a structured report for the analyzed site
- π§ Deeper scoring based on infrastructure, ownership, and external intelligence
- Implication: You understand not just behavior, but ownership, location, and risk context
Additional Intelligence (API)
- π°οΈ Detection of external endpoints, beacons, and data flows
- π Visibility into connections to high-risk or adversarial regions
- π’ Latest CVE awareness feed (general security notice)
- Important: CVEs shown are not tied to the specific site, but represent the latest publicly disclosed vulnerabilities to keep you informed
- Implication: You gain situational awareness beyond the individual page
Simple way to think about it
Without API access, you are looking at the page itself.
With API access, you are understanding the ecosystem behind the page.
Overview
Overall Risk Score
This is the fastest summary of the page. It combines Scantide's observations about third-party services, infrastructure location, security configuration, and tracking-related activity into one overall view.
What this showsA quick summary of the page's current observed risk level.
End User
- Why it matters: It helps you decide whether a page looks ordinary or unusually dependent on outside systems.
- What to do: If the score is high, review Trackers, Live Network, and Server Locations before trusting the page with sensitive activity.
- Implication: A high score does not automatically mean the site is malicious, but it does mean the page deserves extra caution.
Security Operations
- Why it matters: It gives a fast triage signal for configuration drift, unexpected dependencies, or weak controls.
- What to do: Pivot immediately into the panels driving the score change and validate whether the behavior is expected.
- Implication: A worsening score often indicates either an intentional change that needs validation or an unplanned change that needs investigation.
Privacy / Security Review
- Why it matters: It highlights that the page may involve more providers, tracking systems, or higher-risk infrastructure than expected.
- What to do: Review Trackers, Server Locations, Mail Servers, and Cookies & Storage to understand the privacy impact.
- Implication: A high score may indicate broader data exposure, weaker governance, or jurisdictional complexity.
Scoring
How Scores Are Calculated PRO: 850+
Scantide evaluates observed behavior across third-party activity, infrastructure location, security configuration, and tracking-related findings.
What this showsThe reasons a page looks safer or riskier.
End User
- Why it matters: It helps you understand why a page received its score instead of leaving you with a number alone.
- What to do: Check whether the score is driven by trackers, external services, unusual locations, or weak security.
- Implication: The score becomes explainable, which makes trust decisions easier.
Security Operations
- Why it matters: It narrows down the exact category of risk so teams can triage quickly.
- What to do: Use the scoring breakdown to direct remediation to the correct owner: network, app, CDN, DNS, or privacy tooling.
- Implication: Clear scoring logic reduces wasted time and helps teams distinguish between noise and real drift.
Privacy / Security Review
- Why it matters: It shows whether privacy risk comes from tracking behavior, provider sprawl, or risky jurisdictions.
- What to do: Document which categories are driving the score and whether they align with declared policy or user expectations.
- Implication: This turns the page from a black box into an explainable privacy review surface.
Privacy
Trackers PRO: 850+
This panel highlights known tracking, analytics, advertising, fingerprinting, and related data-collection systems found on the page.
What this showsServices that may monitor behavior, collect information, or support advertising and analytics.
End User
- Why it matters: Trackers can mean the site shares more information about your visit than you expected.
- What to do: Be cautious about logging in, submitting personal information, or allowing persistent storage if many trackers appear.
- Implication: A page with many trackers may be more invasive, less private, and harder to trust with sensitive activity.
Security Operations
- Why it matters: Trackers often reveal unmanaged vendors, legacy tags, or externally injected services.
- What to do: Identify the source of each tracker and remove or approve it through templates, bundles, or tag managers.
- Implication: Unmanaged trackers increase attack surface, change-control problems, and third-party dependency risk.
Privacy / Security Review
- Why it matters: Trackers are often the clearest sign of external data collection and third-party processing.
- What to do: Check whether the tracker is disclosed, justified, consent-controlled, and routed through acceptable providers and jurisdictions.
- Implication: Unnecessary or undeclared trackers can create privacy, governance, and reputational risk.
Code
Active Scripts
Shows the JavaScript currently loading and running on the page, including scripts from outside providers.
What this showsThe scripts the page depends on and where they came from.
End User
- Why it matters: Outside scripts can change how a page behaves and what information it collects.
- What to do: If you see many unknown scripts on a page that handles money, messages, or personal data, use extra caution.
- Implication: More third-party code usually means more trust assumptions and less transparency.
Security Operations
- Why it matters: Active scripts are one of the clearest indicators of supply-chain risk and deployment drift.
- What to do: Verify the source, integrity, purpose, and ownership of each external script and remove stale entries.
- Implication: Uncontrolled runtime code increases compromise risk and complicates incident response.
Privacy / Security Review
- Why it matters: Scripts often act as the real enforcement point for tracking, session behavior, and third-party data sharing.
- What to do: Map each important script to its function, provider, and legal or policy basis.
- Implication: External code can quietly create privacy obligations that are not obvious from the page itself.
Storage
Cookies & Storage
Lists browser-side storage so you can see which values are essential and which may support tracking or persistent identification.
What this showsCookies and similar stored values grouped by origin, purpose, and persistence.
End User
- Why it matters: Storage can reveal whether a site keeps long-lived identifiers or tracking values in your browser.
- What to do: Watch for unusually persistent values or items that remain after consent changes or logout.
- Implication: Persistent identifiers can reduce privacy even when the page looks harmless.
Security Operations
- Why it matters: Storage behavior often exposes leftovers from removed systems, broken consent flows, or risky cookie settings.
- What to do: Validate which system sets the value, how long it persists, and whether flags like
SecureandSameSiteare correct. - Implication: Weak storage controls can create session risk, privacy drift, and inconsistent enforcement.
Privacy / Security Review
- Why it matters: Stored identifiers are often central to profiling, attribution, and advertising behavior.
- What to do: Confirm whether each non-essential item is consent-controlled, documented, and justified.
- Implication: Storage that outlives user choice or reasonable purpose creates privacy and governance problems.
Network
Live Network
Shows the page's network requests in real time, including requests to outside services and background systems.
What this showsThe connections the page makes while loading and running.
End User
- Why it matters: It shows whether the page is reaching out to many outside systems behind the scenes.
- What to do: Look for unfamiliar providers or activity that does not match what the page claims to be doing.
- Implication: Hidden network activity can mean more data sharing and less direct control over where your information goes.
Security Operations
- Why it matters: Live requests expose unexpected providers, stale integrations, fallback paths, and unauthorized dependencies.
- What to do: Trace unfamiliar requests back to the triggering code, service, or page component and verify ownership.
- Implication: Unexpected traffic is often the first hard sign of change drift or silent exposure.
Privacy / Security Review
- Why it matters: Network traffic is the clearest evidence of which third parties actually receive page activity.
- What to do: Document recipients, locations, and purposes for the most sensitive or least expected requests.
- Implication: Every extra destination may represent another processor, jurisdiction, or privacy dependency.
Page Content
Embedded Elements
Lists iframes, widgets, and other outside content placed into the page.
What this showsThird-party visual or functional components loaded from other services.
End User
- Why it matters: Embedded tools may pull in outside providers even when the main site looks trustworthy.
- What to do: Be careful with chat tools, payment widgets, video embeds, and forms that come from unknown providers.
- Implication: A single embedded element can introduce new privacy and trust assumptions.
Security Operations
- Why it matters: Embeds often bypass normal architecture review and create independent execution or data paths.
- What to do: Verify whether each embedded service is approved, necessary, and isolated correctly.
- Implication: Unmanaged embeds create supply-chain risk and make page behavior harder to govern.
Privacy / Security Review
- Why it matters: Embedded elements frequently introduce additional processors, cookies, and cross-context data sharing.
- What to do: Review who operates the embedded service, what data it receives, and whether users are adequately informed.
- Implication: A site can inherit privacy risk from third-party embeds even if its own code is limited.
Security
Encryption
Reviews how securely the page's services are delivered, including certificates and connection safety.
What this showsTransport security findings such as certificate issues or weak connection settings.
End User
- Why it matters: Weak transport security can make a site less safe to use for personal or financial activity.
- What to do: Avoid entering sensitive data if important services show weak or unusual encryption findings.
- Implication: Security weaknesses at this layer reduce confidence in the site's operational care.
Security Operations
- Why it matters: Encryption findings reveal weak transport posture, certificate drift, and inconsistent service hardening.
- What to do: Validate certificate chain, rotation, protocol policy, and termination behavior at origin and CDN layers.
- Implication: Weak transport posture increases interception risk and can signal broader operational gaps.
Privacy / Security Review
- Why it matters: Weak encryption undermines the protection of data in transit between users and processors.
- What to do: Check whether weak findings affect personal-data flows, login flows, or external providers.
- Implication: Privacy promises are less credible when transport protections are weak or inconsistent.
Security
Server Headers
Reviews important browser-facing security settings returned by the server.
What this showsSecurity-relevant response headers such as HSTS, CSP, and X-Frame-Options.
End User
- Why it matters: These settings help protect your browser session from common web abuse.
- What to do: Treat missing protections as a sign that the site may not be maintained as carefully as it should be.
- Implication: Even if the site looks polished, weak headers can mean weaker real protections.
Security Operations
- Why it matters: Header gaps are one of the fastest ways to spot broken hardening or configuration inconsistency.
- What to do: Compare origin, reverse proxy, and CDN policies to find where the control was lost.
- Implication: Missing headers often signal drift that may affect many routes or services at once.
Privacy / Security Review
- Why it matters: These settings support the overall security environment in which personal data is handled.
- What to do: Confirm that baseline browser protections are present wherever sensitive workflows occur.
- Implication: Weak browser protections increase exposure even when privacy policy language looks strong.
Location
Server Locations PRO: CORP-LOCK
Shows where important supporting infrastructure appears to be located and which provider is involved.
What this showsGeographic and provider context for the services supporting the page.
End User
- Why it matters: A site may appear local while relying on services in places you did not expect.
- What to do: Pay extra attention if a privacy-sensitive site depends heavily on remote or unfamiliar hosting regions.
- Implication: Location can affect trust, expectations, and how comfortable you feel using the service.
Security Operations
- Why it matters: Location drift often indicates CDN policy changes, stale DNS, or unintended provider routing.
- What to do: Validate routing policy, failover design, DNS records, and provider approval status.
- Implication: Unexpected location changes can break policy, increase exposure, and complicate incident analysis.
Privacy / Security Review
- Why it matters: Location affects jurisdiction, provider obligations, and potential data-transfer concerns.
- What to do: Compare actual observed locations against declared residency or policy expectations.
- Implication: Unexpected hosting regions may create governance or cross-border data concerns.
Mail Servers PRO: CORP-LOCK
Reviews mail-related infrastructure such as mail routing and sender trust settings.
What this showsMail providers, routing paths, and SPF-related trust relationships.
End User
- Why it matters: Mail systems are often how password resets, notifications, and sensitive messages are handled.
- What to do: Be cautious if a site handling important communication depends on many unexpected mail providers.
- Implication: Mail infrastructure is part of the trust chain even if you never see it directly.
Security Operations
- Why it matters: Mail records often reveal old vendors, broad sender trust, or shadow services that outlived their original use.
- What to do: Review MX and SPF entries, remove stale providers, and verify which systems are allowed to send mail.
- Implication: Weak mail hygiene increases impersonation risk, governance drift, and incident complexity.
Privacy / Security Review
- Why it matters: Mail providers often process sensitive content, account details, and identity-linked communications.
- What to do: Confirm that mail routing and sending providers are documented, approved, and in acceptable jurisdictions.
- Implication: Overlooked mail processors can become major hidden privacy dependencies.
Why Scantide Helps
You can verify many of these findings manually, but doing so usually means switching between browser tools, DNS lookups, certificate checks, tag managers, provider references, and routing databases.
Manual Workflow
- π΄ Review raw traffic in DevTools.
- π΄ Look up ownership through WHOIS and provider references.
- π΄ Run dig or nslookup for supporting records.
- π΄ Validate transport with separate TLS tools.
- π΄ Manually connect scripts, requests, providers, storage, and routing behavior.
Scantide Observe
Shared Visibility
Scantide brings the most useful signals together so end users, security teams, and privacy reviewers can start from the same evidence but reach audience-specific conclusions.
β LESS MANUAL CORRELATION
β FASTER TRIAGE
β CLEARER CROSS-TEAM UNDERSTANDING
β FASTER TRIAGE
β CLEARER CROSS-TEAM UNDERSTANDING
Use Cases by Audience
The same page can be reviewed for different reasons. These are common starting points.
End User and Trust Review
- Before signing in: Check the overall score, trackers, and server locations.
- Before entering payment or health data: Check encryption, server headers, and whether many unfamiliar providers are involved.
- Before trusting a privacy-focused service: Check whether its actual network behavior matches its public claims.
Security Operations and Privacy Review
- After deployment or vendor changes: Check Live Network, Active Scripts, and Server Headers for drift.
- During privacy or compliance review: Check Trackers, Cookies & Storage, Server Locations, and Mail Servers.
- During incident or anomaly review: Use score changes, unexpected requests, and location drift as triage starting points.
FAQ
Can one manual really work for all three audiences?
Yes, as long as each panel explains not only what it shows, but why it matters, what to do next, and what the finding implies for different people. That is exactly what this version is built to do.
Is this still understandable for non-technical users?
Yes. End-user guidance is written in plain language, while technical and privacy implications are separated into their own role blocks.
How do I verify a finding myself?
You can open your browser's Network panel and inspect the related request, script, or resource directly. Scantide helps by collecting those signals and presenting them in a clearer, role-aware format.
Can I export findings? ROADMAP
Structured export features such as JSON and PDF reporting are planned for Pro users with valid API access.
Technical Disclaimer
Findings are based on observable infrastructure behavior at the time of analysis. CDN failover, routing changes, resolver differences, VPN usage, or temporary upstream conditions may affect live results. Scantide provides technical visibility and does not replace legal advice, formal compliance review, or a complete security assessment.