€600,000. That’s what Kruidvat got hit with by the Dutch DPA — for a cookie banner that promised privacy but delivered squat.
And Coolblue? €40K for the same sin. Most sites’ “Reject All” buttons? Pure theater. But here’s the fix: three slick, open-source CLI tools just dropped, ready to npx your way to real compliance.
TrustYourWebsite built these for scanning European sites. Extracted ‘em as standalone gems. All MIT-licensed, TypeScript-pure, Node 18+ friendly. Plug ‘em into CI, watch ‘em flag disasters.
Why Cookie Banners Lie — And How This Tool Calls Their Bluff
Picture this: a cookie banner pops up, you smash “Reject All,” feel virtuous. But trackers? Still phoning home like nothing happened. That’s not a bug. It’s the business model.
Most cookie banners are decorative. The Dutch DPA fined Kruidvat (€600K) and Coolblue (€40K) for banners that didn’t actually work. This tool catches that.
npx @trustyourwebsite/cookie-consent-validator https://your-site.com
It IDs the CMP — Cookiebot, OneTrust, Complianz, you name it — then records cookies and network requests before and after rejection. Violations? Flagged in JSON or table output. Brutal honesty.
Think of it like a privacy bouncer at the door, not just nodding you through.
These aren’t toys. Run in CI, exit code 1 on fails. Your deploy pipeline now has teeth.
GitHub: trustyourwebsite/cookie-consent-validator. PRs welcome — because open source moves fast.
Security Headers: From A+ to ‘Fix This Now’ in One Command
Security headers. Everyone knows they matter — HSTS, CSP, the gang. But grading them? Most tools spit vague warnings. This one’s a schoolmarm with a red pen.
npx @trustyourwebsite/security-headers https://your-site.com
Grades A+ to F. Parses CSP fully — flags unsafe-inline, unsafe-eval like a hawk. Checks X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, even COOP/CORP/COEP. Hates Server/X-Powered-By leaks too.
Zero runtime deps. CI mode: –ci –min-grade B, bombs out if you slip.
It’s the spellchecker for your site’s armor. Remember early antivirus? Clunky signatures. Now it’s AI predicting threats. These tools? Same vibe for headers — proactive, automated, essential.
My bold call: in five years, no deploy without header grading. Just like linting today. (Heck, with AI agents, it’ll self-fix.)
GitHub: trustyourwebsite/security-headers.
Is Your Email Auth Secretly Broken? The DNS Tool That Knows
SPF, DKIM, DMARC. Sounds like alphabet soup. Tastes like deliverability hell.
npx @trustyourwebsite/dns-auth-check your-domain.com
Killer bit: recursive SPF lookup counting. Your record looks clean, but chain includes — Google Workspace, Mailchimp, transactional sender — and boom, over 10 lookups (RFC 7208). SPF fails silently. Emails to spam.
Auto-discovers DKIM selectors (probes 12+ commons). Checks DMARC policy, BIMI, MTA-STS. Uses node:dns/promises. Zero deps.
Like a mechanic stress-testing your engine under load, not just idling.
GitHub: trustyourwebsite/dns-auth-check.
The Bigger Picture: Compliance as the New Linter
All three? JSON/table output, CI-nice, MIT free-for-all. Want the full suite — accessibility, image copyright, dark patterns, legal pages? Hit trustyourwebsite.nl.
But zoom out. Websites used to be wild west. Then linters tamed code. Now compliance scanners tame the deploy.
Historical parallel: early ’90s, HTML validators were nerd hobbies. Today? CI must-haves. These CLI tools? Tomorrow’s eslint for privacy and security.
Enthusiasm overload here — because this is the platform shift. AI’s eating the world, sure, but first, we automate the basics. No fines, no breaches, pure velocity.
Corporate hype check: TrustYourWebsite isn’t spinning unicorn promises. These tools work standalone, extracted from real scanners. No vaporware.
Dev teams, grab ‘em. Add to your GitHub Actions. Sleep better.
Why Does This Matter for Developers Right Now?
Dead simple integration. npx, pipe to JSON, assert in tests. Scales to thousands of sites.
Energy boost: imagine your PRs auto-validated for compliance. No more manual audits. Deploy fearlessly.
Wonder moment — what if AI wrappers make these prescient? Predicting fines before they hit? Yeah, that’s next.
Short para. Boom.
Detailed dive: cookie tool detects CMPs dynamically, network sniffing via Puppeteer under the hood? Nah, lightweight. Pure fetch magic.
Security grader parses directives like a lawyer. Permissions-Policy? Granular flags.
DNS one uncovers hidden chains — that Mailchimp include you forgot? Busted.
Together, they form a compliance trifecta. Better than paid SaaS bloat.
Will Open-Source Compliance Tools Replace Paid Scanners?
Short answer: they’re the start. Paid ones layer dashboards, but these? Core engines, extensible.
Prediction — forks galore, integrations with Vercel/Netlify hooks. Community owns it.
One nit: Node-only for now. Deno/Rust ports? Incoming, bet on it.
Vivid close: your site, once a leaky boat, now a fortress. Powered by three lines of npx.
🧬 Related Insights
- Read more: GitLab Slashes AI Code Review Costs to $0.25—Engineers’ Queues Beware
- Read more: Three Lines of Python to a Live AI Agent: Tioli’s Radical Simplification Actually Works
Frequently Asked Questions
What does the cookie-consent-validator tool do?
It clicks ‘Reject All’ on banners, monitors cookies/network, flags if tracking persists. Catches fake consents.
How do I use security-headers in CI/CD?
npx @trustyourwebsite/security-headers https://site.com –ci –min-grade B. Exits 1 on fail. Perfect for pipelines.
Does dns-auth-check find my DKIM selectors automatically?
Yes, probes 12+ common ones. Counts SPF lookups recursively to spot 10+ limit breaks.
