PublicWWW finds every site running a snippet. TechSpy reads what one domain is actually running — and what it means.
PublicWWW searches backward. Hand it one code signature — a tracking ID, a script, an affiliate tag — and it returns thousands of sites that share it. Web-wide footprinting, and it's genuinely good at it.
TechSpy runs forward. Hand it one domain and it returns the full operational read: the real tech stack (even through React/Next.js SPAs), a DNS/DMARC audit, subdomains, hidden APIs, and a Verdict/Evidence/Implications call on top.
Different directions on the same map. Most people who land here already have the list — they need to read each domain on it.
- Reverse code search across the web vs. a forward per-domain read
- Sees through modern SPAs that leave scrapers a near-empty page
- Turns detections into a decision, not another match list
Scan a domain free — 30 scans/day, no login.
Free — no card, 30 scans/day.
Two different jobs: search vs. read
Neither tool replaces the other. Be clear on which direction you're pointed.
| PublicWWW | TechSpy | |
|---|---|---|
| Direction | Many sites ← one signature | One domain → many signals |
| You give it | A code snippet, ID, or signature | A domain |
| You get back | A list of sites embedding it | Stack + DNS + subdomains + analysis |
| Best for | Web-wide OSINT / footprinting at scale | Reading a specific target in depth |
PublicWWW does reverse code search across the whole web. It does not produce a per-domain tech-stack read, a DNS/DMARC audit, subdomain discovery, or a GTM analysis. That's TechSpy's lane — one domain at a time, in depth.
Reads through modern SPAs
A raw source-code index sees whatever shipped in the initial HTML. On a client-rendered React or Next.js site, that's a near-empty shell — the real stack loads in JavaScript after paint.
TechSpy reads three layers at once: static HTML + JS-runtime fingerprints + HTTP headers. So the stack behind the SPA actually shows up.
- HTML-only view of the SPA:
React·— empty shell — - TechSpy view of the same SPA:
Next.js(JS-runtime) ·Vercel(header) ·Segment(JS-runtime) ·Cloudflare(header)
Same page. Fuller picture. This is the single most concrete reason a single-target read beats a source snapshot on a modern app.
The infra layer source-code search never touches
Some of the most useful signals about a company don't live in page source at all. They live in DNS records, in what subdomains exist, in how the sitemap is built.
- DNS / DMARC / SPF / DKIM audit — email-auth posture and misconfigurations at a glance
- Subdomain discovery — catch infra expansion (staging,
api., new products) before the PR - Sitemap structure — how the site is actually organized and scaled
A source-code search engine indexes what's in the code. None of the above is in the code — so it's structurally out of scope for that kind of tool. It's core to TechSpy.
Deep Scan, Interact, and an opinion at the end
Detections are data. TechSpy's job is to hand you a decision.
- Deep Scan — headless render + HAR capture surfaces hidden APIs and SDKs that never appear on first paint
- Interact — an LLM clicks and fills forms to reveal tools that only load after interaction
- Verdict / Evidence / Implications — every read closes with an opinionated call, the evidence behind it, and what it means for you, each tagged High / Medium / Low confidence
Instead of a raw list of matches, you get: "Client-rendered React app on Cloudflare, HubSpot-run marketing — a modern GTM stack." With the evidence and the so-what attached.
Honest note on speed: only the static scan is seconds. Deep Scan and Interact take minutes — they're rendering and driving the page for real, not reading markup.
Head to head
PublicWWW earns a real check where it wins — web-wide signature search at scale. TechSpy owns the per-domain read.
| Capability | TechSpy | PublicWWW |
|---|---|---|
| Find all sites by a code signature / ID | — | ✓ (its core strength) |
| Per-domain tech-stack read | ✓ | — |
| Sees through React/Next.js SPAs | ✓ | — |
| DNS / DMARC / SPF / DKIM audit | ✓ | — |
| Subdomain discovery | ✓ | — |
| Deep Scan (HAR, hidden APIs) | ✓ | — |
| Interact (post-interaction tools) | ✓ | — |
| Verdict / Evidence / Implications | ✓ | — |
| Export PDF / Zapier / API | ✓ | — |
The top row is checked for PublicWWW on purpose. If your job is find the population, that's the tool. If your job is read the target, everything below it is TechSpy.
When PublicWWW is the better pick
No hit piece. If your job runs in reverse, TechSpy is the wrong tool — and PublicWWW is the right one.
Choose PublicWWW if you want to:
- Find every site on the web embedding a specific snippet, script, or library
- Footprint by an analytics ID, affiliate code, or tracking signature at scale
- Build a list of targets that share a common signature
Choose TechSpy if you want to:
- Read one domain's real stack, even behind a React/Next.js SPA
- Add DNS/DMARC, subdomains, and sitemap signals to that read
- Get a decision-ready Verdict/Evidence/Implications call, with saved scans, compare, and reports
TechSpy does not do web-wide signature search — it reads domains one at a time, in depth. So use both: PublicWWW to build the list, TechSpy to read each domain on it.
Pricing — start free, no login
| Plan | Price | What you get |
|---|---|---|
| Free | $0 | 30 scans/day + DNS / sitemap / subdomains + save & compare |
| Plus | $19/mo | 10 Deep Scan + 5 Interact credits |
| Max | $49/mo | Unlimited scans + 50 Deep Scan + 25 Interact + Export / Zapier / API |
| Enterprise | $199/mo | For teams scanning at scale |
The static scan runs in seconds. Deep Scan and Interact take minutes — because they render the page for real.
Scan a domain free — no login.
Scan a domain free
See the opinionated read for yourself — no login, 30 scans/day.