Originally published on the Prufa blog.
In June 2026 we pointed Prufa's free audit at 50 products that had just launched on Show HN — every launch from the previous 30 days that earned at least 10 points. These are products at their moment of maximum attention: front page, real traffic, founders watching the comments.
The headline numbers, from the 49 audits that completed (one site couldn't be reached by our runner):
- 100% of the 49 launches had at least one machine-verified finding.
- 78% — 38 of 49 — had at least one critical finding.
- 40 critical and 61 warning findings in total, every one verified by deterministic checks against captured browser evidence.
No site is named in this post. The point isn't to embarrass anyone — it's that these failures are systematic, and if these teams have them on launch day, you probably do too.
Methodology, briefly
Each site got the same audit a free Prufa run does: a real browser loads the public pages, captures network traffic, console output, cookies, and response codes, and a fixed suite of deterministic checks grades the evidence. Same input, same verdict. Every number below is from a code-verified check — no LLM opinions are counted anywhere in this data.
One honest caveat: our export keeps only the top findings per site, so the per-issue counts below are floors, not totals. The real numbers are equal or worse.
What actually breaks at website launch: the numbers
| Sites affected (of 49) | Finding | Severity |
|---|---|---|
| 38 | No analytics events detected | critical |
| 24 | No canonical link on entry page | info |
| 22 | Cookies set without the Secure attribute |
warning |
| 14 | Broken links | warning |
| 12 | No <h1> heading on entry page |
info |
| 11 | No robots.txt | info |
| 10 | JavaScript console errors during page load | warning |
| 10 | Missing meta description | warning |
| 8 | Images missing alt text | info |
| 7 | Missing Open Graph tags | info |
| 3 | Tag container loads, but no analytics events fire | warning |
| 2 | Canonical URL pointing to a different host | critical |
The most common launch bug: analytics that record nothing
The most common critical finding, by a wide margin: no analytics events detected. The page loads, the browser captures every outgoing request — and nothing resembling an analytics event leaves the page.
Think about what that means on launch day specifically. Front page of Hacker News is, for many of these products, the single largest traffic spike they will ever see. Which referrers converted, which pages people actually read, how many of those visitors signed up — for 38 of these 49 teams, that data simply doesn't exist. Not sampled, not skewed: absent.
Three more sites had a subtler version: the tag container loads (so a quick "view source" check looks fine), but no events ever fire. That one is nasty precisely because it passes the eyeball test — the only way to catch it is to watch the network traffic, which is what our check does.
The rest of the list is the unglamorous stuff
Broken links (14 sites). Nobody clicks every link on their own site — especially footer links, docs links, and that one pricing anchor that moved two redesigns ago. Visitors do.
Console errors at page load (10 sites). Errors at load time often mean broken features visitors never report — they just leave. These ten sites shipped them to the HN front page.
Cookies without Secure (22 sites). A one-attribute fix, sitting on nearly half the cohort.
The canonical-to-wrong-host pair (2 sites, critical). Two sites shipped a <link rel="canonical"> pointing at a different domain — almost certainly a leftover from a template or staging config. That tag tells search engines "index that other site instead of me." On launch week.
What we take from this
These aren't careless teams. They got a product to Show HN and earned points doing it. The pattern says something else: the surface area that needs verifying grows faster than anyone's willingness to click through it — especially in the week before a launch, when everything is on fire.
None of the findings above require judgment to detect. Every one is a deterministic check against evidence a browser can capture: a response code, a network request that did or didn't happen, an attribute on a cookie. Which is exactly why this should be automated — and why the LLM in our pipeline never grades results; plain code does.
We turned this dataset into a pre-launch checklist ordered by these failure rates, if you want the actionable version.
That's the audit we ran on these 49 sites, and it's free: paste a URL on prufa.dev, get the same machine-verified findings for your own site in about a minute. Before your launch day, ideally.
Top comments (0)