Launch Readiness Score

Is your site ready to launch?

Scan your site for the security gaps AI coding tools miss — in seconds, no signup.

🛡️ Protected by Cloudflare Turnstile⚡ Results in ~10 seconds

Checked 2,400+ sites before launch

Enter the exact URL where your app lives (e.g. app.yourdomain.com or project.vercel.app), not just the root domain.

Free · 10 seconds · no card

By scanning, you confirm you're authorized to test this domain.

my-saas.vercel.app95shop.example.io88app.example.com72store.example.co90launch.example.dev84api.example.net93web.example.org86beta.example.app78dash.example.io91studio.example.dev82cloud.example.co96portal.example.net75

Built for apps deployed on

VercelNetlifyCloudflareSupabaseFirebaseStripeRenderRailwayReplitGitHubClaudeNext.jsReactAstro

We detect your stack and tailor the fix steps to it.

How it works

Four steps. Start without signup — download the fix pack after you log in.

Paste your URL

Enter where your app actually lives — app.you.com or project.vercel.app, not just the root domain.

Get your Launch Readiness Score

About 10 seconds. We check SSL, headers, origin exposure, email spoofing and more — in plain language.

Log in & download the AI Fix Pack

Fix with your AI

Open the .md in your AI editor, apply fixes one by one, then re-scan. No auto-write — you stay in control.

What we check before you launch

Security and launch-hygiene checks, tuned for vibe-coded apps.

Security surface — runs on every scan

Security headers — HSTS, clickjacking protectionLive now
Origin IP exposure — real server IP hidden behind the CDNLive now
Tech stack — what you run, so fixes match itLive now

Deeper checks — after you verify ownership

Admin paths — common /admin routes not wide openLive now
Debug endpoints — dev tools not reachable in productionLive now
Public storage buckets — Supabase/S3 not listableLive now

Launch intelligence

SSL & HTTPS — valid certificates and strong TLSComing soon
HTTPS redirect — HTTP upgrades to HTTPSComing soon
Email spoofing — SPF / DKIM / DMARCComing soon
Exposed config files — .env, .git not servedComing soon
Percentile — how you compare to other scanned sitesComing soon

Deeper checks only run after you verify ownership — we never aggressive-scan sites you don't control.

Why founders use LaunchPal

AI Fix Pack (.md)

One download bundles every finding plus fixes for your stack — made to paste into Cursor, Claude or Windsurf. Login required; anonymous scans don't get the file.

No-jargon reports

Every finding uses plain analogies and stack-specific steps — not enterprise audit-speak.

Fair scoring

Defensive scoring: one critical gap caps your score honestly — no false 100/100 comfort.

We protect your reputation

Public shares never leak real evidence. Locked previews use server-side placeholders, not CSS blur. The .md export is login-only.

Frequently asked questions

Ready to check your launch?

Free · ~10 seconds · no signup