I recently looked at 100 indie project launches and found a recurring pattern: 64% of them shipped with missing security headers (HSTS, CSP), lack of DMARC/SPF records, or broken OpenGraph previews.
We spend months writing core application logic, but often forget the "boring" technical debt right before hitting publish. This leads to broken link previews on social platforms, or worse, transactional emails going straight to spam.
I'm building SignalScan to automate this process. Under the hood, it's a Python/FastAPI engine that scans URLs and public repos to check for:
Missing HTTP security headers and DNS misconfigurations.
API drift (checking actual endpoint responses against OpenAPI/Swagger specs).
Missing metadata and launch optics.
Instead of just pointing out the flaws, it generates a technical health report with the exact code snippets needed to fix them (e.g., Nginx configs or Vercel next.config.js rules).
I'm currently finalizing the core scanning logic, so it's strictly a waitlist right now. I wanted to share the concept here early to see if this resonates.
Link: https://signalscan.focusflows.eu
What "invisible" pre-launch checks do you consistently forget to do, and what should I definitely add to the scanner?