Live · 82 checks · 8 categories

AI ships apps that look ready.
Most aren't.

94% have no error tracking. 93% are clickjack-vulnerable. 66% have no Terms of Service. Vettd runs the 82 production checks your AI builder skipped — against your live site in 28 seconds. Free, no signup.

Free site scan, no signup required. For continuous review, connect a repository →

We scanned 1,081 AI-built apps

Most look finished. The invisible parts decide what happens next.

The shiny parts are easy — UI, login, payments, mobile. The invisible parts — error tracking, security headers, legal pages, AI-search readiness — are missing on almost every app, because nothing in the build loop ever prompts for them.

0%

ship with no error tracking. When something breaks for a real user, the builder has no idea.

Vettd · 1,081 apps scanned · 2026
0%

are clickjack-vulnerable. One missing header. Default-off in every AI builder.

Vettd · 1,081 apps scanned · 2026
0%

are invisible to AI crawlers. GPTBot, ClaudeBot and PerplexityBot see an empty shell and skip your site.

Vettd · 1,081 apps scanned · 2026
0%

have no Terms of Service. Stripe rejects them. App stores reject them. Most builders ship without it.

Vettd · 1,081 apps scanned · 2026
Vettd · live scanner · running$ vettd scan

Platform usage

Findings to date

Site Scan

Audit any URL.
Get a graded report in 30 seconds.

82 checks across security, performance, SEO, legal, accessibility, and AI-search readiness — executed in a real browser against your production site. No signup.

vettd.com/scan/acmedeals.io
75C
acmedeals.io Live
51 passed9 failed16 warnings· scanned 4 min ago · 28s
Security79
23
SEO60
45
Performance100
Legal90
1
CRO61
4
Reliability16
37
Completeness95
Security· 5 to fix
CRITICALContent Security Policy missingresponse headers
no Content-Security-Policy header found in response

Add a CSP header — without it, any injected script can run with full privileges.

HIGHMixed content blockedindex.html · line 47
<img src="http://cdn.acme.io/banner.jpg" />

Switch the asset URL to https — modern browsers refuse the load.

WARNTLS 1.0 still acceptedport 443
min_protocol = TLSv1

Disable TLS 1.0 and 1.1 at the load balancer.

Code Review

Continuous review
on every push to GitHub.

Vettd reviews each commit and pull request, posts findings inline on GitHub, and emails the patch — so issues are caught before merge, not after deploy.

Connect a repository

Included with every Watch plan.

vettd.com/dashboard/repos/asea-world/scan/9b5e9e1
diskountz / asea-worldPR #1
main ← feature/onboarding· 7 changed files· reviewed 2 min ago
3
critical
32
high
43
medium
6
low
By source84 findings
Vettd 18
ESLint 14
npm audit 52
CRITICALESLintsrc/components/Login.tsx:13
React Hook called conditionally

Move useState to the top of the component — conditional Hooks corrupt every Hook that runs after.

HIGHnpm auditlodash@4.17.20
Command Injection · GHSA-35jh-r3h4-6jhm

Upgrade to lodash@4.17.21. Run `npm install lodash@^4.17.21` and commit the lockfile.

MEDIUMVettdsrc/Hero.tsx:47
<button> rendered as <div> — keyboard inaccessible

Replace with a real `<button>` so Tab/Enter/Space and screen readers work.

Coverage

One scanner, the full surface area.
Including the gaps every other tool leaves.

Lighthouse, ESLint, and npm audit each cover a slice. Vettd runs all three — and adds the production-readiness checks no other tool runs.

Lighthouse
Performance, accessibility, web vitals
we run that
ESLint
Hook errors, dupe keys, eval, debugger
we run that
npm audit
CVEs in your dependency tree
we run that
Nobody
Dummy text, dead social links, stock images, framework defaults, broken buttons, debug logs in prod
we run that too

A sample of what only Vettd checks:

Buttons that go absolutely nowhere
Dummy text your AI forgot to replace
Stock images from free placeholder services
Framework boilerplate still in your title tag
Debug logs shipping to production
A copyright date from two years ago
Social links pointing to #
API keys exposed in your frontend
FAQ

Frequently asked.

Ship vetted code.
Not whatever your model produced.

Audit a URL, or connect a repository for continuous review.

Or connect a repository for continuous review →