{"slug": "we-audited-49-show-hn-launches-38-had-a-critical-bug-on-day-one", "title": "We audited 49 Show HN launches. 38 had a critical bug on day one.", "summary": "A developer audited 49 products that launched on Show HN and found that 38 had a critical bug on day one: no analytics events were detected. The audit also uncovered 22 sites with cookies missing the Secure attribute, 14 with broken links, and 10 with JavaScript console errors during page load. Two sites shipped a canonical URL pointing to a different domain, effectively telling search engines to index another site instead.", "body_md": "*Originally published on the Prufa blog.*\n\nIn June 2026 we pointed Prufa's free audit at 50 products that had just launched on Show HN — every launch from the previous 30 days that earned at least 10 points. These are products at their moment of maximum attention: front page, real traffic, founders watching the comments.\n\nThe headline numbers, from the 49 audits that completed (one site couldn't be reached by our runner):\n\nNo site is named in this post. The point isn't to embarrass anyone — it's that these failures are systematic, and if these teams have them on launch day, you probably do too.\n\nEach site got the same audit a free Prufa run does: a real browser loads the public pages, captures network traffic, console output, cookies, and response codes, and a fixed suite of deterministic checks grades the evidence. Same input, same verdict. **Every number below is from a code-verified check** — no LLM opinions are counted anywhere in this data.\n\nOne honest caveat: our export keeps only the top findings per site, so the per-issue counts below are **floors**, not totals. The real numbers are equal or worse.\n\n| Sites affected (of 49) | Finding | Severity |\n|---|---|---|\n| 38 | No analytics events detected | critical |\n| 24 | No canonical link on entry page | info |\n| 22 | Cookies set without the `Secure` attribute |\nwarning |\n| 14 | Broken links | warning |\n| 12 | No `<h1>` heading on entry page |\ninfo |\n| 11 | No robots.txt | info |\n| 10 | JavaScript console errors during page load | warning |\n| 10 | Missing meta description | warning |\n| 8 | Images missing alt text | info |\n| 7 | Missing Open Graph tags | info |\n| 3 | Tag container loads, but no analytics events fire | warning |\n| 2 | Canonical URL pointing to a different host |\ncritical |\n\nThe most common critical finding, by a wide margin: **no analytics events detected**. The page loads, the browser captures every outgoing request — and nothing resembling an analytics event leaves the page.\n\nThink about what that means on launch day specifically. Front page of Hacker News is, for many of these products, the single largest traffic spike they will ever see. Which referrers converted, which pages people actually read, how many of those visitors signed up — for 38 of these 49 teams, that data simply doesn't exist. Not sampled, not skewed: absent.\n\nThree more sites had a subtler version: the tag container loads (so a quick \"view source\" check looks fine), but **no events ever fire**. That one is nasty precisely because it passes the eyeball test — the only way to catch it is to watch the network traffic, which is what our check does.\n\n**Broken links (14 sites).** Nobody clicks every link on their own site — especially footer links, docs links, and that one pricing anchor that moved two redesigns ago. Visitors do.\n\n**Console errors at page load (10 sites).** Errors at load time often mean broken features visitors never report — they just leave. These ten sites shipped them to the HN front page.\n\n**Cookies without Secure (22 sites).** A one-attribute fix, sitting on nearly half the cohort.\n\n**The canonical-to-wrong-host pair (2 sites, critical).** Two sites shipped a `<link rel=\"canonical\">`\n\npointing at a *different domain* — almost certainly a leftover from a template or staging config. That tag tells search engines \"index that other site instead of me.\" On launch week.\n\nThese aren't careless teams. They got a product to Show HN and earned points doing it. The pattern says something else: **the surface area that needs verifying grows faster than anyone's willingness to click through it** — especially in the week before a launch, when everything is on fire.\n\nNone of the findings above require judgment to detect. Every one is a deterministic check against evidence a browser can capture: a response code, a network request that did or didn't happen, an attribute on a cookie. Which is exactly why this should be automated — and why [the LLM in our pipeline never grades results](https://prufa.dev/blog/engineering/how-prufa-verifies-a-signup-flow/); plain code does.\n\nWe turned this dataset into a [pre-launch checklist ordered by these failure rates](https://prufa.dev/blog/guides/website-qa-checklist-before-launch/), if you want the actionable version.\n\nThat's the audit we ran on these 49 sites, and it's free: paste a URL on [prufa.dev](https://prufa.dev/), get the same machine-verified findings for your own site in about a minute. Before your launch day, ideally.", "url": "https://wpnews.pro/news/we-audited-49-show-hn-launches-38-had-a-critical-bug-on-day-one", "canonical_source": "https://dev.to/gregory_potemkin_d6b42d5a/we-audited-49-show-hn-launches-38-had-a-critical-bug-on-day-one-1dk7", "published_at": "2026-06-12 09:19:31+00:00", "updated_at": "2026-06-12 09:42:21.643626+00:00", "lang": "en", "topics": ["ai-products", "ai-startups"], "entities": ["Prufa", "Show HN"], "alternates": {"html": "https://wpnews.pro/news/we-audited-49-show-hn-launches-38-had-a-critical-bug-on-day-one", "markdown": "https://wpnews.pro/news/we-audited-49-show-hn-launches-38-had-a-critical-bug-on-day-one.md", "text": "https://wpnews.pro/news/we-audited-49-show-hn-launches-38-had-a-critical-bug-on-day-one.txt", "jsonld": "https://wpnews.pro/news/we-audited-49-show-hn-launches-38-had-a-critical-bug-on-day-one.jsonld"}}