SaaS Business Readiness Checklist 2026
SaaSalyst runs 101 automated checks across 8 technical categories, scored into 5 business readiness categories. Every check below links to a detailed explanation of what SaaSalyst tests, why it matters, and how to fix it.
Compliance & Legal
Privacy policies, terms of service, cookie consent, GDPR, CCPA/CPRA, EU AI Act, Colorado AI Act, EAA accessibility statement, contact info, data deletion, DPA link, and cookie tracking before consent.
- Privacy Policy Linkcritical
- Cookie Tracking Before Consentcritical
- Terms of Service Linkhigh
- Cookie Consent Mechanismhigh
- Contact Info Missinghigh
- GDPR Indicatorsmedium
- CCPA/CPRA Indicatorsmedium
- Data Deletion Mechanismmedium
- Third-Party Scriptsmedium
- EU AI Act Transparencylow
- Colorado AI Act Indicatorslow
- Data Processing Agreement Linklow
- EAA Accessibility Statementlow
Distribution Readiness
Title tags, meta descriptions, Open Graph, structured data, heading hierarchy, and social proof signals.
- Meta Robots AI-Compatiblecritical
- Title Taghigh
- Meta Descriptionhigh
- OAI-SearchBot Accesshigh
- AI Bot Policy (robots.txt)high
- Sitemap XML Reachablehigh
- Organization Schema (JSON-LD)high
- SoftwareApplication Schemahigh
- Default Page Titlehigh
- Open Graph (OG) Tagsmedium
- H1 Tagmedium
- OG Image Missingmedium
- FAQ Page Missingmedium
- llms.txt Missingmedium
- AI Crawlers Blockedmedium
- Sitemap Directive in robots.txtmedium
- Sitemap lastmod Freshnessmedium
- OG Image Invalidmedium
- Canonical URLlow
- Structured Data (JSON-LD)low
- Structured Data Typeslow
- Social Proof Missinglow
- FAQPage Schemalow
- Favicon Missinglow
- Custom Error Page Missinglow
Security & Infrastructure
HTTPS, security headers (HSTS, CSP, X-Frame-Options, Permissions-Policy, and more), security.txt, exposed source maps, mixed content, and API key exposure.
- HTTPS Enabledcritical
- Exposed API Keyscritical
- Supabase Service Role Key Exposurecritical
- Strict-Transport-Securityhigh
- Mixed Contenthigh
- Permissions-Policy Headermedium
- Content-Security-Policymedium
- X-Frame-Optionsmedium
- X-Content-Type-Optionsmedium
- Exposed Source Mapsmedium
- JavaScript Console Errorsmedium
- Broken Resourcesmedium
- Subresource Integrity (SRI)medium
- Supabase Anon Key Exposuremedium
- HTTPS Redirectmedium
- Cookie Security Flagsmedium
- security.txtlow
- Referrer-Policylow
- X-XSS-Protectionlow
Accessibility
Image alt text, HTML lang attribute, ARIA landmarks, heading hierarchy, mobile viewport, skip navigation, and form labels.
- Image Alt Texthigh
- HTML Lang Attributehigh
- Mobile Viewport Missinghigh
- ARIA Landmarksmedium
- Heading Hierarchymedium
- Skip Navigationmedium
- Form Labelsmedium
Performance
PageSpeed Insights score, First Contentful Paint, Largest Contentful Paint, Cumulative Layout Shift, Total Blocking Time, Speed Index, and Interaction to Next Paint (INP).
Analytics & Tracking
Analytics tools, multiple analytics detection, event tracking, conversion tracking, and session recording.
Pricing & Monetization
Pricing page presence, pricing transparency, free tier/trial, billing toggle, refund policy, pricing tiers, payment processor detection, and pricing CTA.
Market Presence
Technology stack detection, auth providers, email providers, payment provider stack, and third-party script count.
Run the Full Checklist | Free
SaaSalyst scans your website in 30 seconds and runs all 101 checks automatically. Get your Business Readiness Score instantly.
Scan Your AppFrequently Asked Questions
How many checks does SaaSalyst run?
SaaSalyst runs 101 automated checks across 8 technical categories, scored into 5 business readiness categories.
Is the SaaSalyst checklist free?
Yes. SaaSalyst scans your website and runs all 101 checks for free. You get a complete Business Readiness Score with pass/fail results for every check.
How long does a SaaSalyst scan take?
SaaSalyst completes a full scan in about 30 seconds. All 101 checks run automatically. No manual configuration required.