Your Bolt.new project is hackathon-fast. Make sure it is user-ready.
Bolt is incredible at iterating fast. ‘Iterating fast’ usually means meta tags, headers, alt text and bundle size never got a turn. We catch the lot.
Bolt projects ship clever — and incomplete
We've scanned Bolt-generated landing pages, internal tools, and full-stack apps. The pattern is consistent: the core feature works beautifully, and everything around it (SEO, social previews, accessibility, error pages) was never prompted in.
The 10 issues we keep finding on Bolt.new projects
Each one is real, severity-ranked, and ships with a one-line fix suggestion in the report.
API keys hardcoded in src/
Bolt's ‘write me a quick OpenAI integration’ prompts often produce client-side fetch calls with the API key inline. Anyone can scrape it.
Default StackBlitz/Netlify headers
No CSP, no HSTS, no X-Frame-Options. Your app can be iframed on phishing sites that mimic your branding.
Single-page app with no pre-render
Bolt's React templates render client-side. Google's crawler sees an empty <div id=root>. You'll never rank for content that lives below that div.
Generic <title> across every route
We routinely see the same <title> on every page of a Bolt project — the framework default, never updated per route. Kills both UX and SEO.
Default Vite favicon
The Vite lightning bolt is shipped to production on roughly half the Bolt projects we've audited. Tells users ‘this is a demo’.
Bundle includes every shadcn primitive
Bolt imports the whole shadcn set even when you use four components. We've measured 600+ KB of unused JS on small landing pages.
Buttons rendered as <div>
AI-generated React often uses <div onClick> instead of <button>. Keyboard users can't tab to them; screen readers don't announce them.
Lorem ipsum left in production
About 1 in 6 Bolt projects we've scanned still had placeholder copy in the footer or a sidebar. We flag it explicitly.
No sitemap.xml — deep pages invisible to Google
Bolt doesn't auto-generate a sitemap. Your /pricing and /docs pages won't appear in search results unless another site links to them.
No SPF or DMARC for custom domain
Anyone can send phishing emails that look like they come from your domain. Two DNS records fix this in five minutes.
Bolt.new pre-launch checklist
Check these before you share your link. The full PageLens AI audit catches everything else.
- Move all API keys to environment variables (never in client-side code)
- Replace default Vite favicon with your brand icon
- Add unique <title> and <meta description> per route
- Set og:image for social sharing previews
- Add Content-Security-Policy and X-Frame-Options headers
- Replace <div onClick> with <button> for all interactive elements
- Add pre-rendering or SSR for SEO-critical content
- Search for and remove any lorem ipsum or placeholder copy
- Tree-shake unused shadcn components from the bundle
- Add a custom error/404 page
- Add a sitemap.xml for all public routes
- Set up SPF and DMARC DNS records for your domain
- Add a cookie consent banner if using analytics
This covers the basics. A full PageLens AI scan checks hundreds of rules across 10 categories — including the ones that are hard to spot manually.
Get fixes you can paste straight into Bolt.new
After your scan, download the Markdown report and use this prompt with your AI builder to fix everything automatically.
I scanned my Bolt.new project with PageLens AI. Fix each issue below, starting with CRITICAL severity. Remove any hardcoded API keys and move them to environment variables: [paste findings here]
From URL to fix-list in five minutes
Drop your URL
Paste the live URL of your Bolt.new project. Pick how many pages to scan.
We crawl + analyse
Real headless Chrome visits every page, captures screenshots, reads the rendered HTML and headers, then a vision-capable AI writes the findings.
Read the report
Severity-ranked findings, screenshots, fix suggestions, security headers grade, PDF export, share link.
Pick your size
Pay per scan from $1 — or subscribe to a plan from $19/mo for continuous monitoring.
Launch Pack
$49
Up to 15 pages
Launch Scan
$1
Up to 3 pages
Full Site Scan
$15
Up to 25 pages
Not ready to scan your Bolt.new build yet?
Get the practical pre-launch checklist by email, with the same builder and launch context preserved for your $1 audit link.
Questions Bolt.new users ask us
Does this work on my StackBlitz preview URL?
Yes — we'll crawl any *.stackblitz.io or *.bolt.new URL. For best results scan your actual production deploy (Netlify, Vercel, etc.) since headers and bundling differ.
I built a hackathon demo. Is a launch scan overkill?
No. This is exactly the moment for a fast public-surface check: broken share previews, placeholder copy, missing headers and mobile issues are easier to fix before people start judging the demo.
Five minutes from URL to a list of every issue holding your project back.
Free instant check - no signup. Launch Pack from $49: fix with your AI builder, re-scan, and prove it improved.