SWAPSPOT

The global campus Super App for student swapping.

swapspot-702964316985.us-west1.run.app · Added June 9, 2026 · Last analysed June 9, 2026 · via · 86% unique tagline

Own this Launch?

StackScope is a free public catalogue of indie launches. We find launches on Product Hunt, Hacker News and similar feeds, then crawl each site to detect its tech stack and score it for launch readiness: DNS, security headers, SEO basics. This page is what we saw on 9 June 2026; the live site may have changed since.

SWAPSPOT is early-stage. Visible gaps: missing several security headers, incomplete legal pages, and no robots.txt or sitemap.

Launched on Product Hunt on June 9, 2026. The site is hosted on Google LLC in the United States, with a domain registered in 2018. We've detected 7 technologies on this site, covering auth, build tooling, CSS frameworks, and web fonts. The stack includes Express, Google Sign-In, and Tailwind CSS.

It's on one of the most common stacks we track, shared by 135 launches.

If you own this site, refresh the snapshot and see the full fix list any time →

1.2

StackScope Score

Poor

41/100 Launch Readiness

Partially ready

0/6 Security Headers

Poor

0/3 Legal

Missing

0/2 Web Standards

Missing

Vibe Score 0 · No AI signals

Informational pattern-match signal. Does not feed the StackScope Score. See which fingerprints fired →

Tech Stack (7)

Infrastructure

Hosting	Google Cloud
Protocol	HTTP/3

Build & Framework

Auth	Google Sign-In
Build tool	Vite
CSS framework	Tailwind CSS (2)
Font	Google Fonts
Framework	Express

Infrastructure

Network

GOOGLE-CLOUD-PLATFORM - Google LLC, US

AS396982 · US

DNSSEC

Not enabled

DNS responses unsigned. Cache-poisoning vulnerable.

SSL Certificate

Google Trust Services

Valid 18 May 2026 to 10 Aug 2026

Certificate as captured in this snapshot, not a live check.

Domain Age

8.2 years

Registered Apr 2018 · MarkMonitor Inc.

Email Security

✗

SPF Not published. Your domain can be spoofed in phishing emails.

DKIM Not detected at common selectors. Your provider may use a custom one.

✗

DMARC Not published. Receivers fall back to permissive defaults.

MTA-STS Not deployed. Mail to your domain can be downgraded to plaintext en route.

TLS-RPT Not configured. You won't hear about silent SMTP TLS handshake failures.

Storage (1)

Cookies (1)

Name	Lifetime	Detected as
GAESA	29d	-

Readiness Breakdown How?

⚠

Custom title and meta description (partial) missing meta description

✓ Responsive viewport meta tag

✓ Favicon present

- Open Graph tags (title, image, description)

- Canonical URL declared

- Twitter card meta tags

- Semantic HTML (nav, main, article)

AI Stance

No AI stance declared

✗ llms.txt published

✓ No AI bots blocked in robots.txt

Content-Signal

? No directive declared

Link headers

? None advertised

Well-Known Files

✗ robots.txt

✗ sitemap.xml

✗ security.txt

✗ llms.txt

✗ ads.txt

✗ humans.txt

Legal

? Privacy Policy not detected

? Terms of Service not detected

Detection works best on English language sites.

Security Headers (0/6)

✗

Referrer-Policy

✗

X-Frame-Options

✗

Permissions-Policy experimental (check browser support)

✗

X-Content-Type-Options

✗

Content-Security-Policy

✗

Strict-Transport-Security

–

X-XSS-Protection deprecated (use Content-Security-Policy)

Performance

201ms response time

Faster than 71% of sites

3 third-party domains loaded

Build

✗ HTML minified

✗ CSS minified

✗ JS minified

3 JS files

1 CSS files

3 Third-party domains

Something not look right? If a technology shown here is wrong or out of date, email [email protected] and we'll review it.