GhostedGhosted
Example reports

Real scans we ran on real sites.

These are unedited reports Ghosted produced against live indie-hacker sites. Each one took under 3 minutes. Pick a site to read the full report.

Reading report for
affiliatedeals.co
Every submit returns 400 — and a placeholder logo shipped to prod

Ghosted Crawl Report — affiliatedeals.co

The crawl hit 0 critical issues, 2 major issues, and 1 minor issue category across the pages tested (/ and /submit). Signup was not tested (no auth flow was in scope). The homepage loads cleanly with a 200. The submit flow is the only significant problem area, but it is a significant one: every single form submission attempt returned 400, meaning no affiliate program can currently be submitted through the site.

Major Issues

1. Program submission form is completely broken — POST /api/submit returns 400 on every attempt

  • What is broken: POST https://affiliatedeals.co/api/submit returns 400 unconditionally, regardless of input, blocking all program submissions.
  • Where: https://affiliatedeals.co/submit — the form submission handler at https://affiliatedeals.co/api/submit.
  • How to reproduce:

1. Navigate to https://affiliatedeals.co/submit.

2. Fill in all visible form fields.

3. Submit the form.

4. Observe the 400 response in DevTools Network tab; the form silently fails or shows an error state.

  • Why it matters: No user can submit an affiliate program. This is the core content-acquisition flow for the site. It fired 400 on nine consecutive attempts with varying inputs, ruling out a transient failure or a single bad payload.
  • Likely cause: The API is rejecting the request body at the validation layer before it touches any business logic. Either a required field name in the payload does not match what the server expects, a required field is missing from the form entirely, or a server-side schema validator is enforcing a constraint (URL format, enum, non-nullable) that the frontend never satisfies. Pull the raw 400 response body — it almost certainly contains a validation error that identifies the exact field.

2. Placeholder logo image is live in production — https://example.com/logo.png blocked by ORB

  • What is broken: An <img> on https://affiliatedeals.co/submit references https://example.com/logo.png, which the browser blocks with net::ERR_BLOCKED_BY_ORB.
  • Why it matters: example.com is an IANA-reserved placeholder domain. This image is a leftover from a template or copy-paste and will never load. This produces a broken image icon visible to users, and signals to any reviewer that the page shipped with placeholder content.
  • Likely cause: A hardcoded src="https://example.com/logo.png" left in the HTML or a CMS/template default that was never replaced.

Minor Issues

Console errors: Failed to load resource: the server responded with a status of 400 () logged nine times — once per failed POST /api/submit. Downstream noise from Major #1; clears once the 400 is resolved.

What We Couldn't Test

No auth flow in scope — any auth-gated pages, dashboards, or account management behind a login were not tested. The actual error response body from POST /api/submit was not captured in the crawl — retrieving it directly is your fastest path to diagnosing Major #1.

If you fix one thing today, fix the POST /api/submit 400 — your submit form is completely non-functional.

Run one on your site

Takes 5 minutes. No setup. No code.