Skip to Content
MonitoringTech & Trust
Monitored dimension

Tech & Trust

What it tells you

Some of the ground you compete on isn’t the copy or the price — it’s the plumbing. How locked-down a rival’s site is, the compliance badges and reviews they show a nervous buyer, the tools they’ve wired in, and whether their pages are open to the AI crawlers that now decide who gets recommended. Tech & Trust reads all of that off the live site, the same way for every competitor and for you.

It comes down to a handful of plain readings:

What you seeWhat it means
Security gradeAn A-to-F grade for how well each rival’s site is hardened, from the protections its pages send.
Trust signalsThe compliance badges, reviews, and social proof a rival shows buyers — counted and compared.
AI crawler accessWhether AI bots are allowed, restricted, or blocked from reaching a rival’s site at all.
Tech stackThe tools each rival’s site is built on, sorted into what they’re for.

The one that’s easy to overlook is AI crawler access. It reads like a technical footnote, but it’s really an AI-visibility signal wearing a robots.txt costume: a page the crawlers can’t fetch is a page an assistant can’t quote.

What a check looks like

A check reads each competitor’s site for its security protections and its robots.txt rules, then sets the result beside yours. One run reads something like this:

tech & trust · one checkillustrative — security grade + AI-bot access
Rival A security A · 95 hsts ✓ csp ✓ · AI bots allowed
Rival B security C · 61 hsts ✓ csp ✗ · AI bots 2 blocked — restricted
a competitor security D · 44 hsts ✗ csp ✗ · AI bots blocked
you security B · 78 hsts ✓ csp ✓ · AI bots allowed
└ each rival graded · trust signals + tech stack read · kept as history

Because every site is read the same way, the comparison lines up cleanly — you can see at a glance who’s hardened and who’s exposed, and who’s quietly slammed the door on the AI crawlers that decide what gets recommended.

The security grade, and the headers behind it

Every rival gets a plain A-to-F security grade, worked out from the protective headers their site sends a browser. It’s not a penetration test — it’s the front-door check a careful buyer’s security team would run first, and it’s the same check for every competitor and for you.

The grade comes down to a handful of headers, each one a specific protection either present or missing:

HSTSCSPX-Frame-OptionsX-Content-Type-Options

You don’t need to read them as a security engineer — the grade rolls them into one letter — but the breakdown is there when you want to see exactly what a rival is missing:

RivalGradeHSTSCSPX-FrameX-Content-Type
Rival AA
Rival BC
YouB

CompetLab also names the top-graded competitor and the point gap between them and you, so the read is never a bare number — it’s where you stand against the best-hardened site in your set.

Trust signals — and an honest read of them

A check counts the credibility a rival puts in front of buyers: the compliance badges, review-site ratings, and social proof scattered across their site. Each rival gets a tally by category and a coverage read, so you can see who’s leaning hard on trust and who’s quiet.

ComplianceReviewsSocial proofCertifications

Compliance is the security and privacy attestations a buyer’s procurement team asks for. Reviews are the third-party rating badges from the platforms buyers check. Social proof is the customer logos, counts, and case studies a site uses to say others already trust us. Together they’re a read on how much a rival invests in reassuring a cautious buyer before a single sales conversation.

Trust signals are read visually, and some badges are baked into images the scanner can’t parse — so a low or zero count can be a false negative, not a real absence. CompetLab flags that possibility rather than presenting a raw zero as fact. Treat a surprisingly thin count as worth a look, not a verdict, and confirm it against the live site.

Can AI even reach them?

This is the read to watch. A check parses each rival’s robots.txt and reports whether the AI crawlers are allowed, restricted, or blocked — a direct, per-competitor measure of whether an AI assistant can fetch their pages at all.

AllowedRestrictedBlocked

It matters because AI answers can only cite what their crawlers can read. A rival who blocks the AI bots has taken themselves out of the running for those citations — and one who leaves the door open while you’ve quietly shut it has handed themselves an edge you didn’t know you’d given away. This is the same fight as AI Visibility, seen from the plumbing side: visibility measures whether you get named; crawler access is a precondition for getting named at all.

RivalAI crawler accessWhat it means
Rival AAllowedrobots.txt lets the major AI crawlers through
Rival BRestrictedsome AI crawlers blocked, others allowed
A competitorBlockedthe major AI crawlers disallowed outright
YouAllowed

Reading this across your set tells you two things at once: whether your own door is open, and whether a rival’s is closed in a way you could out-manoeuvre.

The tech stack, sorted

A check detects the tools each rival’s site is built on and sorts them by what they’re for, so you’re reading a profile of how a competitor operates rather than a raw dump of script tags.

Core techGrowthEngagement

Core tech is the frameworks, languages, and infrastructure the site runs on. Growth is the analytics, ads, and marketing tooling — a tell for how heavily a rival invests in acquisition. Engagement is the chat, support, and CRM tools they’ve wired in for talking to customers. Each rival gets a count in each bucket and a total.

RivalCore techGrowthEngagementTotal
Rival AReact · Next.js · TypeScriptAnalytics · marketing automationLive chat · support desk12
Rival BVue · NuxtAnalyticsSupport desk7
YouReact · Next.jsAnalytics · marketing automationLive chat9

Read across a row and you get a rival’s whole operational posture — a lean stack versus a heavily tooled growth machine tells you something about how they compete that no headline metric will.

The grades, the trust-signal coverage read, the AI-access statuses, and the sorted tech stack are rendered in the CompetLab app. The REST API and MCP tools return the pieces underneath — each rival’s security grade and the individual header results, the trust-signal counts by category, which AI crawlers are blocked, the categorized tech stack, and the DNS and email infrastructure each site runs on — so you can rebuild the same comparison in your own tools.

A trend, not a snapshot

A single check tells you how each rival is set up today; the value builds when you watch it move. Because CompetLab runs on a schedule and keeps every result, Tech & Trust becomes a record of how the field’s technical and trust posture shifts — the month a rival finally shipped a proper security header set, the week a competitor added a SOC 2 badge, the day one of them quietly started blocking the AI crawlers. Run History keeps each check with your security grade and the gaps to the field, so a change in a rival’s setup shows up as a trend rather than a thing you stumble on later.

That same check-over-check diff is what powers alerts: when a competitor opens or closes their site to AI crawlers, or their security grade moves, you hear about it between checks.

Tech & Trust runs on its own cadence, set independently of the other dimensions. Turning it on and choosing how often it checks are both covered in How monitoring works.

Work with it in code

Every quantitative piece here is available programmatically — the same data the dashboard renders.

FAQ

What is Tech & Trust?

Tech & Trust is one of CompetLab's five continuously monitored dimensions. It reads the technical and credibility signals off each competitor's live site and lines them up against yours: a security grade from the protections their pages send, a count of the trust signals they display (compliance badges, review ratings, social proof), the tools their site is built on sorted by purpose, and — the read worth watching closely — whether AI crawlers are allowed, restricted, or blocked from reaching them at all. Because it's monitored, every check is stored as history, so you watch a rival's setup shift over weeks and get an alert when something moves between checks — a security grade slipping, or a competitor quietly closing their site to the AI bots.

What goes into the security grade?

The grade is an A-to-F read of how well a site is hardened, worked out from the protective headers its pages send a browser — things like HSTS, a content security policy, and clickjacking and content-type protections. Each is a specific defence that's either present or missing, and the grade rolls them into one letter so you don't have to read them as a security engineer, while the breakdown stays available when you want to see exactly what a rival is missing. It's a front-door check, not a penetration test — the same quick read a careful buyer's security team runs first. CompetLab grades every competitor and you the same way, and names the best-hardened site in your set plus the point gap to it, so the number always has something to stand against.

What does "AI crawler access" tell me, and why does it matter?

It reads each rival's robots.txt and reports whether the major AI crawlers are allowed, restricted, or blocked from fetching their pages. It matters because AI answers can only cite what their crawlers can read — a site that blocks the AI bots has taken itself out of the running for those citations, while one that leaves the door open when a rival hasn't gains an edge. It's the same contest as AI Visibility seen from the plumbing side: AI Visibility measures whether an assistant names you; crawler access is a precondition for being named at all. Reading it across your set tells you both whether your own door is open and whether a competitor's is shut in a way you could out-manoeuvre. When a rival opens or closes that door between checks, it shows up as a change.

My trust-signal count looks low — is that real?

Maybe not. Trust signals are read visually from the live site, and a lot of badges — SOC 2 seals, review-platform ratings, certification marks — are baked into images the scanner can't parse. When that happens, a genuine badge reads as absent, so a low or zero count can be a false negative rather than a real gap in your credibility. CompetLab flags that possibility rather than presenting a raw zero as fact, which is the honest way to handle a limit of visual scanning. The practical rule: treat a surprisingly thin count as worth a look, not a verdict. Open the live site, confirm what's actually displayed, and if the badges are there as images, the count is understating you — not catching a real absence.

What's in the tech stack it detects?

The tools a competitor's site is built on, sorted into three buckets so you read a profile rather than a raw list. Core tech is the frameworks, languages, and infrastructure the site runs on. Growth is the analytics, advertising, and marketing tooling — a tell for how heavily a rival invests in acquisition. Engagement is the chat, support, and CRM tools they've wired in for talking to customers. Each rival gets a count per bucket and a total, and reading across a row gives you their operational posture at a glance: a lean stack versus a heavily tooled growth machine says something about how a competitor works that no headline metric will. The API also surfaces the DNS and email infrastructure each site runs on, for a fuller picture of how a rival is set up.

How often does it check, and does it keep history?

Tech & Trust runs on a schedule you set, on its own cadence, independently of the other dimensions — you can watch it closely or let it tick along, and changing the frequency never costs you past data. Every check is stored, so the dimension is really a running record of the field's technical and trust posture over time: Run History keeps each check with your security grade and the gaps to the field, so a rival hardening their site, adding a compliance badge, or closing their pages to AI crawlers shows up as a change against what the last check saw. That history is also what powers alerts — when a competitor's security grade moves or their AI-crawler access flips between checks, you hear about it. Frequency is set in the project's settings; see How monitoring works for the walkthrough.

Last updated on