The tech stack of 40 unicorn SaaS companies.
We scanned the public homepages of 40 unicorn SaaS companies in May 2026. 28 of them run no third-party analytics. Only 1 runs Google Analytics directly. Cloudflare narrowly beats AWS on the marketing layer. Sanity beats Adobe Experience Manager. The full data and what it means is below.
Published 2026-05-27 · 14 min read · Data: 2026-05-27
Six findings, in numbers
Stripe, Slack, GitHub, GitLab, Figma, Datadog, MongoDB, Anthropic, Perplexity, Shopify, Mailchimp and 14 others ship marketing pages with zero detectable Google Analytics, Segment, Amplitude, Mixpanel, or Hotjar. Either they collect first-party telemetry server-side or they've consciously decided the privacy cost outweighs the attribution value.
Down from what was probably 35/40 in 2020. The collapse of third-party tracking on B2B marketing sites is the loudest signal in the data. The category that used to define MarTech is now actively avoided by the most successful companies in it.
Compared to 12/40 on an AWS CDN (CloudFront or S3). Cloudflare is now the modal CDN choice on the marketing layer, even when the application is hosted on AWS. The split between "where the app runs" and "where the marketing site lives" is now a deliberate architectural choice for most unicorns.
Cloudflare Bot Management on 12, Akamai Bot Manager on 2, and Airbnb uniquely stacks 3 vendors (Akamai BM + Arkose Labs + GeeTest). The pattern is clear: AI labs (OpenAI, Anthropic, Perplexity) all run bot management because of scrapers, while devtools (GitHub, GitLab, Datadog) mostly don't.
3 of 40 unicorns host marketing on Vercel, including OpenAI, Notion (partially), and Vercel itself. Compared to 13/40 on AWS and 2/40 on Netlify. Vercel has captured roughly a quarter of the unicorn marketing-site market in five years.
Sanity (6) beats Adobe Experience Manager (4) on this cohort. AEM only appears at Snowflake, MongoDB, and Mailchimp - the most enterprise-coded unicorns. Sanity shows up at Figma, Mercury, Anthropic, and others - the design-led ones. The CMS choice is a near-perfect predictor of who the marketing site is built for: developers or procurement officers.
The collapse of third-party analytics
The most consistent pattern across the 40 sites is something missing rather than something present. Twenty-five companies including Stripe, Slack, GitHub, GitLab, Figma, Datadog, MongoDB, Anthropic, Perplexity, Shopify, and Mailchimp ship marketing pages with no detectable third-party analytics tag. Not Google Analytics, not Segment, not Mixpanel, not Hotjar, not Amplitude. Nothing.
In 2018 that would have been unthinkable. Marketing teams ran ten or more pixel-fired tags on every page because the consensus was that attribution required them and vendor lock-in did not matter yet. In 2026 the largest B2B SaaS companies have quietly walked it back. Most of them are not announcing privacy postures or making policy statements. They are simply not loading the tags.
Three plausible readings sit underneath that finding, and they are probably all true at the same time. The first is server-side attribution: companies that built real first-party data pipelines (and that have the engineering bandwidth to do so) have moved measurement off the browser entirely. The second is performance: every third-party script is a Core Web Vitals hit, and the marketing site is the page where the cost of a slow LCP is paid hardest. The third is brand posture: Stripe, Anthropic, and a few others have made privacy a stated value and removing analytics tags is the cheapest demonstration of it.
Whatever the mix of reasons, the practical effect is that 28 of the 40 biggest B2B SaaS marketing sites have collectively decided third-party browser analytics is no longer worth it. That is not a trend story. That is the trend completing.
CDN: Cloudflare narrowly beats AWS on the marketing layer
23 of 40 unicorns front their marketing site with Cloudflare. 12 of 40 use an AWS CDN (CloudFront or S3 directly). The two are within a few percentage points of each other.
The interesting subdivision is who picks which. Companies that started after 2018 and have an aggressive product-engineering culture skew Cloudflare: Notion, Linear, Vercel, Anthropic, OpenAI, Perplexity, Mercury, Ramp, Brex. Companies founded before 2015 with a mature AWS contract skew AWS CDNs: Stripe, Slack, GitHub, Dropbox, Figma, Segment, Datadog, Twilio. Akamai shows up only twice (Airbnb and Mailchimp), both of which are old enough that the Akamai contract probably pre-dates Cloudflare being a serious competitor at their tier.
3 of 40 host their marketing site on Vercel. That number is significant. Five years ago it would have been zero. Vercel has captured a quarter of the unicorn marketing-site market in roughly five years, mostly at the expense of Netlify (only 2 of 40) and self-hosted AWS marketing builds.
Bot management splits along industry lines
14 of 40 sites run a detectable bot-management vendor. Cloudflare Bot Management dominates with 12 deployments. Akamai Bot Manager appears twice. Arkose Labs and GeeTest each show up once (both at Airbnb, which stacks three vendors).
The pattern follows industry, not size. All three frontier AI labs (OpenAI, Anthropic, Perplexity) run bot management because they are the single largest targets for AI training scrapers and competitive intelligence. Fintech follows next: Mercury, Ramp, and Gusto all run it because financial-app marketing sites are heavy targets for credential-stuffing reconnaissance. The contrast group is developer tools, where GitHub, GitLab, Datadog, Dropbox, and Slack run no detectable bot management at all. Their threat profile is different and their tolerance for false-positive friction on a developer-facing marketing site is lower.
Airbnb is the outlier. Three separate bot vendors on one property (Akamai Bot Manager + Arkose Labs + GeeTest) is not architecture for the sake of architecture. It is what a fraud-engineering team builds after a measurable revenue loss has forced them to route distinct attacker populations to distinct challenge types.
Five stack archetypes
Categorizing the 40 companies by their dominant stack reveals five distinct archetypes. The same company can land in more than one, but the leading choice usually tells you which team owns the marketing surface.
Next.js on Vercel, Tailwind on the styling layer, Cloudflare in front for bot defense. The canonical 2026 product-team build. Marketing site is treated as a product surface, not a marketing artifact.
Visual page builder (Webflow) or headless CMS (Sanity) with Cloudflare in front. Marketing site is owned by marketers, not engineers. The team boundary is visible in the stack.
Adobe Experience Manager backed by Cloudflare or Akamai. Six-figure CMS, governance committee in the loop, every page reviewed by brand and legal. The vendor signal is: we sell to procurement officers, not developers.
AWS for everything - CloudFront or S3 for CDN, EC2 or Lambda behind Nginx. No Cloudflare layer, no Vercel. Keeps the marketing site on the same cloud the application runs on. Often the choice of companies founded before 2018.
Akamai CDN + Akamai Bot Manager + additional CAPTCHA-class vendors. Picked when traffic includes meaningful fraud risk and the procurement team wants enterprise SLAs in writing. Airbnb adds Arkose Labs and GeeTest on top - three separate bot-mitigation vendors.
All 40 companies, sortable
| Company | Techs | CDN | PaaS | CMS | GA? | Bot mgmt? |
|---|---|---|---|---|---|---|
| 24 | Cloudflare | - | - | yes | no | |
| 22 | Akamai | - | - | no | yes | |
| 21 | Cloudflare | AWS | Contentstack | yes | yes | |
| 20 | Cloudflare | - | - | no | no | |
| 20 | Cloudflare | - | - | yes | yes | |
| 18 | Cloudflare | AWS | - | yes | no | |
| 18 | Amazon CloudFront | AWS | - | no | yes | |
| 18 | Cloudflare | - | Sanity | no | yes | |
| 18 | Amazon S3, Cloudflare | AWS, Vercel | - | yes | no | |
| 18 | Amazon CloudFront | - | - | no | no | |
| 17 | Cloudflare | - | - | yes | no | |
| 17 | Amazon CloudFront | AWS | - | yes | no | |
| 17 | Cloudflare | - | - | no | no | |
| 17 | Cloudflare | - | - | no | yes | |
| 17 | - | Vercel | - | yes | no | |
 Anthropic | 16 | Cloudflare, Amazon S3 | AWS | Sanity | no | yes |
| 16 | Cloudflare | AWS | - | no | yes | |
| 16 | Cloudflare | - | Adobe Experience Manager | no | no | |
 OpenAI | 16 | Cloudflare | Vercel | - | yes | yes |
| 15 | Cloudflare | - | - | no | no | |
| 15 | Amazon CloudFront | AWS, Netlify | Sanity | no | no | |
| 15 | Cloudflare | - | - | no | no | |
| 15 | Amazon CloudFront | AWS | - | no | no | |
| 15 | Cloudflare | - | - | no | no | |
| 14 | Cloudflare | - | HubSpot CMS Hub | yes | yes | |
| 14 | Akamai | - | Adobe Experience Manager | no | yes | |
| 14 | Cloudflare | - | - | no | no | |
 Shopify | 14 | Cloudflare | - | - | no | no |
| 14 | Cloudflare | - | Adobe Experience Manager | yes | no | |
| 14 | - | - | - | yes | no | |
| 13 | Amazon CloudFront | AWS | - | no | no | |
| 13 | Amazon CloudFront | - | - | no | no | |
| 13 | Amazon CloudFront | AWS | - | no | no | |
| 13 | Amazon S3 | AWS | - | no | no | |
| 13 | - | - | - | no | yes | |
| 11 | Amazon CloudFront | AWS | - | no | no | |
| 11 | - | - | - | no | yes | |
| 10 | Cloudflare | - | - | no | no | |
 Perplexity | 8 | Cloudflare | - | - | no | yes |
| 0 | - | - | - | no | no |
Click any company name to see the full detected stack on its live JobsPipe scan page.
Methodology and what we can and cannot see
Every data point on this page comes from a live homepage scan against a 7,500-row detection library. We fetch the public homepage with a real-browser TLS fingerprint and pattern-match the response across script tags, meta tags, response headers, cookies, URL paths, and DOM selectors. The 40 companies were picked from the most widely-recognized SaaS unicorns and unicorn-class companies in May 2026.
What we can see: CDN, hosting platform, frontend frameworks loaded on the homepage, analytics and pixel tags, detectable bot-management vendors, CMS fingerprints, and a long tail of common SaaS embeds (live chat, payment processors, cookie consent, fonts).
What we cannot see: backend infrastructure that does not leak in headers or scripts, server-side analytics that has been moved off the browser, internal tooling, vendor relationships behind a login wall, and tech that only loads after user interaction. The 28 "no analytics" finding specifically means "no detectable third-party browser-side analytics". It does not mean these companies have no telemetry.
Detection over-matching is a known limitation. The Wappalyzer-style regex library produces some false positives for tools whose runtime fingerprints overlap with several competitors (e.g. React/Svelte/Preact detection collisions). We trust the vendor-specific signals (headers, cookies, script sources) more than the generic regex matches.
What this report says about modern SaaS
Three patterns repeat across the 40 sites. First, the marketing surface has been decoupled from the product surface. The team that owns marketing infrastructure is not the same team that runs the application, and they pick different vendors. AWS for the app, Cloudflare or Vercel for the marketing site. Different cache rules, different deploy cadences, different on-call rotations.
Second, the consensus stack has narrowed. React on the frontend, Tailwind for styling, Next.js if you started after 2020 and Vite if you wanted build speed but not a framework. Six years ago the framework wars were noisy. They have ended in a quiet near-monoculture.
Third, the largest companies are removing trackers, not adding them. The 2010-2020 MarTech narrative was that more pixels meant better attribution and more revenue. The 2024-2026 reality is that the largest B2B SaaS companies have decided the tradeoff is no longer worth it on the marketing layer specifically. Whether server- side replacements catch all the lost signal is an open question. The behavior is already a fact.
The website tells you a lot. Hiring tells you what comes next. JobsPipe surfaces the backend tools, internal infrastructure, and team-side adoption that scanner-only data cannot reach.
See what any company runs - and what they're about to add.
Get a free API key