Klaviyo Tech Stack Deep Dive: Dual CMS, 12+ Ad Pixels, and an Enterprise Gap

Klaviyo—the company that sells marketing automation—runs its own website on a competitor’s CRM and CMS: HubSpot. Combined with a headless CMS (Sanity), a multi-CDN delivery, and 12+ advertising pixels, the architecture reveals a fascinatingly heterogeneous tech stack optimized for content velocity and demand capture, but with visible gaps in enterprise readiness. The captured sample reveals no dedicated trust center, a contact-form-only enterprise conversion path, and a sitemap heavily biased toward blog content, leaving product pages and mid-funnel assets unobserved.

The Stack at a Glance

Klaviyo’s public-facing infrastructure is a hybrid of two content management systems and two hosting platforms, all fronted by Amazon Web Services. The primary delivery layer runs on AWS CloudFront CDN with Route 53 handling DNS, enforcing forced HTTPS and issuing TLS certificates via Amazon. Yet technology detection signals flag HubSpot CMS and Sanity as dual content sources, served through the Astro framework and optionally delivered by Netlify. This pattern suggests a multi-phase migration or deliberate content partitioning: HubSpot likely powers blog, landing pages, and forms, while Sanity—a headless CMS—may feed more dynamic or developer-controlled surfaces. Astro, known for shipping zero JavaScript by default, stitches them together for performance.

The content structure is subdomain-partitioned, with separate surfaces for developers, education, partners, and the main marketing site. Observed subdomains include developers.klaviyo.com, academy.klaviyo.com, and marketplace.klaviyo.com. Only two were confirmed live in the scan, but the pattern is clear: Klaviyo isolates audiences to optimize messaging and tooling. The developer docs live entirely on their own subdomain, keeping technical documentation away from the marketing blog—a common practice that prevents SEO dilution and enables specialized analytics tracking.

Monitoring and observability rely on Sentry for error tracking and Pingdom for uptime. Sentry captures runtime exceptions across both the marketing site and API surfaces, while Pingdom provides synthetic monitoring, ensuring the team catches degradations before customers notice. The API calls inbound to a.klaviyo.com and fast.a.klaviyo.com indicate a dedicated product API layer, separated from the marketing site by subdomain, likely behind its own scaling and security controls. This separation is a sensible architecture choice for a SaaS company whose core product is an API-driven marketing platform.

How Klaviyo Acquires Customers

Klaviyo’s demand generation engine is a broad-spectrum advertising machine backed by 12+ platform pixels and ABM identifiers. The tech stack reveals pixels from Meta, LinkedIn, TikTok, Reddit, Spotify, Google Ads, and programmatic exchanges through The Trade Desk and AppNexus. This pixel density indicates a multi-channel paid acquisition strategy that likely spans influencer, audio, display, and social video, not just traditional B2B search and social. The presence of both 6sense and Demandbase analytics tags means Klaviyo invests heavily in account-based marketing, de-anonymizing site visitors against firmographic databases to trigger sales plays.

Lead capture is routed through HubSpot Forms v2 and Qualified, creating a hybrid self-serve and sales-assisted funnel. The site uses HubSpot CRM as the system of record for inbound leads, with HubSpot Forms v2 handling contact form submissions. Qualified sits on top for conversational marketing: a chat widget that qualifies visitors in real time and routes high-intent accounts to sales reps. The scan captured a contact form that includes a company field, indicating rudimentary lead qualification even before the chat layer fires. However, no pricing page, trial signup, or interactive product demo was observed in the captured sample—a reminder that the sitemap truncation at 200 pages likely hides conversion-oriented pages deeper in the site architecture.

Content marketing is the dominant top-of-funnel engine, but mid-funnel assets are invisible. The sitemap capture was dominated by blog posts (191 entries out of 200 pages), with only a handful of seasonal campaign pages and a single B2C CRM positioning page. This suggests an SEO strategy built around long-tail educational content rather than utility tools or interactive calculators. For a marketing automation company, the absence of free tools like email template testers or deliverability checkers—common among competitors—stands out. However, the developer documentation subdomain lives separately and likely serves as a product evaluation resource for technical buyers.

Analytics and attribution stack is exceptionally mature. Beyond the ad pixels, Klaviyo runs Heap Analytics for product and website analytics, ContentSquare for session replay and behavioral insights, plus Demandbase and 6sense for account identification. This quartet gives the marketing team granular data on every visitor: what pages they view, where they click, and which company they represent. Combined with their own product analytics (Klaviyo is, after all, a marketing automation platform that ingests customer data), the closed-loop attribution from ad click to revenue event is likely enviable.

Experimentation capability is confirmed but cadence is unknown. Optimizely is detected in the tech stack, meaning Klaviyo has an enterprise A/B testing tool. Whether the team runs continuous experiments on landing pages, pricing models, or onboarding flows cannot be confirmed from signals alone. However, the presence of Optimizely alongside the dual-CMS setup implies a content management architecture flexible enough to support rapid iteration across multiple page types.

Infrastructure & Delivery: The Dual-CMS Experiment

The marketing site’s delivery chain is a microservices lesson in content architecture. At least three distinct technology stacks converge to serve the public-facing web experience. AWS CloudFront acts as the edge cache and CDN, with Route 53 managing DNS and enforcing HTTPS. HubSpot CMS likely serves the main marketing pages and blog, given the presence of HubSpot forms and its CRM integration. Sanity operates as a headless CMS feeding content to the Astro framework, which then generates static or server-rendered pages. Netlify was also detected, likely as a secondary deployment target or for preview environments. This multi-vendor setup suggests an engineering team that values flexibility over simplicity, or one that is mid-migration from a monolithic HubSpot-hosted site to a more composable headless architecture.

The API surface is cleanly separated. Product APIs live at a.klaviyo.com and fast.a.klaviyo.com, while webhook and client-side request patterns likely route to the same. This separation is standard for a SaaS company whose product is API-driven, but it also means the marketing site’s performance and availability are decoupled from the product itself. A CloudFront outage would take down the marketing site but not the API, a resilience pattern many startups overlook.

Developer tooling is ghettoized to its own subdomain. Developers.klaviyo.com hosts documentation, API references, and likely SDK guides. This isolation is deliberate: separate analytics, separate deployment pipelines, and separate SEO signals. It also lets Klaviyo track developer adoption independently from marketing engagement. However, the captured scan showed only two of the subdomains confirmed live, suggesting some audience surfaces may be decommissioned or inconsistently maintained. For a platform that sells to marketers and developers, a fully alive developer portal is table stakes, so the missing confirmation is curious.

Content freshness and scale are difficult to assess with certainty because of the truncated sitemap. The captured 200-page sitemap is overwhelmingly blog content, with no product pages, pricing pages, or conversion landing pages observed. This does not mean those pages do not exist—merely that the sitemap sample was cut off before capturing them. A full crawl would be necessary to map the entire content architecture. What is observable, however, is a heavy investment in SEO-driven educational content, with no utility content (roi calculators, interactive tools) appearing in the crawl. For a data-rich company like Klaviyo, that’s a missed opportunity for link-building and lead gen.

The dual CMS and dual hosting platforms create maintenance overhead. Running HubSpot CMS and Sanity simultaneously means content editors must know which system to use for which page, and marketing operations must manage two content pipelines. Astro as the rendering layer adds flexibility but also requires developers to maintain integrations with both backends. If Klaviyo is mid-migration to a fully headless Sanity + Astro stack, keeping the HubSpot CMS live for blog and landing pages while moving the main site to headless is a pragmatic interim step. The risk is content inconsistency and broken workflows if the systems drift.

Growth Maturity & Experimentation Firepower

Klaviyo’s growth stack is a late-stage B2B SaaS powerhouse, with tools that suggest data-driven optimization at every funnel stage. The combination of Heap Analytics, ContentSquare, Optimizely, and dual ABM platforms (6sense, Demandbase) indicates a culture of measurement. The 12+ advertising pixels suggest a sophisticated paid acquisition team running multi-touch attribution models and feeding signals into Klaviyo’s own product for lifecycle marketing. If Klaviyo practices what it preaches—using its own platform to orchestrate email, SMS, and omnichannel campaigns based on visitor behavior—then its closed-loop analytics from ad click to product usage is a competitive weapon.

Experimentation infrastructure is present but unmeasured. Optimizely is detected, but no experiments, variations, or testing cadence are observable from the outside. The dual-CMS architecture complicates experimentation: an A/B test spanning HubSpot-hosted pages and Sanity-powered pages requires engineers to manage feature flags across two systems. If Klaviyo runs mostly blog content variation tests (headlines, CTAs), HubSpot’s built-in A/B testing may suffice, but for product page experiments, Sanity + Optimizely likely handle the workload.

The partner ecosystem is a distinct growth lever. The marketplace.klaviyo.com subdomain signals a partner marketplace where third-party integrations and service providers are showcased. This is a classic B2B growth flywheel: partners build integrations, publish them to the marketplace, and bring their own customer bases into Klaviyo’s orbit. Combined with the academy.klaviyo.com subdomain for education, the ecosystem motion is fully formed. The academy likely serves both customer onboarding and demand generation through free courses, certifications, and thought leadership content—a strategy that works exceptionally well for complex software products.

Lifecycle automation ownership gives Klaviyo asymmetric insight into its own customer journey. As the provider of a marketing automation platform, Klaviyo can instrument its own product with identical event tracking, segment customers based on adoption signals, and trigger nurture campaigns with surgical precision. This self-usage pattern is a powerful engineering and growth advantage: product decisions are informed by the same data pipeline sold to customers, creating a tight feedback loop.

The biggest blind spot is unknown conversion content. With the sitemap truncated at 200 pages and dominated by blog posts, we cannot see how Klaviyo converts blog traffic into leads or trials. The contact form and Qualified chat are the only confirmed conversion surfaces, but typical B2B SaaS sites have dedicated pricing pages, demo request forms, and interactive assessments. Without evidence of these, we must assume they exist but are hidden behind the sitemap cutoff. This gap makes it difficult to assess mid-funnel maturity or conversion rate optimization efforts.

Enterprise Readiness: Trust Signals and Missing Pieces

Klaviyo’s enterprise posture is a study in contrasts. On one hand, email authentication is locked down with a DMARC reject policy and BIMI published—a strong signal that Klaviyo takes deliverability and domain spoofing seriously. OneTrust and Transcend are present for consent management and privacy compliance, essential for a company handling customer data under GDPR and CCPA. These signals would pass an initial vendor security questionnaire with flying colors.

On the other hand, a dedicated trust center is not observed. Most enterprise-focused SaaS companies publish a trust center with compliance certifications, sub-processor lists, penetration test summaries, and SLA commitments. No such page surfaced in the captured sample, and the enterprise conversion path relies on a generic contact form and Qualified chat—there is no dedicated enterprise sales page, no RFP download, and no security overview. For a marketing automation platform that stores sensitive customer data and triggers millions of emails on behalf of brands, the absence of a visible trust center is a procurement red flag.

The integration marketplace is a plus for enterprise buyers, but compliance documentation lags. The marketplace subdomain suggests a rich ecosystem of third-party apps and service partners, which enterprises look for when evaluating a platform’s stickiness and flexibility. However, explicit compliance certifications (SOC 2 Type II, ISO 27001) are not confirmed from public signals. OneTrust and Transcend handle consent, but certification badges and audit reports are the real decision-influencing assets in enterprise evaluations. Their absence may force interested buyers to request documents via sales, adding friction.

Operational maturity signals are a mix. Sentry and Pingdom provide solid observability, and the API separation suggests competent DevOps practices. However, the incomplete subdomain surface—only two confirmed live out of several detected—may indicate infrastructure decay or poor maintenance of developer, education, and partner portals. For a platform whose own product is a mission-critical marketing engine, any perceived lack of polish on public-facing surfaces can undermine trust.

The consent management stack is robust for regulated markets. Both OneTrust and Transcend are present, which is more than most B2B companies deploy. This dual consent approach covers cookie consent, data subject access requests, and privacy policy enforcement, aligning with global privacy regulations. Combined with the DMARC reject policy, email authentication and privacy hygiene form a solid foundation for enterprise conversations.

What This Means for Competitors

Klaviyo’s tech stack reveals a company that invested heavily in top-of-funnel acquisition and content marketing, while leaving enterprise procurement experience and infrastructure simplicity as secondary concerns. Competitors like Mailchimp, Braze, Iterable, or Customer.io can draw several strategic lessons from this analysis.

The dual-CMS setup is both a strength and a weakness. Competitors who run a single CMS (or a fully headless platform) will have lower content management overhead and a simpler experimentation pipeline. Klaviyo’s mix of HubSpot CMS and Sanity on Astro with Netlify duplication creates complexity that may slow down rapid content deployment and A/B testing. A competitor that can iterate on conversion pages faster—especially with dynamic personalization—can exploit this operational drag.

Klaviyo’s SEO play is deep but narrow. The blog dominance means they rely heavily on long-tail search traffic for demand generation. Competitors that invest in free tools, interactive calculators, benchmarks, or template libraries can capture intent from evaluators who want immediate value, not just educational content. The absence of utility SEO content in the crawl is an open invitation to steal mid-funnel buyers with high-intent tools.

Enterprise trust is a competitive wedge. Multiple competitors publish trust centers, SOC 2 reports, and compliance certifications directly on their sites. If Klaviyo forces enterprise buyers to contact sales for this information, procurement cycles lengthen, creating an advantage for Braze or Iterable (which prominently display security certifications). Any competitor can highlight “instant security transparency” as a differentiator.

The ad-tech footprint signals high customer acquisition cost (CAC) dependency. Running 12+ advertising pixels across programmatic channels means Klaviyo is likely spending heavily on paid media. Competitors with a stronger organic flywheel—freemium, community-led growth, or partner-led distribution—can drive more cost-efficient growth, especially as the martech category matures and ad costs rise.

The marketplace subdomain is a strategic moat. Competitors without a robust integration marketplace should prioritize building one, because Klaviyo’s ecosystem creates switching costs. Every app in that marketplace represents a workflow a customer would have to reconstruct if they left. For competitors like Customer.io, which has a more developer-centric integration model, the moat is different—more API-driven than marketplace-curated—but the lock-in effect is similar.

Klaviyo’s own product usage for lifecycle marketing is an invisible advantage. Competitors must assume Klaviyo uses its own platform for every conceivable customer communication: onboarding drips, NPS surveys, re-engagement campaigns, cross-sell plays. This self-usage means they experience the platform’s limitations firsthand, which likely accelerates product improvements in ways competitors cannot easily replicate.

Key Takeaways for Product Leaders

Dual CMS architectures are a risk to velocity. Klaviyo’s HubSpot CMS + Sanity + Astro + Netlify stack may have evolved organically during a migration, but the complexity will eventually slow content operations and experimentation. If you’re evaluating a similar build, bet on one CMS and one hosting platform, and use feature flags for A/B testing.

ABM analytics demand dual vendors to de-risk data completeness. Running both 6sense and Demandbase is expensive but ensures high-match rates and fallback when one database misses accounts. If ABM is core to your demand strategy, plan to budget for two providers and a data unification layer.

Enterprise readiness must be visible, not assumed. A DMARC reject policy, BIMI, OneTrust, and Transcend are technical hygiene, but enterprises want a trust center with SOC 2 reports, penetration test summaries, and subprocessor lists. If you’re selling to procurement teams, make these documents public and easily findable.

Utility SEO content is a missed goldmine for martech companies. Klaviyo’s blog-heavy strategy leaves room for competitors to build free tools and calculators that capture evaluator trust and backlinks. If you’re in the martech space, invest in interactive content that solves a micro-problem for your buyer persona—it will outcompete pure blog posts in both search rankings and conversion.

Monitoring your own tech stack with Sentry and Pingdom is table stakes, but monitoring your customer’s experience on your platform is a competitive differentiator. Klaviyo’s infrastructure separation (marketing site vs. API) is solid, but the real advantage comes from using their own product to orchestrate lifecycle campaigns. To compete, treat your own company as your first and most demanding customer.

Klaviyo’s technology landscape is a sophisticated but imperfect machine—highly evolved for demand generation and content marketing, yet hesitant to fully bake the enterprise trust layer into its public surface. For product leaders evaluating this stack, the lesson is clear: grow fast by instrumenting everything, but don’t let complexity accrue into a technical debt that slows the next phase of growth.