50 Automated Checks
Every scan runs these checks. Takes about 45 seconds. All automated via HTTP—no access to your source code needed.
Modern Standards
13 checksPerformance Score
Mobile performance score from Google Lighthouse
Accessibility Score
Automated accessibility checks via Lighthouse
SEO Score
Search engine optimisation score from Lighthouse
Best Practices Score
Modern web development best practices score
Image Format Optimisation
Using modern formats like WebP or AVIF
Responsive Images
srcset and sizes attributes for different screen sizes
Lazy Loading
Images below fold use loading="lazy"
Font Loading Strategy
font-display: swap or preload to prevent render blocking
Code Splitting
Multiple JavaScript chunks instead of single monolith
JavaScript Bundle Size
Total JS size reasonable (flags if over 300KB)
Caching Headers
Proper Cache-Control headers on static assets
Compression Enabled
Brotli or gzip compression on text resources
Render-Blocking Resources
Minimal blocking scripts in document head
Performance
5 checksLCP (Largest Contentful Paint)
Time until main content loads. Target: under 2.5s
CLS (Cumulative Layout Shift)
Visual stability during page load. Target: under 0.1
TBT (Total Blocking Time)
How long the page is unresponsive. Target: under 200ms
FCP (First Contentful Paint)
Time until first content appears. Target: under 1.8s
Speed Index
How quickly content is visually displayed during page load
SEO & AI Search
8 checksTitle Tag
Unique title tag present, 30-60 characters
Meta Description
Compelling meta description, 120-160 characters
Open Graph Tags
og:title, og:description, og:image for social sharing
Schema.org Structured Data
JSON-LD markup for rich search results and AI search
XML Sitemap
Sitemap exists at /sitemap.xml for search engines
Robots.txt
Valid robots.txt file at root
Canonical URL
Canonical link tag to prevent duplicate content
Mobile-Friendly Viewport
Responsive viewport meta tag configured
Security
8 checksHTTPS Enabled
Site served over secure HTTPS connection
Content-Security-Policy (CSP)
Prevents XSS attacks and data injection
HTTP Strict-Transport-Security (HSTS)
Forces browsers to use HTTPS only
X-Frame-Options
Prevents clickjacking attacks via iframes
X-Content-Type-Options
Prevents MIME type sniffing attacks
Referrer-Policy
Controls how much referrer info is shared
Permissions-Policy
Restricts browser features and APIs
Mixed Content Detection
No insecure HTTP resources loaded on HTTPS pages
Accessibility
12 checksSemantic HTML5 Elements
Proper use of header, nav, main, article, section tags
ARIA Labels
Interactive elements have accessible labels for screen readers
Keyboard Navigation
All interactive elements reachable via keyboard
Colour Contrast
Text meets 4.5:1 ratio (normal) or 3:1 (large text)
Focus Indicators
Visible focus states on interactive elements
Screen Reader Compatibility
Proper ARIA roles and landmarks for assistive tech
Image Alt Text
All images have descriptive alt attributes
Form Labels
All form inputs have associated labels
Heading Hierarchy
Logical heading structure (h1, h2, h3, etc.)
Touch Target Sizes
Interactive elements at least 48x48px on mobile
Dragging Alternatives
Alternative input methods for drag-and-drop (WCAG 2.2)
Cognitive Accessibility
Clear language, consistent navigation (WCAG 2.2)
Code Quality
4 checksConsole Errors
No JavaScript errors in browser console
Console Warnings
No JavaScript warnings in browser console
HTTP Errors (4xx/5xx)
Failed requests indicate broken resources or server issues
HTTP Request Count
Number of network requests to load the page