Explore our comprehensive collection of website auditing tools. Each checker is designed to identify specific issues and provide actionable insights to improve your website's performance, security, and user experience.
Detects JavaScript errors and console messages
This checker uses a headless browser to detect JavaScript errors and console messages that may indicate issues with the website. The checker uses Playwright to load the page in a headless browser, captures all console messages and errors, monitors for JavaScript execution issues, and reports any console errors or warnings.
Validates cache headers for optimal web performance
A comprehensive cache validation checker that analyzes cache headers for different types of web resources according to industry best practices. It validates cache configuration for HTML pages, static assets, and API responses, with platform-specific logic for Liferay environments.
Checks if your website content is served through a CDN
Analyzes whether your website and its static assets (CSS, JavaScript, images, fonts, videos) are being served through a Content Delivery Network (CDN). This checker examines the main HTML document and all first-load assets to determine CDN coverage across your entire website.
Validates SSL certificate validity and expiration status
This checker validates SSL certificates for HTTPS websites, ensuring they are properly configured and not expired. The checker connects to the website via HTTPS, retrieves the server's SSL certificate chain, extracts certificate information including expiration date, and validates certificate format and validity.
Validates content compression for performance optimization
This checker validates that websites use proper content encoding (gzip, deflate, brotli) to optimize page loading performance. The checker sends HTTP request with Accept-Encoding header, analyzes Content-Encoding response header, validates compression method and configuration, and ensures proper content compression.
Validates Content-Security-Policy header configuration
This checker validates the Content-Security-Policy header for presence and security configuration, flagging policies containing unsafe directives that weaken XSS protection. The checker retrieves the Content-Security-Policy header from HTTP response, analyzes the policy for unsafe directives (unsafe-inline, unsafe-eval), and validates policy syntax and configuration.
Validates cookie security attributes and configuration
This checker analyzes Set-Cookie headers for security best practices including Secure, HttpOnly, and SameSite attributes. The checker retrieves all Set-Cookie headers from HTTP response, analyzes each cookie for security attributes, validates Secure, HttpOnly, and SameSite configuration, and checks for proper domain and path settings.
Checks for proper cookie consent banners with accept/reject options
Analyzes websites for cookie consent banners and GDPR compliance mechanisms. This checker detects the presence of cookie consent interfaces, validates the availability of both accept and reject options, and assesses whether users have proper control over their cookie preferences.
Detects if website uses Client-Side or Server-Side Rendering
Evaluates whether a website is Client-Side Rendered (CSR) or Server-Side Rendered (SSR) by comparing HTML content with JavaScript enabled vs disabled.
Scans software stack for known security vulnerabilities
This checker scans the technology stack for known Common Vulnerabilities and Exposures (CVEs) using the CVE.org database to identify security risks. The checker queries CVE.org REST API for each software component, analyzes CVSS scores and severity levels, compares against configurable thresholds, and provides detailed vulnerability reporting.
Validates BIMI for brand authentication in emails
Validates BIMI (Brand Indicators for Message Identification) configuration for brand authentication.
Validates DKIM signatures for email authentication
Validates DKIM (DomainKeys Identified Mail) signatures for email authentication and integrity.
Validates DMARC policy for email authentication
Validates DMARC (Domain-based Message Authentication, Reporting and Conformance) policy configuration.
Validates MTA-STS for secure email transmission
Validates MTA-STS (Mail Transfer Agent Strict Transport Security) configuration for secure email transmission.
Validates MX records for proper email routing
Validates MX (Mail Exchange) records for a domain to ensure proper email routing configuration.
Validates SPF records to prevent email spoofing
Validates SPF (Sender Policy Framework) records to prevent email spoofing and improve deliverability.
Validates TLS-RPT for email security monitoring
Validates TLS-RPT (TLS Reporting) configuration for monitoring email security issues.
Monitors domain expiration dates via RDAP to prevent service disruption
Checks domain expiration dates using RDAP protocol to identify domains that are expiring soon and require renewal attention.
Detects FAQ pages using schema markup and content analysis
This checker crawls websites to find FAQ pages using multiple detection methods including schema markup, microdata, and content analysis. The checker crawls website pages within the same domain, looks for JSON-LD with "@type": "FAQPage", scans for microdata with FAQPage itemtype, analyzes heading text for FAQ indicators, and limits crawling to prevent excessive requests.
Validates Google Analytics gtag.js implementation and configuration
This checker validates that HTML pages contain proper Google Analytics implementation by checking for the presence of the Google Analytics Global Site Tag (gtag.js) script and its configuration. The checker analyzes the HTML page to look for gtag.js script tags with async attribute, validate Google Analytics measurement ID format (G-XXXXXXXXXX), check for proper script loading sequence and configuration, verify consistency between script src IDs and config IDs, detect legacy Universal Analytics (UA) IDs, and validate script placement in the head section.
Validates Google Tag Manager implementation and configuration
The Google Tag Manager Checker validates that HTML pages contain proper Google Tag Manager (GTM) implementation by checking for the presence of the GTM script, container ID, and proper configuration. GTM is a tag management system that allows you to quickly and easily update measurement codes and related code fragments on your website. The checker analyzes the HTML document to identify and validate Google Tag Manager implementation. It looks for: 1. Script Detection: Scans for inline scripts containing GTM implementation patterns 2. Container ID Validation: Extracts and validates GTM container IDs (format: GTM-XXXXXXX) 3. Script Structure Analysis: Verifies the script follows Google's recommended implementation pattern 4. DataLayer Initialization: Checks for proper dataLayer array initialization 5. GTM Events: Validates presence of gtm.start event and gtm.js event 6. Script Placement: Ensures GTM script is placed in the <head> section for optimal loading 7. Noscript Fallback: Checks for noscript fallback implementation in the <body> section 8. Performance Optimization: Validates async loading configuration Output Results: - Success: Google Tag Manager is properly configured and implemented - Warning: Google Tag Manager is detected but has configuration issues - Fail: Google Tag Manager script not found or completely missing
Validates HTML heading hierarchy and structure
This checker validates that HTML headings follow proper hierarchical structure for accessibility and SEO best practices. The checker scans all heading elements (h1-h6) on the page, validates heading level progression (no skipping levels), checks for proper DOM nesting of headings, and identifies structural issues and violations.
Validates HSTS preload header configuration
This checker validates the Strict-Transport-Security header to ensure it's properly configured for HSTS preload inclusion. The checker retrieves the Strict-Transport-Security header, validates max-age, includeSubDomains, and preload directives, and ensures proper configuration for preload inclusion.
Validates HTTP to HTTPS redirect configuration
This checker validates that websites properly redirect HTTP requests to HTTPS to ensure secure connections are enforced. The checker converts HTTPS URL to HTTP for testing, sends HTTP request and monitors redirect response, validates redirect status codes and target URLs, and ensures redirects go to HTTPS.
Detects supported HTTP protocol versions
This checker detects which HTTP protocol versions are supported by the website, including HTTP/2 and HTTP/3 capabilities. The checker analyzes Alt-Svc header for HTTP/3 support, actively negotiates HTTP/2 connections, detects server capabilities and protocol support, and validates modern HTTP protocol adoption.
Validates image alt attributes for accessibility compliance
This checker analyzes all images on a webpage to ensure they have proper alt attributes for accessibility compliance and SEO optimization. The checker scans all img elements on the page, checks for presence and content of alt attributes, categorizes images as having valid alt, missing alt, or empty alt, and provides detailed reporting of problematic images.
Detects oversized resources affecting page performance
This checker identifies resources (images, scripts, stylesheets) that exceed size thresholds and may impact page loading performance. The checker uses Playwright to load the page and extract resource URLs, checks content length of all resources (images, scripts, CSS, videos), identifies resources exceeding 500KB threshold, and provides detailed reporting of large resources.
Validates software stack version against latest releases
This checker validates software stack version information against the latest available releases to ensure your stack is up-to-date.
Validates llms.txt files for AI-friendly content optimization
The LLMs.txt checker validates the presence and format of llms.txt files on websites. These files provide LLM-friendly content and follow a specific markdown format to help language models understand website content. The checker ensures your site is optimized for AI-powered search engines and language models by validating required elements like H1 titles, blockquote summaries, and properly structured sections with links.
Detects placeholder text that should be replaced
This checker scans web pages for Lorem Ipsum placeholder text that should be replaced with actual content before going live. The checker scans page text content for Lorem Ipsum patterns, detects various spellings and spacing variations, counts occurrences of placeholder text, and identifies pages with incomplete content.
Validates meta description length for optimal SEO performance
The Meta Description Length Checker validates that HTML pages contain a meta description tag with an appropriate length for optimal search engine optimization (SEO) performance. Meta descriptions are crucial for how your content appears in search engine results pages (SERPs) and can significantly impact click-through rates. The checker analyzes the HTML document's <head> section to identify and validate the meta description tag. It performs the following checks: 1. Meta Tag Detection: Scans for <meta name="description"> tag in the document head 2. Content Extraction: Extracts the content attribute value and trims whitespace 3. Length Calculation: Counts the character length of the description text 4. Length Validation: Compares the length against SEO best practices (150-160 characters) 5. Range Assessment: Categorizes the length into optimal, acceptable, or problematic ranges Output Results: - Success: Meta description length is within the optimal range (150-160 characters) - Warning: Meta description length is slightly outside the optimal range (120-180 characters) - Fail: Meta description is missing or length is far outside the optimal range
Checks if web resources are minified for optimal performance
Analyzes web pages and their linked resources (CSS and JavaScript) to determine if they are properly minified for optimal performance and reduced file sizes.
Detects HTTP resources on HTTPS pages and CSP upgrade directive
Detects HTTP resources loaded on HTTPS pages and checks for Content Security Policy upgrade-insecure-requests directive to prevent mixed content vulnerabilities.
Checks 404 page implementation and SEO best practices
Validates that your website has a proper 404 error page strategy in place following SEO best practices. This checker ensures that non-existent pages return the correct HTTP status code, provide helpful content to users, and are properly configured to avoid negative SEO impact.
Validates OpenGraph meta tags for social media sharing
This checker validates that HTML pages contain proper OpenGraph meta tags for optimal social media sharing and preview generation. The checker scans for OpenGraph meta tags (og:title, og:type, og:image, og:url), validates tag values and URL formats, checks for semantic consistency and best practices, and identifies missing required tags and configuration issues.
Validates page title length and SEO optimization
This checker validates that HTML page titles follow best practices for SEO and usability, ensuring they are within the recommended character length range. The checker extracts the title tag from the HTML, measures the title length in characters, and evaluates against SEO best practices (15-70 characters optimal).
Validates Permissions-Policy header for secure browser feature controls
Validates the Permissions-Policy HTTP header configuration to ensure proper security controls for browser features and APIs
Detects pricing and subscription plan pages on websites
The Pricing Checker crawls websites to detect the presence of pricing pages, subscription plans, or billing information. This checker is essential for businesses that need to verify their pricing information is discoverable and properly structured for potential customers and search engines. The checker performs a comprehensive website crawl to identify pricing-related content using multiple detection strategies: 1. Website Crawling: Systematically crawls up to 500 pages within the same domain to find pricing content 2. Schema.org Detection: Identifies structured data markup for pricing information including: - JSON-LD scripts with Offer, AggregateOffer, or PriceSpecification types - Microdata markup for pricing-related schema types - Product/Service schemas with price information 3. Content Analysis: Scans page content for pricing-related keywords in: - Headings (H1-H4) containing pricing terminology - Navigation links with pricing-related text - Buttons and call-to-action elements 4. Multi-language Support: Recognizes pricing terms in both English and Portuguese 5. Link Discovery: Follows internal links within the same domain to expand search coverage Output Results: - Success: Pricing/Plans page found with proper structure - Warning: Pricing information detected but may need improvement - Fail: No pricing/plans page found after comprehensive crawl
Validates sensitive URLs return proper HTTP status codes (401/403/404)
A comprehensive URL protection validation checker that analyzes whether sensitive URLs are properly secured and return appropriate HTTP status codes for unauthorized access. Supports platform-specific validation for Liferay and generic protection checking for common sensitive URL patterns like /admin, /api, /dashboard, etc.
Validates Referrer-Policy header for privacy protection
This checker validates the Referrer-Policy header to ensure proper configuration for privacy protection and referrer information control. The checker retrieves the Referrer-Policy header from HTTP response, validates policy values against known standards, identifies discouraged or legacy policy values, and ensures proper privacy configuration.
Validates robots.txt crawl-delay directive presence
This checker validates that websites have a robots.txt file with crawl-delay directive to control search engine crawling frequency. The checker fetches the robots.txt file from the website, scans for crawl-delay directive, and validates the directive format and presence.
Validates Schema.org structured data implementation
This checker validates the presence and implementation of Schema.org structured data using JSON-LD, Microdata, and RDFa formats. The checker scans HTML for JSON-LD script tags with Schema.org context, analyzes microdata with itemscope/itemtype attributes, checks RDFa markup with typeof attributes, and validates Schema.org entity types and structure.
Checks for server info disclosure in HTTP headers
Detects server fingerprinting headers that may expose sensitive server information including software versions, technology stacks, and implementation details.
Validates XML sitemap availability and freshness
This checker validates that websites have properly configured XML sitemaps that are accessible and up-to-date for search engine crawling. The checker discovers sitemap URLs from robots.txt and common locations, validates sitemap XML format and structure, checks sitemap freshness based on lastmod dates, and analyzes both sitemap index and URL set formats.
Measures website response time performance
This checker measures the Time To First Byte (TTFB) performance metric to evaluate website response speed and server performance. The checker sends HTTP request to the website, measures time from request to first byte received, and categorizes performance based on response time thresholds. It follows the recomendation of https://web.dev/articles/optimize-ttfb
Checks TLS protocol versions for security vulnerabilities
Analyzes the TLS protocol versions supported by a web server to identify security vulnerabilities. This checker performs a comprehensive scan of TLS 1.0, 1.1, 1.2, and 1.3 support to ensure servers are configured with secure encryption protocols only.
Validates Twitter Card meta tags for social media sharing optimization
The Twitter Card Checker validates that HTML pages contain proper Twitter Card meta tags according to Twitter's Card specification. Twitter Cards enhance how your content appears when shared on Twitter, providing rich previews with images, titles, and descriptions. The checker analyzes the HTML document's <head> section to identify and validate Twitter Card meta tags. It looks for: 1. Meta Tag Detection: Scans for <meta> tags with name or property attributes starting with "twitter:" 2. Required Tag Validation: Ensures mandatory tags (twitter:card and twitter:title) are present and have non-empty values 3. Card Type Validation: Verifies that twitter:card values are valid (summary, summary_large_image, app, player) 4. URL Validation: Checks that image and URL references are absolute URLs 5. Semantic Validation: Validates card-type-specific requirements (e.g., summary_large_image requires twitter:image) 6. Accessibility Check: Ensures image alt text is provided when images are present 7. Duplicate Detection: Identifies duplicate meta tags that could cause conflicts Output Results: - Success: All required Twitter Card tags are present and properly configured - Warning: Twitter Card tags are present but have configuration issues - Fail: Required Twitter Card tags are missing or completely empty
Validates X-Content-Type-Options header for MIME sniffing protection
This checker validates the X-Content-Type-Options header to ensure it's properly configured to prevent MIME sniffing attacks. The checker retrieves the X-Content-Type-Options header from HTTP response, validates that the header value is set to "nosniff", and checks for proper header configuration.
Validates X-Frame-Options header for clickjacking protection
This checker validates the X-Frame-Options header to ensure it's properly configured to prevent clickjacking attacks. The checker retrieves the X-Frame-Options header from HTTP response, validates header values (DENY, SAMEORIGIN, ALLOW-FROM), and checks for proper security configuration.
Need help understanding how these checkers work?Contact our support team