SEO + Security + Performance
51 checks — comprehensive website audit
Comprehensive audit covering 30 SEO checks, 11 security checks and 10 performance metrics. Basic checks run in all tiers, Chrome DevTools Protocol analyses are available in PRO.
What is Chrome DevTools Protocol?
Chrome DevTools Protocol checks launch a real Chrome browser and analyze the page just as a user would see it — including network traffic, cookies, JavaScript and CSS coverage. Available from BASIC tier.
SEO Health
30 checks — S1 to S30
Checks if the page has a <title> tag in the <head> section.
Optimal length of 50-60 characters for proper display in search results.
The page should have exactly one <h1> heading.
Checks that headings (H1-H6) don't skip levels.
Verifies <link rel='canonical'> to prevent duplicate content.
Meta viewport tag for proper display on mobile devices.
Checks meta robots — whether 'noindex' or 'nofollow' is set.
og:title, og:description, og:image for proper sharing on social networks.
Checks twitter:card, twitter:title and twitter:description tags.
Verifies JSON-LD, microdata or RDFa structured data.
Every image should have an alt attribute for accessibility and SEO.
Minimum of 3 internal links for proper navigation and PageRank distribution.
Checks for the existence of links to relevant external resources.
Verifies that anchor texts describe target pages (not 'click here').
URLs without query parameters, hashbangs and unnecessary fragments.
Correct language attribute on the <html> tag (e.g. lang='en').
Verifies that the website has a defined favicon icon.
HTTP status code of the checked URL + verification of all <a href> links on the page via HEAD requests.
Verifies the existence and correctness of the robots.txt file.
Checks if the website has an accessible and valid sitemap.xml.
Automatic redirect from HTTP to HTTPS.
Consistent use of www/non-www version of the domain.
Consistent use/non-use of trailing slash in URLs.
HTML document size — ideally under 100 KB.
Checks responsive design and mobile accessibility.
Minimum of 300 words for sufficient content relevance.
Keyword density — checks whether it is overstuffed or insufficient.
Checks hreflang tags for multilingual websites.
Verifies rel='prev' and rel='next' for paginated pages.
Checks breadcrumb navigation for better orientation.
Security
11 checks — SEC1 to SEC11(4 Chrome DevTools Protocol)
Verifies that the website runs on HTTPS with a valid certificate.
Strict-Transport-Security header — max-age >= 31536000, includeSubDomains.
Content-Security-Policy — no unsafe-inline, unsafe-eval or wildcards.
Clickjacking protection — DENY or SAMEORIGIN.
Header 'nosniff' to prevent MIME-type sniffing.
Checks referrer policy — recommended strict-origin-when-cross-origin.
Denying access to camera, microphone and geolocation.
Detection of HTTP resources on an HTTPS page (images, scripts, styles).
Captures security warnings in the browser console.
Checks SameSite, Secure and HttpOnly flags on cookies.
Detection of deprecated browser API usage.
Performance
10 checks — P1 to P10(4 Chrome DevTools Protocol)
Server response time — ideally under 1 second, warning under 3s.
HTML document size — pass under 100 KB, warning under 500 KB.
Number of external scripts, styles and images — ideally under 20.
Amount of inline CSS — pass under 10 KB, warning under 50 KB.
Amount of inline JavaScript — pass under 10 KB, warning under 50 KB.
Lazy loading, srcset and proper image formats (WebP, AVIF).
Total page size — pass under 2 MB, warning under 5 MB.
Total number of HTTP requests — pass under 50, warning under 100.
How much of the CSS code is actually used on the page.
How much of the JavaScript code is actually used on the page.
Try the comprehensive audit
Enter a URL and discover SEO score, security gaps and performance issues of your website.
Run audit