Free Website Analysis Tool

YOUR WEBSITE
REPORT CARD

Enter any domain. Get a comprehensive AI-powered audit across SEO, AEO, Security, Performance, and Best Practices — with letter grades, scores, and prioritized recommendations. No email required.

https://
Initializing…
Instant results No email required No sales pressure 5 audit categories AI-powered
5Audit Categories
A–FLetter Grades
60sAvg Scan Time
FreeAlways
Book Free Review →
What we analyse
5 CATEGORIES. ONE REPORT.
SEO
Title tag, meta description, H1/H2/H3 hierarchy, schema markup, canonicals, Open Graph, image alt text, and internal linking.
AEO
Answer Engine Optimisation — JSON-LD structured data, FAQPage schema, E-E-A-T signals, author bios, and AI-citation readiness.
Security
CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, COEP/COOP/CORP, Permissions-Policy, HTTPS, and cookie consent.
Performance
Render-blocking resources, page weight, cache headers, favicon, iframes, and Core Web Vitals signals.
Best Practices
Mobile viewport, robots meta, social tags completeness, HTTPS redirect, accessibility signals, and form hygiene.
Understanding Your Score

What Each Score Means and How to Fix the Most Common Issues

Most website graders return a number and walk away. Ours breaks the score down into five categories that actually matter for visibility, trust, and conversion: SEO, AEO, security, performance, and best practices. Each category checks for specific signals search engines and AI engines look for. Below is what each check does, why it matters, and how to fix the most common failures.

SEO — The Signals Search Engines Actually Use

The SEO checks cover the foundational metadata search engines use to understand and rank your page. We check the title tag, meta description, canonical URL, robots directive, viewport tag, internal link count, image alt attributes, and heading hierarchy (H1, H2, H3 structure).

Why it matters: Pages with weak metadata get truncated in search results, lose click-through, and rank below competitors with stronger fundamentals. A missing canonical can split your ranking signal across duplicate URLs. A blocked robots directive can quietly de-index pages you actually want indexed.

Common findings we see

Title under 30 characters or over 60. Aim for 50 to 60 characters with your primary keyword early. Truncated titles waste SERP space.

No meta description. Google generates one for you, and it's rarely good. Write a 150 to 160 character description that includes your value proposition.

No canonical tag. If your page exists at multiple URLs (with or without trailing slash, with or without .html, with or without query params), Google has to guess which to rank. Always declare canonical.

Single H1, broken H2 hierarchy. Your page should have exactly one H1 and a logical H2 to H3 nesting. Skipping levels (H1 directly to H4) breaks accessibility and confuses crawlers.

AEO — Getting Pulled Into AI Answers

Answer Engine Optimization is the discipline of structuring content so AI engines like ChatGPT, Perplexity, Google AI Overviews, and Bing Copilot extract and cite it. The grader checks for FAQPage schema, HowTo schema, Speakable schema, named entities, factual claims with citations, and conversational question-formatted headings.

Why it matters: AI engines now answer queries directly without sending users to your site — unless they cite you. Pages without structured Q&A schema, citation-friendly statements, or entity markup get ignored in favor of pages that are easier to parse. AEO is becoming a larger share of high-intent traffic than traditional SEO for many SMBs.

Common findings

No FAQPage schema. This is the single biggest AEO lever. If your page has questions and answers, mark them up with FAQPage JSON-LD. Visible text must match the schema word-for-word.

No Organization schema. AI engines build entity profiles. Without an Organization block linking your business name to your website, location, and services, you're invisible in entity-based queries.

No internal linking from supporting pages. AI engines weight entity authority by internal link density to your core pages. One mention of a service on your homepage isn't enough — it needs to be cross-linked from related content.

Security — Trust Signals That Affect Ranking and Conversion

The security checks cover HTTPS, security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy), TLS configuration, exposed admin paths, and email authentication records (SPF, DKIM, DMARC) referenced from the page.

Why it matters: Google has used HTTPS as a ranking signal since 2014. Browsers flag non-HTTPS pages as "Not Secure" in the address bar, killing conversion. Missing security headers leave your site exposed to clickjacking, XSS, and mixed-content attacks. Email authentication failures cause your legitimate email to land in spam folders — and let attackers spoof your domain.

Common findings

No HSTS header. Without HSTS, the first request to your site can be intercepted before the HTTPS redirect fires. Set Strict-Transport-Security with a long max-age.

Missing or weak CSP. A Content Security Policy stops most XSS attacks and tells the browser which sources can load scripts, styles, and images. Even a permissive CSP is better than none.

Mixed content. Your page loads over HTTPS, but some images, scripts, or iframes load over HTTP. Modern browsers block these silently — and your page partially breaks.

No DMARC policy or DMARC set to p=none. This means anyone can spoof your domain to send phishing emails. Run the Securafy domain scanner for a full SPF, DKIM, and DMARC posture check.

If your security score is below 75, you have findings that compound — fixing them piecemeal is harder than starting with a proper review. Securafy's Managed Security service handles the full posture, from headers to email authentication to ongoing monitoring.

Performance — Speed Affects Both Ranking and Revenue

Performance checks cover total page weight, image optimization (WebP usage, alt attributes, lazy loading), render-blocking scripts, CDN usage, HTTP/2 or HTTP/3 support, and approximate Core Web Vitals signals (LCP, CLS, INP).

Why it matters: Google uses Core Web Vitals as a ranking factor. Beyond ranking, page speed has a direct conversion impact — a 1-second delay typically reduces conversions by 7 to 10 percent. Mobile users abandon pages that don't render in under 3 seconds.

Common findings

Images served as PNG or JPG instead of WebP. WebP is 25 to 35 percent smaller at equivalent quality. Modern browsers support it; older browsers can fall back via the <picture> element.

Render-blocking scripts in <head>. Move non-critical scripts to defer or async. Anything not needed for first paint should not block rendering.

No CDN. Serving images and assets from a CDN cuts page-load time for visitors outside your region by 40 percent or more. For an Ohio business with a national audience, this matters.

No HTTP/2 or HTTP/3. If your server still negotiates HTTP/1.1, you're paying a 30 to 50 percent latency penalty on every connection.

Best Practices — Quality Signals AI and Search Engines Weight

The best practices category covers favicon presence, viewport tag, accessibility basics (lang attribute, image alt text, form labels), structured social sharing tags (OG, Twitter Card), no broken links, no console errors, and clean URL structure.

Why it matters: Each of these is a small signal individually. Together they tell search engines and AI engines that your site is professionally maintained and trustworthy. The presence of these signals is one of the patterns AI engines use to decide which sources to cite versus which to skip.

Common findings

Missing Open Graph tags. When someone shares your page on LinkedIn or Slack, OG tags determine what shows up. Without them, your link is a bare URL — drastically reducing share-through.

No Twitter Card metadata. Same logic for X (Twitter). One <meta name="twitter:card"> plus title, description, and image is enough.

Form fields without labels. Screen readers can't announce unlabeled fields, which fails WCAG 2.1 AA accessibility and creates legal exposure under ADA Title III for US businesses.

Console errors visible to crawlers. Some search engines treat console errors as a quality signal. Clean them up.

When to Bring in Help

If your score is below 60, you have systemic issues that won't be fixed by patching findings one at a time. If your score is 60 to 75, you have specific gaps worth addressing in priority order. Above 75, you're in solid shape and should focus on the AEO and schema layer for incremental gains.

For businesses in regulated industries (healthcare, financial services, legal, defense), your score has to clear a higher bar — security headers, email authentication, and accessibility aren't optional, they're audit findings waiting to happen. Securafy's vCISO advisory and Comply-CARE services handle the full posture review and remediation roadmap.

Common questions
FREQUENTLY ASKED QUESTIONS
Five categories: SEO (title, meta, headings, schema), AEO (structured data, FAQ schema, E-E-A-T for AI engines), Security (10 HTTP headers, HTTPS, cookie consent), Performance (render-blocking resources, page size, caching), and Best Practices (mobile, social tags, accessibility). Each gets a letter grade A–F and a score out of 100.
AEO is Answer Engine Optimisation — structuring your website so AI tools like Google AI Overviews, Perplexity, and ChatGPT can read and cite your business. Without proper schema markup and E-E-A-T signals, your business is invisible in the AI-driven search results your prospects increasingly rely on.
Yes — completely free, no email address, no credit card, no account. Enter any domain and get a full graded report instantly.
Book Securafy's free 15-minute Website Review. Our team walks through your specific findings, explains what each issue means for your business, and provides a written remediation plan — no obligation, no upsell. Call (330) 906-8888 or book online.