22-Point Examination of Your Website

We continuously monitor your website across 22 scored categories — security, performance, accessibility, compliance, and more. Every category scored, every finding explained.

Operated by Impellio.

How It Works

We Monitor Constantly

Your website is examined across 22 scored categories on a regular schedule — SSL certificates, domain expiry, performance, accessibility, compliance, and more — all tracked automatically.

Critical Issues — Immediate Email

Security exposures, SSL certificate problems, new vulnerabilities, or major score drops trigger an email the moment we detect them.

Non-Critical Changes — Weekly Digest

When something crosses a threshold — gets worse or improves enough to change status — you get a weekly summary. If nothing needs attention, we stay quiet.

What We Monitor

Twenty-two categories grouped into seven areas. Each group scored as a weighted average; the overall score uses a weighted harmonic mean that penalises weak areas more heavily.

Critical — Immediate Alerts

Issues that put your site or visitors at risk. You are emailed the moment we detect any of these.

Security Exposure — publicly accessible files, admin panels, database dumps, or environment files that should never be exposed.
SSL/TLS Problems — expiring or expired certificates, broken certificate chains, deprecated protocols, and mixed content on HTTPS pages.
New Vulnerabilities — newly detected security issues in headers, JavaScript libraries, or server configuration that weren't present in the previous exam.
Domain Expiry — warnings at 30, 14, and 7 days before your domain registration expires.
Major Score Drops — overall health score dropping more than 20 points between exams.

Important — Weekly Digest

Everything else — performance, accessibility, SEO, compliance, broken links, and 17 more categories — is tracked weekly. You only hear from us when something crosses a threshold. See the full category breakdown below for details.

Full Category Breakdown

All 22 scored categories with detailed descriptions of what each examination covers.

How we measure — scope and limitations →

Security

Security Scan: Probes for files and paths that should never be publicly accessible. Checks for exposed environment files, source code directories, database dumps, and unprotected admin panels.
SSL/TLS: In-depth SSL/TLS analysis beyond basic certificate checks. Validates the full certificate chain, detects deprecated protocol versions, and scans for mixed HTTP content on HTTPS pages.
Security Headers: HTTP response headers that guard against common attacks. Checks six key headers, with a detailed analysis of your Content Security Policy where present.
JS Security: Known vulnerabilities in third-party libraries, unsafe functions like eval() and document.write(), and mixed HTTP content on HTTPS pages.
Privacy: Third-party tracking scripts, external image pixels, and iframe embeds. Identifies known tracker domains and quantifies how much data leaves the page.

User Experience

Accessibility: Whether your site works for visitors who rely on screen readers, keyboard navigation, or other assistive technology. Tested against WCAG 2.0 AA.
Usability: How easily visitors can navigate and interact with your site. Checks for proper navigation elements, form labelling, descriptive link text, and semantic landmarks.
Responsive: How well your site adapts to different screens. Checks viewport configuration, responsive image coverage (srcset and picture elements), and fixed-width HTML attributes that may cause overflow on narrow screens.
Content Structure: How well your page content is structured for both human readers and crawlers. Checks heading hierarchy, paragraph content, text-to-HTML ratio, and link density. Note: typography metrics (font size, line height) require CSS rendering and are not assessed here.
Contrast: Whether text is legible against its background. WCAG requires a minimum contrast ratio of 4.5:1 for normal text — anything below that makes content harder to read, particularly for those with reduced vision.

Speed

Performance: How quickly your site loads and becomes usable. Based on Lighthouse metrics including largest contentful paint, input responsiveness, and visual stability.
Page Weight: Total download size and request count. Identifies unminified resources, render-blocking assets, and CSS or JavaScript that ships but never executes.
Images: How well your images are optimised for delivery. Checks format efficiency, lazy loading, explicit width and height attributes, file size, and compression levels.
Caching: Browser caching configuration for your static assets. Checks Cache-Control headers, ETags, and expiry values that determine how efficiently returning visitors load your site.

Discoverability

SEO: How search engines read and index your site. Covers title tags, meta descriptions, heading hierarchy, Open Graph tags, canonical URLs, and structured data.
Link Health: How reliable your internal and external links are. Identifies 404 responses, redirect chains, and dead external URLs.
Site Basics: Foundational elements every site should have. Validates robots.txt, sitemap.xml, favicon, custom 404 page, and checks for excessive redirect chains.

Infrastructure

DNS & Email: Email authentication and DNS health. Checks SPF, DKIM, and DMARC records that prevent email spoofing, plus MX records, IPv6 support, and DNSSEC status.
Server Config: Server-level settings that affect performance and security. Checks compression (gzip/Brotli), HTTP/2 support, cookie security flags, and information disclosure in response headers.
Tech Stack: Identifies the platform, CMS, analytics tools, and frontend frameworks powering your site. Helps you understand what third-party code is running and its potential performance impact.

Code Quality

HTML Validity: The structural soundness of your markup. Broken nesting, missing attributes, and duplicate IDs can cause unpredictable rendering and interfere with assistive technology.

Compliance

Compliance: Whether a privacy policy link, cookie policy link, and cookie consent mechanism are detectable on the homepage.