altstrategies.com
Corporate / B2B site based in United States, served through cloudflare, with email running through microsoft.
SEO44Needs work
Title, meta description, OG, Twitter cards, canonical
Your homepage is missing one or more of the standard social-share and search-preview tags.
Schema.org type validity (parsed JSON-LD)
We didn't find any structured-data tags on your homepage.
Encrypted Client Hello isn't offered. The hostname is visible in plaintext during the handshake.
Internal link depth (clicks from homepage to deepest content)
Important pages are reachable in just a click or two from your homepage.
6 additional standards didn't apply to this category
Accessibility50Needs work
axe-core / WAVE accessibility scan
Automated accessibility scans flagged issues on your homepage — alt text, contrast, ARIA labels, or heading structure problems that block real users.
6 additional standards didn't apply to this category
Performance53Needs work
Your server still serves over the older HTTP/2 protocol — not the newer, faster HTTP/3.
11 additional standards didn't apply to this category
AI-readiness62Solid
JSON-LD richness score for LLMs
We couldn't find any organization details in your page's structured data.
1 additional standard didn't apply to this category
Security68Excellent
Your site isn't sending any of the standard browser-protection headers.
There's no CAA record at your registrar saying which companies are allowed to issue certificates for you.
Your server doesn't staple OCSP. Visitors' browsers may have to contact the CA themselves, slowing first connects.
Neither OCSP stapling nor Must-Staple is in play. A revoked cert wouldn't be caught quickly.
Certificate key strength and signature algorithm
Your certificate uses outdated key strength or a SHA-1 signature. Reissue with a modern ACME-class cert.
Embedded SCT count (Certificate Transparency)
Your certificate carries only one embedded SCT — modern browsers want at least two. Reissue from a CA that includes them.
Only classical key exchange is offered. Today's traffic could be decrypted later if a quantum computer recovers the key.
Certificate validity-period brevity
Your certificate lifetime is on the longer end (> 90 days). ACME-class certs renew every 60-90 days and rotate cleanly.
Your certificate issuer isn't on the tier-1 trust list. Move to a mainstream public CA.
SSL certificate validity & expiration window
Your SSL certificate is valid and not close to expiring.
Sensitive path exposure (.git, .env, /admin, xmlrpc.php, wp-login.php)
None of the common admin or developer paths are publicly reachable.
Modern cipher suite preference
The handshake negotiates a modern AEAD cipher (AES-GCM or ChaCha20-Poly1305).
Forward secrecy is guaranteed by the negotiated handshake — past traffic stays unreadable even if your key leaks.
Certificate chain completeness
Your server sends the full certificate chain — every device builds the path to a trusted root cleanly.
Your TLS handshake completes quickly — under 300ms on a cold connection.
4 additional standards didn't apply to this category
Brand presence77Excellent
Google Business Profile presence + rating
We couldn't find a Google Business Profile linked to this domain.
Wayback Machine site age & last snapshot
Your site has been online for years — public archives have a long history of it.
16 additional standards didn't apply to this category
Email health85Excellent
No MTA-STS or TLS-RPT policy is published — incoming mail could be downgraded to plaintext.
Lead magnet / signup incentive detected (free download, ebook, etc.)
We didn't find a lead magnet on your homepage — no free download, sample, or signup incentive. Visitors who aren't ready to buy have nothing to take with them.
You have DMARC set up, but in monitor-only mode — it's not actually rejecting spoofed mail.
SPF is set and lists your sending services as approved senders.
Branded domain email address (vs free Gmail/Yahoo)
You send email from your own domain, not a free Gmail/Yahoo address.
Email provider class (Workspace / 365 / Zoho / self-hosted / shared)
provider=microsoft_365, mx=altstrategies-com.mail.protection.outlook.com, source=mx_classifier
DMARC aggregate reporting enabled (rua=)
You're set up to receive daily DMARC reports of spoofing attempts.
Free-email exposure on contact page (gmail/yahoo/outlook visible)
Your published contact address is on your own domain, not a free inbox.
Newsletter signup form detected
Your homepage exposes a newsletter or signup form — visitors can subscribe without leaving the page.
Email Service Provider (ESP) detected
Your Email Service Provider is detectable — newsletters and marketing email have a real sending platform behind them.
SPF lookup count (10-limit deliverability check)
Your SPF record uses fewer than 10 DNS lookups — under the spec limit.
Mailto: direct contact link present
Your site exposes a mailto: link visitors can tap to start a message.
Email forwarding service detected (improvmx, forwardemail, etc.)
Mail to this domain is being forwarded — you have working email reachability.
3 additional standards didn't apply to this category
View formal standards verdicts → Composite-spec rollups for press, regulators, and compliance auditors.
16 additional standards planned, scorer not yet implemented.
Can everyone use it?50Needs work
Your site works for visitors with disabilities
Automated accessibility scans flagged issues on your homepage — alt text, contrast, ARIA labels, or heading structure problems that block real users.
6 additional standards didn't apply to this site
Can people find this site?51Needs work
How your site appears when shared or in search results
Your homepage is missing one or more of the standard social-share and search-preview tags.
Whether your behind-the-scenes labels are valid
We didn't find any structured-data tags on your homepage.
Visitor privacy on hostile networks
Encrypted Client Hello isn't offered. The hostname is visible in plaintext during the handshake.
How well your site feeds AI the right facts
We couldn't find any organization details in your page's structured data.
Whether you're letting AI assistants read your site
You aren't blocking any AI crawlers in your robots.txt.
How easy it is to reach your deepest pages
Important pages are reachable in just a click or two from your homepage.
7 additional standards didn't apply to this site
Is it fast?53Needs work
Your site uses the newest connection style
Your server still serves over the older HTTP/2 protocol — not the newer, faster HTTP/3.
11 additional standards didn't apply to this site
Is it safe to visit?68Excellent
Browser-level protections for visitors
Your site isn't sending any of the standard browser-protection headers.
Only your approved vendors can issue your padlock
There's no CAA record at your registrar saying which companies are allowed to issue certificates for you.
Visitors connect faster on the first click
Your server doesn't staple OCSP. Visitors' browsers may have to contact the CA themselves, slowing first connects.
Strict mode for your padlock check
Neither OCSP stapling nor Must-Staple is in play. A revoked cert wouldn't be caught quickly.
Your padlock isn't using outdated keys
Your certificate uses outdated key strength or a SHA-1 signature. Reissue with a modern ACME-class cert.
Your certificate is publicly logged
Your certificate carries only one embedded SCT — modern browsers want at least two. Reissue from a CA that includes them.
Future-proof against tomorrow's computers
Only classical key exchange is offered. Today's traffic could be decrypted later if a quantum computer recovers the key.
Your padlock renews on a healthy schedule
Your certificate lifetime is on the longer end (> 90 days). ACME-class certs renew every 60-90 days and rotate cleanly.
Your padlock comes from a reputable vendor
Your certificate issuer isn't on the tier-1 trust list. Move to a mainstream public CA.
Your padlock isn't about to expire
Your SSL certificate is valid and not close to expiring.
Private files aren't open to the public
None of the common admin or developer paths are publicly reachable.
The padlock uses strong, modern math
The handshake negotiates a modern AEAD cipher (AES-GCM or ChaCha20-Poly1305).
Old recordings stay locked even if a key leaks
Forward secrecy is guaranteed by the negotiated handshake — past traffic stays unreadable even if your key leaks.
Your padlock loads cleanly on every device
Your server sends the full certificate chain — every device builds the path to a trusted root cleanly.
Your site finishes its handshake quickly
Your TLS handshake completes quickly — under 300ms on a cold connection.
4 additional standards didn't apply to this site
Does this look like a real business?77Excellent
Your listing on Google Maps and search
We couldn't find a Google Business Profile linked to this domain.
How long your site has been online
Your site has been online for years — public archives have a long history of it.
A contact form people can actually find
A visible contact form is reachable from your homepage.
9 additional standards didn't apply to this site
Is email from this domain trustworthy?87Excellent
Keeps your email private in transit
No MTA-STS or TLS-RPT policy is published — incoming mail could be downgraded to plaintext.
Stops scammers from emailing customers as you
You have DMARC set up, but in monitor-only mode — it's not actually rejecting spoofed mail.
Lists who's allowed to email as your business
SPF is set and lists your sending services as approved senders.
You email from your own domain, not Gmail
You send email from your own domain, not a free Gmail/Yahoo address.
What's actually running your email
provider=microsoft_365, mx=altstrategies-com.mail.protection.outlook.com, source=mx_classifier
You get reports when someone fakes your email
You're set up to receive daily DMARC reports of spoofing attempts.
A real tool for sending newsletters
Your Email Service Provider is detectable — newsletters and marketing email have a real sending platform behind them.
Your email setup is under a hidden limit
Your SPF record uses fewer than 10 DNS lookups — under the spec limit.
A clickable email link on your site
Your site exposes a mailto: link visitors can tap to start a message.
Your email is being forwarded, not hosted
Mail to this domain is being forwarded — you have working email reachability.
3 additional standards didn't apply to this site
Does it respect visitor privacy?——
6 additional standards didn't apply to this site