cerncourier.com
SaaS / Product site based in Switzerland, served through cloudflare.
AI-readiness30Needs work
JSON-LD richness score for LLMs
We couldn't find any organization details in your page's structured data.
3 additional standards didn't apply to this category
Privacy40Needs work
No privacy policy page found. Required by GDPR, CCPA, and most app store listings.
Terms of service page presence
No terms of service page found. Without one, you have no contractual basis for the relationship with your visitors.
Your homepage loads a moderate number of third-party trackers. Worth auditing what each one is for.
3 additional standards didn't apply to this category
Email health41Needs work
You have DMARC set up, but in monitor-only mode — it's not actually rejecting spoofed mail.
No SPF record is published, so nothing tells mail providers who's allowed to send as you.
Branded domain email address (vs free Gmail/Yahoo)
Your published contact email is on a free service, not your own domain.
Email forwarding service detected (improvmx, forwardemail, etc.)
We didn't detect any mail forwarding — your inbox provider is unclear.
Lead magnet / signup incentive detected (free download, ebook, etc.)
We didn't find a lead magnet on your homepage — no free download, sample, or signup incentive. Visitors who aren't ready to buy have nothing to take with them.
Free-email exposure on contact page (gmail/yahoo/outlook visible)
Your published contact address is on your own domain, not a free inbox.
Mailto: direct contact link present
Your site exposes a mailto: link visitors can tap to start a message.
9 additional standards didn't apply to this category
Performance67Excellent
Your server still serves over the older HTTP/2 protocol — not the newer, faster HTTP/3.
Image optimization (WebP/AVIF)
Your images are served as JPEG or PNG when modern formats (WebP, AVIF) would cut their size by 30–60% with no visible loss.
Mobile PageSpeed score + Core Web Vitals (LCP, FCP, CLS)
Your homepage is mid-pack on mobile. Reasonable but Google's ranking signal rewards faster sites.
Lazy loading on below-fold images
Below-fold images use loading="lazy" — they download only when the visitor scrolls toward them.
8 additional standards didn't apply to this category
Accessibility72Excellent
Your heading levels skip — for example, an H1 followed by an H3 with no H2 in between. Screen reader users lose the outline of the page.
No skip-to-content link is published. Keyboard users have to tab through every nav item on every page before reaching the content.
Every image on your homepage has alt text — screen readers can describe them.
Text on your homepage meets WCAG AA contrast minimums — readable by visitors with low vision.
ARIA labels presence and validity
Interactive elements have proper ARIA labels — screen reader users get a clear description of each control.
2 additional standards didn't apply to this category
Security79Excellent
Your server doesn't staple OCSP. Visitors' browsers may have to contact the CA themselves, slowing first connects.
Neither OCSP stapling nor Must-Staple is in play. A revoked cert wouldn't be caught quickly.
Certificate key strength and signature algorithm
Your certificate uses outdated key strength or a SHA-1 signature. Reissue with a modern ACME-class cert.
Embedded SCT count (Certificate Transparency)
Your certificate carries only one embedded SCT — modern browsers want at least two. Reissue from a CA that includes them.
Your TLS handshake is on the slower side. A CDN with anycast edges and session resumption usually cuts this in half.
SSL certificate validity & expiration window
Your SSL certificate is valid and not close to expiring.
WordPress REST API user enumeration exposure
Your WordPress REST API doesn't leak usernames — attackers can't list accounts without already being authenticated.
Sensitive path exposure (.git, .env, /admin, xmlrpc.php, wp-login.php)
None of the common admin or developer paths are publicly reachable.
Only modern TLS (1.2 and above) is offered — TLS 1.0 and 1.1 are turned off.
Certificate chain completeness
Your server sends the full certificate chain — every device builds the path to a trusted root cleanly.
Certificate validity-period brevity
Your certificate uses a short validity window (≤ 90 days) — auto-renewal keeps revocation fast and frictionless.
Your certificate is issued by a tier-1 publicly trusted CA (Let's Encrypt, DigiCert, Google Trust, Sectigo, etc.).
8 additional standards didn't apply to this category
SEO82Excellent
Your homepage doesn't have a visible H1 heading. Without it, search engines and screen readers have no anchor for what the page is about.
Schema.org structured data presence
Your homepage doesn't publish any Schema.org structured data. Search engines and AI tools fall back to guessing what your site is — and they guess wrong more often than not.
Title, meta description, OG, Twitter cards, canonical
Your homepage has the title, description, OG, Twitter, and canonical tags.
Schema.org type validity (parsed JSON-LD)
Your structured-data tags parse cleanly against Schema.org.
Your pages publish breadcrumb schema — search results show the path back to important sections.
Internal link depth (clicks from homepage to deepest content)
Important pages are reachable in just a click or two from your homepage.
5 additional standards didn't apply to this category
Brand presence86Excellent
We couldn't find a Trustpilot listing. Many consumers check Trustpilot before buying — a missing listing reads as a missing reputation.
Wayback Machine site age & last snapshot
Your site has been online for years — public archives have a long history of it.
LinkedIn Company Page (presence + employee count + follower count)
Your LinkedIn Company Page is live with employees and followers — B2B prospects can verify you exist.
10 additional standards didn't apply to this category
View formal standards verdicts → Composite-spec rollups for press, regulators, and compliance auditors.
17 additional standards planned, scorer not yet implemented.
Is email from this domain trustworthy?32Needs work
Stops scammers from emailing customers as you
You have DMARC set up, but in monitor-only mode — it's not actually rejecting spoofed mail.
Lists who's allowed to email as your business
No SPF record is published, so nothing tells mail providers who's allowed to send as you.
You email from your own domain, not Gmail
Your published contact email is on a free service, not your own domain.
Your email is being forwarded, not hosted
We didn't detect any mail forwarding — your inbox provider is unclear.
A clickable email link on your site
Your site exposes a mailto: link visitors can tap to start a message.
8 additional standards didn't apply to this site
Does it respect visitor privacy?40Needs work
You have a privacy policy page
No privacy policy page found. Required by GDPR, CCPA, and most app store listings.
You have a terms of service page
No terms of service page found. Without one, you have no contractual basis for the relationship with your visitors.
How many outside companies you let watch your visitors
Your homepage loads a moderate number of third-party trackers. Worth auditing what each one is for.
3 additional standards didn't apply to this site
Is it fast?67Excellent
Your site uses the newest connection style
Your server still serves over the older HTTP/2 protocol — not the newer, faster HTTP/3.
Your photos are saved in modern formats
Your images are served as JPEG or PNG when modern formats (WebP, AVIF) would cut their size by 30–60% with no visible loss.
How fast your site loads on a phone
Your homepage is mid-pack on mobile. Reasonable but Google's ranking signal rewards faster sites.
Photos lower on the page wait their turn
Below-fold images use loading="lazy" — they download only when the visitor scrolls toward them.
8 additional standards didn't apply to this site
Can everyone use it?72Excellent
Your headings are in a sensible order
Your heading levels skip — for example, an H1 followed by an H3 with no H2 in between. Screen reader users lose the outline of the page.
No skip-to-content link is published. Keyboard users have to tab through every nav item on every page before reaching the content.
Your photos have written descriptions
Every image on your homepage has alt text — screen readers can describe them.
Text on your homepage meets WCAG AA contrast minimums — readable by visitors with low vision.
Your buttons and forms are labeled for screen readers
Interactive elements have proper ARIA labels — screen reader users get a clear description of each control.
2 additional standards didn't apply to this site
Can people find this site?74Excellent
A clear headline on every page
Your homepage doesn't have a visible H1 heading. Without it, search engines and screen readers have no anchor for what the page is about.
How well your site feeds AI the right facts
We couldn't find any organization details in your page's structured data.
Hidden labels that explain your business to Google
Your homepage doesn't publish any Schema.org structured data. Search engines and AI tools fall back to guessing what your site is — and they guess wrong more often than not.
How your site appears when shared or in search results
Your homepage has the title, description, OG, Twitter, and canonical tags.
Whether your behind-the-scenes labels are valid
Your structured-data tags parse cleanly against Schema.org.
A trail showing where visitors are on your site
Your pages publish breadcrumb schema — search results show the path back to important sections.
How easy it is to reach your deepest pages
Important pages are reachable in just a click or two from your homepage.
8 additional standards didn't apply to this site
Does this look like a real business?78Excellent
We couldn't find a Trustpilot listing. Many consumers check Trustpilot before buying — a missing listing reads as a missing reputation.
Whether anyone's written about you lately
No news mentions of this domain in the last 30 days.
How long your site has been online
Your site has been online for years — public archives have a long history of it.
Your LinkedIn Company Page is live with employees and followers — B2B prospects can verify you exist.
A contact form people can actually find
A visible contact form is reachable from your homepage.
6 additional standards didn't apply to this site
Is it safe to visit?79Excellent
Visitors connect faster on the first click
Your server doesn't staple OCSP. Visitors' browsers may have to contact the CA themselves, slowing first connects.
Strict mode for your padlock check
Neither OCSP stapling nor Must-Staple is in play. A revoked cert wouldn't be caught quickly.
Your padlock isn't using outdated keys
Your certificate uses outdated key strength or a SHA-1 signature. Reissue with a modern ACME-class cert.
Your certificate is publicly logged
Your certificate carries only one embedded SCT — modern browsers want at least two. Reissue from a CA that includes them.
Your site finishes its handshake quickly
Your TLS handshake is on the slower side. A CDN with anycast edges and session resumption usually cuts this in half.
Your padlock isn't about to expire
Your SSL certificate is valid and not close to expiring.
WordPress isn't leaking your usernames
Your WordPress REST API doesn't leak usernames — attackers can't list accounts without already being authenticated.
Private files aren't open to the public
None of the common admin or developer paths are publicly reachable.
Old TLS versions are turned off
Only modern TLS (1.2 and above) is offered — TLS 1.0 and 1.1 are turned off.
Your padlock loads cleanly on every device
Your server sends the full certificate chain — every device builds the path to a trusted root cleanly.
Your padlock renews on a healthy schedule
Your certificate uses a short validity window (≤ 90 days) — auto-renewal keeps revocation fast and frictionless.
Your padlock comes from a reputable vendor
Your certificate is issued by a tier-1 publicly trusted CA (Let's Encrypt, DigiCert, Google Trust, Sectigo, etc.).
8 additional standards didn't apply to this site