Web Quality Index

gonewhalewatching.com

6-year-old local business site based in California, the United States, served through cloudflare, with email running through google.

Site typeLocal business
Built onwix
Hosted byWix Com Inc
Hosted fromCalifornia, the United States
Domain age≈ 6 years
Online sinceApril 2020
Sends email throughgoogle
Managed hostWix Com Inc
CDN / WAFcloudflare
DMARC policynone
Web Quality Score
64/100
Solid
Meets the baseline standards we measure against — but with real room to improve.
Check breakdown
58 scored
A further 11 standards didn’t apply to this site — most are accessibility and privacy tests that need page contents to evaluate.
Does it respect visitor privacy?
36
Needs work
6 standards behind this question
Review1Fail4
Fail

You have a privacy policy page

No privacy policy page found. Required by GDPR, CCPA, and most app store listings.

WEBQ-47
Fail

You have a terms of service page

No terms of service page found. Without one, you have no contractual basis for the relationship with your visitors.

WEBQ-48
Fail

California privacy opt-out link

No CCPA "Do Not Sell or Share My Personal Information" link found. If you have California visitors and sell or share data, this is required.

WEBQ-50
Fail

What your site actually drops on visitors' phones

Your homepage sets non-essential cookies before the visitor consents. Under GDPR this is non-compliant — cookies should fire only after explicit opt-in.

WEBQ-51
Review

How many outside companies you let watch your visitors

Your homepage loads a moderate number of third-party trackers. Worth auditing what each one is for.

WEBQ-49

1 additional standard didn't apply to this site

Is it fast?
72
Excellent
14 standards behind this question
Pass6Review1Fail4
Fail

Reachable on the modern internet

Your domain has no IPv6 address — only the older IPv4.

WEBQ-31
Fail

Your photos are saved in modern formats

Your images are served as JPEG or PNG when modern formats (WebP, AVIF) would cut their size by 30–60% with no visible loss.

WEBQ-32
Fail

Photos lower on the page wait their turn

Images below the fold aren't lazy-loaded — visitors download them up front even if they never scroll that far.

WEBQ-35
Fail

How fast your site loads on a phone

Your homepage is slow on mobile. The data Google uses to rank pages says real visitors wait too long for it to feel ready.

WEBQ-08
Review

How fast your site loads on a laptop

Your homepage is acceptable on desktop but not fast — there's headroom to improve.

WEBQ-33
Pass

Your homepage isn't bloated

Your homepage downloads at a reasonable size.

WEBQ-37
Pass

Your site uses a modern web connection

Your server speaks HTTP/2 — page loads multiplex over a single connection.

WEBQ-09
Pass

Pages get squeezed before they're sent

Your server compresses pages with Brotli or gzip — visitors download a fraction of the raw size.

WEBQ-10
Pass

Your site uses the newest connection style

Your server supports HTTP/3.

WEBQ-30
Pass

How real visitors actually experience your speed

Real visitors report fast loads in Chrome User Experience data — your live performance is genuinely good.

WEBQ-34
Pass

Your text shows up while fonts load

Your fonts swap in cleanly — text is readable in the system font while custom fonts download.

WEBQ-36

3 additional standards didn't apply to this site

Is it safe to visit?
75
Excellent
21 standards behind this question
Pass9Review2Fail4
Fail

Your domain can't be quietly hijacked

DNSSEC is not enabled on your domain.

WEBQ-22
Fail

Only your approved vendors can issue your padlock

There's no CAA record at your registrar saying which companies are allowed to issue certificates for you.

WEBQ-23
Fail

Visitors connect faster on the first click

Your server doesn't staple OCSP. Visitors' browsers may have to contact the CA themselves, slowing first connects.

WEBQ-91
Fail

Strict mode for your padlock check

Neither OCSP stapling nor Must-Staple is in play. A revoked cert wouldn't be caught quickly.

WEBQ-96
Review

Your padlock isn't using outdated keys

Your certificate uses outdated key strength or a SHA-1 signature. Reissue with a modern ACME-class cert.

WEBQ-89
Review

Your certificate is publicly logged

Your certificate carries only one embedded SCT — modern browsers want at least two. Reissue from a CA that includes them.

WEBQ-92
Pass

Your padlock isn't about to expire

Your SSL certificate is valid and not close to expiring.

WEBQ-05
Pass

Private files aren't open to the public

None of the common admin or developer paths are publicly reachable.

WEBQ-07
Pass

Forgotten subdomains aren't an open door

No forgotten or claimable subdomains were found.

WEBQ-28
Pass

The padlock uses strong, modern math

The handshake negotiates a modern AEAD cipher (AES-GCM or ChaCha20-Poly1305).

WEBQ-87
Pass

Old recordings stay locked even if a key leaks

Forward secrecy is guaranteed by the negotiated handshake — past traffic stays unreadable even if your key leaks.

WEBQ-88
Pass

Your padlock loads cleanly on every device

Your server sends the full certificate chain — every device builds the path to a trusted root cleanly.

WEBQ-90
Pass

Your padlock renews on a healthy schedule

Your certificate uses a short validity window (≤ 90 days) — auto-renewal keeps revocation fast and frictionless.

WEBQ-95
Pass

Your padlock comes from a reputable vendor

Your certificate is issued by a tier-1 publicly trusted CA (Let's Encrypt, DigiCert, Google Trust, Sectigo, etc.).

WEBQ-97
Pass

Your site finishes its handshake quickly

Your TLS handshake completes quickly — under 300ms on a cold connection.

WEBQ-98

6 additional standards didn't apply to this site

Can everyone use it?
76
Excellent
7 standards behind this question
Pass4Fail2
Fail

Your headings are in a sensible order

Your heading levels skip — for example, an H1 followed by an H3 with no H2 in between. Screen reader users lose the outline of the page.

WEBQ-55
Fail

A way to skip past the menu

No skip-to-content link is published. Keyboard users have to tab through every nav item on every page before reaching the content.

WEBQ-58
Pass

Your site works for visitors with disabilities

Your homepage passes automated accessibility checks — no obvious blockers for screen readers or keyboard users.

WEBQ-53
Pass

Your photos have written descriptions

Every image on your homepage has alt text — screen readers can describe them.

WEBQ-54
Pass

Text is dark enough to read

Text on your homepage meets WCAG AA contrast minimums — readable by visitors with low vision.

WEBQ-56
Pass

Your buttons and forms are labeled for screen readers

Interactive elements have proper ARIA labels — screen reader users get a clear description of each control.

WEBQ-57

1 additional standard didn't apply to this site

Can people find this site?
77
Excellent
15 standards behind this question
Pass4Fail2
Fail

How your site appears when shared or in search results

Your homepage is missing one or more of the standard social-share and search-preview tags.

WEBQ-11
Fail

How well your site feeds AI the right facts

We couldn't find any organization details in your page's structured data.

WEBQ-45
Pass

Hidden labels that explain your business to Google

Your homepage publishes Schema.org structured data — search engines and AI tools can read what your site is directly.

WEBQ-12
Pass

A clear headline on every page

Your homepage has a clear H1 heading — search engines and screen readers know what the page is about.

WEBQ-13
Pass

Whether your behind-the-scenes labels are valid

Your structured-data tags parse cleanly against Schema.org.

WEBQ-39
Pass

How easy it is to reach your deepest pages

Important pages are reachable in just a click or two from your homepage.

WEBQ-43

9 additional standards didn't apply to this site

Is email from this domain trustworthy?
80
Excellent
13 standards behind this question
Pass7Fail3
Fail

Keeps your email private in transit

No MTA-STS or TLS-RPT policy is published — incoming mail could be downgraded to plaintext.

WEBQ-24
Fail

A real tool for sending newsletters

We couldn't identify which Email Service Provider (Mailchimp, Klaviyo, ConvertKit, etc.) you're using. Either you don't send marketing email, or the integration isn't visible from the homepage.

WEBQ-80
Fail

Stops scammers from emailing customers as you

You have DMARC set up, but in monitor-only mode — it's not actually rejecting spoofed mail.

WEBQ-01
Pass

Lists who's allowed to email as your business

SPF is set and lists your sending services as approved senders.

WEBQ-03
Pass

You email from your own domain, not Gmail

You send email from your own domain, not a free Gmail/Yahoo address.

WEBQ-75
Pass

What's actually running your email

provider=google

WEBQ-76
Pass

You get reports when someone fakes your email

You're set up to receive daily DMARC reports of spoofing attempts.

WEBQ-77
Pass

Your email setup is under a hidden limit

Your SPF record uses fewer than 10 DNS lookups — under the spec limit.

WEBQ-82
Pass

A clickable email link on your site

Your site exposes a mailto: link visitors can tap to start a message.

WEBQ-84
Pass

Your email is being forwarded, not hosted

Mail to this domain is being forwarded — you have working email reachability.

WEBQ-85

3 additional standards didn't apply to this site

Does this look like a real business?
81
Excellent
12 standards behind this question
Pass4Fail1
Fail

Your listing on Google Maps and search

We couldn't find a Google Business Profile linked to this domain.

WEBQ-19
Pass

How long your domain has existed

Your domain has been registered for years — long enough to clear fraud-detection signals.

WEBQ-17
Pass

How long your site has been online

Your site has been online for years — public archives have a long history of it.

WEBQ-18
Pass

Whether anyone's written about you lately

Recent news mentions of your domain were found.

WEBQ-20
Pass

A contact form people can actually find

A visible contact form is reachable from your homepage.

WEBQ-83

7 additional standards didn't apply to this site