healthtalk.org
Corporate / B2B site based in United Kingdom, served through cloudflare.
AI-readiness30Needs work
JSON-LD richness score for LLMs
We couldn't find any organization details in your page's structured data.
3 additional standards didn't apply to this category
Email health31Needs work
You have DMARC set up, but in monitor-only mode — it's not actually rejecting spoofed mail.
No SPF record is published, so nothing tells mail providers who's allowed to send as you.
Branded domain email address (vs free Gmail/Yahoo)
Your published contact email is on a free service, not your own domain.
Mailto: direct contact link present
We couldn't find a tap-to-email link anywhere on your site.
Email forwarding service detected (improvmx, forwardemail, etc.)
We didn't detect any mail forwarding — your inbox provider is unclear.
Lead magnet / signup incentive detected (free download, ebook, etc.)
We didn't find a lead magnet on your homepage — no free download, sample, or signup incentive. Visitors who aren't ready to buy have nothing to take with them.
Free-email exposure on contact page (gmail/yahoo/outlook visible)
Your published contact address is on your own domain, not a free inbox.
9 additional standards didn't apply to this category
Performance47Needs work
Your server still serves over the older HTTP/2 protocol — not the newer, faster HTTP/3.
Image optimization (WebP/AVIF)
Your images are served as JPEG or PNG when modern formats (WebP, AVIF) would cut their size by 30–60% with no visible loss.
Lazy loading on below-fold images
Images below the fold aren't lazy-loaded — visitors download them up front even if they never scroll that far.
Font loading strategy (FOUT/FOIT/swap)
Your fonts aren't using font-display: swap. Visitors see invisible text for a moment while the font downloads — Google penalises this.
Mobile PageSpeed score + Core Web Vitals (LCP, FCP, CLS)
Your homepage is slow on mobile. The data Google uses to rank pages says real visitors wait too long for it to feel ready.
Your server compresses pages with Brotli or gzip — visitors download a fraction of the raw size.
6 additional standards didn't apply to this category
Brand presence52Needs work
Google Business Profile presence + rating
We couldn't find a Google Business Profile linked to this domain.
Yelp presence + rating + review count
We couldn't find a Yelp listing for this business. Local-business searches and recommendation engines lean on Yelp as a signal.
We couldn't find a Trustpilot listing. Many consumers check Trustpilot before buying — a missing listing reads as a missing reputation.
LinkedIn Company Page (presence + employee count + follower count)
We couldn't find a LinkedIn Company Page for this business. B2B prospects look for it before reaching out.
Apple Maps presence (Apple Business Connect)
We couldn't find an Apple Business Connect listing. Apple Maps visitors and Siri queries can't find you cleanly.
We couldn't find a Facebook Page linked from your site. Many consumers still check Facebook before booking or buying.
Instagram presence (link from site → IG profile)
We couldn't find an Instagram profile linked from your site. For local / consumer-facing brands, Instagram is the lead channel.
Wayback Machine site age & last snapshot
Your site has been online for years — public archives have a long history of it.
6 additional standards didn't apply to this category
SEO55Solid
Schema.org structured data presence
Your homepage doesn't publish any Schema.org structured data. Search engines and AI tools fall back to guessing what your site is — and they guess wrong more often than not.
Schema.org type validity (parsed JSON-LD)
We didn't find any structured-data tags on your homepage.
No breadcrumb schema is published. Search engines can't show breadcrumb trails under your listings, and visitors lose the trail to important pages.
Title, meta description, OG, Twitter cards, canonical
Your homepage is missing one or more of the standard social-share and search-preview tags.
Your homepage has a clear H1 heading — search engines and screen readers know what the page is about.
Internal link depth (clicks from homepage to deepest content)
Important pages are reachable in just a click or two from your homepage.
5 additional standards didn't apply to this category
Privacy74Excellent
Cookie banner presence + CMP detection
No cookie banner detected, but trackers are present. If you serve EU or California traffic, this is a compliance gap.
Your homepage loads a moderate number of third-party trackers. Worth auditing what each one is for.
Cookie scan — actual cookies set on first load
Your homepage sets only essential cookies before consent. Non-essential cookies fire after opt-in.
1 additional standard didn't apply to this category
Security78Excellent
Your server doesn't staple OCSP. Visitors' browsers may have to contact the CA themselves, slowing first connects.
Neither OCSP stapling nor Must-Staple is in play. A revoked cert wouldn't be caught quickly.
Certificate key strength and signature algorithm
Your certificate uses outdated key strength or a SHA-1 signature. Reissue with a modern ACME-class cert.
Embedded SCT count (Certificate Transparency)
Your certificate carries only one embedded SCT — modern browsers want at least two. Reissue from a CA that includes them.
Your TLS handshake is on the slower side. A CDN with anycast edges and session resumption usually cuts this in half.
SSL certificate validity & expiration window
Your SSL certificate is valid and not close to expiring.
Sensitive path exposure (.git, .env, /admin, xmlrpc.php, wp-login.php)
None of the common admin or developer paths are publicly reachable.
Only modern TLS (1.2 and above) is offered — TLS 1.0 and 1.1 are turned off.
Certificate chain completeness
Your server sends the full certificate chain — every device builds the path to a trusted root cleanly.
Certificate validity-period brevity
Your certificate uses a short validity window (≤ 90 days) — auto-renewal keeps revocation fast and frictionless.
Your certificate is issued by a tier-1 publicly trusted CA (Let's Encrypt, DigiCert, Google Trust, Sectigo, etc.).
9 additional standards didn't apply to this category
Accessibility93Excellent
Some images on your homepage are missing alt text. Screen reader users hear silence where they should hear a description.
Your accessibility statement page is published — visitors can find out what standards you commit to.
Your heading levels are properly nested — H1, then H2s, then H3s — and screen readers can navigate the outline.
ARIA labels presence and validity
Interactive elements have proper ARIA labels — screen reader users get a clear description of each control.
A skip-to-content link is published — keyboard users land directly on the main content.
2 additional standards didn't apply to this category
View formal standards verdicts → Composite-spec rollups for press, regulators, and compliance auditors.
12 additional standards planned, scorer not yet implemented.
Is email from this domain trustworthy?18Needs work
Stops scammers from emailing customers as you
You have DMARC set up, but in monitor-only mode — it's not actually rejecting spoofed mail.
Lists who's allowed to email as your business
No SPF record is published, so nothing tells mail providers who's allowed to send as you.
You email from your own domain, not Gmail
Your published contact email is on a free service, not your own domain.
A clickable email link on your site
We couldn't find a tap-to-email link anywhere on your site.
Your email is being forwarded, not hosted
We didn't detect any mail forwarding — your inbox provider is unclear.
8 additional standards didn't apply to this site
Does this look like a real business?46Needs work
Your listing on Google Maps and search
We couldn't find a Google Business Profile linked to this domain.
We couldn't find a Yelp listing for this business. Local-business searches and recommendation engines lean on Yelp as a signal.
We couldn't find a Trustpilot listing. Many consumers check Trustpilot before buying — a missing listing reads as a missing reputation.
We couldn't find a LinkedIn Company Page for this business. B2B prospects look for it before reaching out.
We couldn't find an Apple Business Connect listing. Apple Maps visitors and Siri queries can't find you cleanly.
A contact form people can actually find
We couldn't find a visible contact form on your homepage.
How long your site has been online
Your site has been online for years — public archives have a long history of it.
3 additional standards didn't apply to this site
Is it fast?47Needs work
Your site uses the newest connection style
Your server still serves over the older HTTP/2 protocol — not the newer, faster HTTP/3.
Your photos are saved in modern formats
Your images are served as JPEG or PNG when modern formats (WebP, AVIF) would cut their size by 30–60% with no visible loss.
Photos lower on the page wait their turn
Images below the fold aren't lazy-loaded — visitors download them up front even if they never scroll that far.
Your text shows up while fonts load
Your fonts aren't using font-display: swap. Visitors see invisible text for a moment while the font downloads — Google penalises this.
How fast your site loads on a phone
Your homepage is slow on mobile. The data Google uses to rank pages says real visitors wait too long for it to feel ready.
Pages get squeezed before they're sent
Your server compresses pages with Brotli or gzip — visitors download a fraction of the raw size.
6 additional standards didn't apply to this site
Can people find this site?51Needs work
Hidden labels that explain your business to Google
Your homepage doesn't publish any Schema.org structured data. Search engines and AI tools fall back to guessing what your site is — and they guess wrong more often than not.
Whether your behind-the-scenes labels are valid
We didn't find any structured-data tags on your homepage.
A trail showing where visitors are on your site
No breadcrumb schema is published. Search engines can't show breadcrumb trails under your listings, and visitors lose the trail to important pages.
How well your site feeds AI the right facts
We couldn't find any organization details in your page's structured data.
How your site appears when shared or in search results
Your homepage is missing one or more of the standard social-share and search-preview tags.
A clear headline on every page
Your homepage has a clear H1 heading — search engines and screen readers know what the page is about.
How easy it is to reach your deepest pages
Important pages are reachable in just a click or two from your homepage.
8 additional standards didn't apply to this site
Does it respect visitor privacy?74Excellent
Cookie consent banner for European visitors
No cookie banner detected, but trackers are present. If you serve EU or California traffic, this is a compliance gap.
How many outside companies you let watch your visitors
Your homepage loads a moderate number of third-party trackers. Worth auditing what each one is for.
What your site actually drops on visitors' phones
Your homepage sets only essential cookies before consent. Non-essential cookies fire after opt-in.
You have a terms of service page
Your terms of service page is reachable from the homepage.
1 additional standard didn't apply to this site
Is it safe to visit?78Excellent
Visitors connect faster on the first click
Your server doesn't staple OCSP. Visitors' browsers may have to contact the CA themselves, slowing first connects.
Strict mode for your padlock check
Neither OCSP stapling nor Must-Staple is in play. A revoked cert wouldn't be caught quickly.
Your padlock isn't using outdated keys
Your certificate uses outdated key strength or a SHA-1 signature. Reissue with a modern ACME-class cert.
Your certificate is publicly logged
Your certificate carries only one embedded SCT — modern browsers want at least two. Reissue from a CA that includes them.
Your site finishes its handshake quickly
Your TLS handshake is on the slower side. A CDN with anycast edges and session resumption usually cuts this in half.
Your padlock isn't about to expire
Your SSL certificate is valid and not close to expiring.
Private files aren't open to the public
None of the common admin or developer paths are publicly reachable.
Old TLS versions are turned off
Only modern TLS (1.2 and above) is offered — TLS 1.0 and 1.1 are turned off.
Your padlock loads cleanly on every device
Your server sends the full certificate chain — every device builds the path to a trusted root cleanly.
Your padlock renews on a healthy schedule
Your certificate uses a short validity window (≤ 90 days) — auto-renewal keeps revocation fast and frictionless.
Your padlock comes from a reputable vendor
Your certificate is issued by a tier-1 publicly trusted CA (Let's Encrypt, DigiCert, Google Trust, Sectigo, etc.).
9 additional standards didn't apply to this site
Can everyone use it?93Excellent
Your photos have written descriptions
Some images on your homepage are missing alt text. Screen reader users hear silence where they should hear a description.
You have an accessibility statement
Your accessibility statement page is published — visitors can find out what standards you commit to.
Your headings are in a sensible order
Your heading levels are properly nested — H1, then H2s, then H3s — and screen readers can navigate the outline.
Your buttons and forms are labeled for screen readers
Interactive elements have proper ARIA labels — screen reader users get a clear description of each control.
A skip-to-content link is published — keyboard users land directly on the main content.
2 additional standards didn't apply to this site