Web Quality Index
Scan complete · Scanned May 20, 2026 · 41 of 41 standards scored (59 didn’t apply)

Home/Reports/naturallivingfamily.com

naturallivingfamily.com

8-year-old e-commerce site, served through Cloudflare, with email running through google.

Site typeE-commerce
Built onwordpress
Hosted byCloudflare, Inc.
Registered withGoDaddy.com, LLC
Domain age≈ 8 years
Online sinceJanuary 2013
Sends email throughgoogle
Managed hostCloudflare (host hidden)
CDN / WAFCloudflare / Cloudflare
DNS providerCloudflare
DMARC policyquarantine
Web Quality Score
70/100
Excellent
Well above baseline. A few refinements would push this site into best-in-class territory.
Check breakdown
54 scored
A further 20 standards didn’t apply to this site — most are accessibility and privacy tests that need page contents to evaluate.
Is it fast?
62
Solid
14 standards behind this question
Pass3Review1Fail4
Fail

Your site uses the newest connection style

Your server still serves over the older HTTP/2 protocol — not the newer, faster HTTP/3.

WEBQ-30
Fail

Your photos are saved in modern formats

Your images are served as JPEG or PNG when modern formats (WebP, AVIF) would cut their size by 30–60% with no visible loss.

WEBQ-32
Fail

Your text shows up while fonts load

Your fonts aren't using font-display: swap. Visitors see invisible text for a moment while the font downloads — Google penalises this.

WEBQ-36
Fail

Photos lower on the page wait their turn

Images below the fold aren't lazy-loaded — visitors download them up front even if they never scroll that far.

WEBQ-35
Review

How fast your site loads on a phone

Your homepage is mid-pack on mobile. Reasonable but Google's ranking signal rewards faster sites.

WEBQ-08
Pass

Pages get squeezed before they're sent

Your server compresses pages with Brotli or gzip — visitors download a fraction of the raw size.

WEBQ-10
Pass

Reachable on the modern internet

Your domain is reachable on IPv6.

WEBQ-31
Pass

Your homepage isn't bloated

Your homepage downloads at a reasonable size.

WEBQ-37

6 additional standards didn't apply to this site

Does this look like a real business?
76
Excellent
12 standards behind this question
Pass3Review2Fail1
Fail

Your reviews on Trustpilot

We couldn't find a Trustpilot listing. Many consumers check Trustpilot before buying — a missing listing reads as a missing reputation.

WEBQ-60
Review

Whether anyone's written about you lately

No news mentions of this domain in the last 30 days.

WEBQ-20
Review

Whether you have a Wikipedia entry

No Wikipedia entry was found for this business.

WEBQ-21
Pass

How long your domain has existed

Your domain has been registered for years — long enough to clear fraud-detection signals.

WEBQ-17
Pass

How long your site has been online

Your site has been online for years — public archives have a long history of it.

WEBQ-18
Pass

A contact form people can actually find

A visible contact form is reachable from your homepage.

WEBQ-83

6 additional standards didn't apply to this site

Can everyone use it?
81
Excellent
7 standards behind this question
Pass3Review1Fail1
Fail

Your headings are in a sensible order

Your heading levels skip — for example, an H1 followed by an H3 with no H2 in between. Screen reader users lose the outline of the page.

WEBQ-55
Review

Text is dark enough to read

Text on your homepage doesn't meet WCAG AA contrast minimums against its background. Visitors with low vision can't read parts of the page.

WEBQ-56
Pass

Your photos have written descriptions

Every image on your homepage has alt text — screen readers can describe them.

WEBQ-54
Pass

Your buttons and forms are labeled for screen readers

Interactive elements have proper ARIA labels — screen reader users get a clear description of each control.

WEBQ-57
Pass

A way to skip past the menu

A skip-to-content link is published — keyboard users land directly on the main content.

WEBQ-58

2 additional standards didn't apply to this site

Is it safe to visit?
82
Excellent
21 standards behind this question
Pass10Review3Fail2
Fail

WordPress isn't leaking your usernames

Your WordPress site exposes its user list through the REST API. Attackers can enumerate every account by username — the first half of any credential-stuffing attack is already done for them.

WEBQ-06
Fail

Strict mode for your padlock check

Neither OCSP stapling nor Must-Staple is in play. A revoked cert wouldn't be caught quickly.

WEBQ-96
Review

Your certificate is publicly logged

Your certificate carries only one embedded SCT — modern browsers want at least two. Reissue from a CA that includes them.

WEBQ-92
Review

Your padlock renews on a healthy schedule

Your certificate lifetime is on the longer end (> 90 days). ACME-class certs renew every 60-90 days and rotate cleanly.

WEBQ-95
Review

Private files aren't open to the public

Some common admin or developer paths are reachable from the public internet.

WEBQ-07
Pass

Your padlock isn't about to expire

Your SSL certificate is valid and not close to expiring.

WEBQ-05
Pass

Old TLS versions are turned off

Only modern TLS (1.2 and above) is offered — TLS 1.0 and 1.1 are turned off.

WEBQ-27
Pass

Forgotten subdomains aren't an open door

No forgotten or claimable subdomains were found.

WEBQ-28
Pass

The padlock uses strong, modern math

The handshake negotiates a modern AEAD cipher (AES-GCM or ChaCha20-Poly1305).

WEBQ-87
Pass

Old recordings stay locked even if a key leaks

Forward secrecy is guaranteed by the negotiated handshake — past traffic stays unreadable even if your key leaks.

WEBQ-88
Pass

Your padlock isn't using outdated keys

Your certificate uses strong modern math (ECDSA P-256+ or RSA-2048+ with SHA-256+).

WEBQ-89
Pass

Your padlock loads cleanly on every device

Your server sends the full certificate chain — every device builds the path to a trusted root cleanly.

WEBQ-90
Pass

Visitors connect faster on the first click

Your server staples a fresh OCSP response — visitors don't have to round-trip to the CA on first connect.

WEBQ-91
Pass

Your padlock comes from a reputable vendor

Your certificate is issued by a tier-1 publicly trusted CA (Let's Encrypt, DigiCert, Google Trust, Sectigo, etc.).

WEBQ-97
Pass

Your site finishes its handshake quickly

Your TLS handshake completes quickly — under 300ms on a cold connection.

WEBQ-98

6 additional standards didn't apply to this site

Does it respect visitor privacy?
87
Excellent
6 standards behind this question
Pass2Review1
Review

How many outside companies you let watch your visitors

Your homepage loads a moderate number of third-party trackers. Worth auditing what each one is for.

WEBQ-49
Pass

You have a privacy policy page

Your privacy policy page is reachable from the homepage.

WEBQ-47
Pass

You have a terms of service page

Your terms of service page is reachable from the homepage.

WEBQ-48

3 additional standards didn't apply to this site

Can people find this site?
90
Excellent
15 standards behind this question
Pass6Review1
Review

How well your site feeds AI the right facts

We couldn't find any organization details in your page's structured data.

WEBQ-45
Pass

Hidden labels that explain your business to Google

Your homepage publishes Schema.org structured data — search engines and AI tools can read what your site is directly.

WEBQ-12
Pass

How your site appears when shared or in search results

Your homepage has the title, description, OG, Twitter, and canonical tags.

WEBQ-11
Pass

A clear headline on every page

Your homepage has a clear H1 heading — search engines and screen readers know what the page is about.

WEBQ-13
Pass

Whether your behind-the-scenes labels are valid

Your structured-data tags parse cleanly against Schema.org.

WEBQ-39
Pass

A trail showing where visitors are on your site

Your pages publish breadcrumb schema — search results show the path back to important sections.

WEBQ-40
Pass

How easy it is to reach your deepest pages

Important pages are reachable in just a click or two from your homepage.

WEBQ-43

8 additional standards didn't apply to this site

Is email from this domain trustworthy?
94
Excellent
13 standards behind this question
Pass9Review1
Review

A clickable email link on your site

We couldn't find a tap-to-email link anywhere on your site.

WEBQ-84
Pass

Stops scammers from emailing customers as you

DMARC is enforcing — spoofed mail from your domain gets quarantined or rejected.

WEBQ-01
Pass

Lists who's allowed to email as your business

SPF is set and lists your sending services as approved senders.

WEBQ-03
Pass

You email from your own domain, not Gmail

You send email from your own domain, not a free Gmail/Yahoo address.

WEBQ-75
Pass

What's actually running your email

provider=google

WEBQ-76
Pass

You get reports when someone fakes your email

You're set up to receive daily DMARC reports of spoofing attempts.

WEBQ-77
Pass

A real tool for sending newsletters

Your Email Service Provider is detectable — newsletters and marketing email have a real sending platform behind them.

WEBQ-80
Pass

A real tool for sending receipts and confirmations

providers=Zendesk

WEBQ-81
Pass

Your email setup is under a hidden limit

Your SPF record uses fewer than 10 DNS lookups — under the spec limit.

WEBQ-82
Pass

Your email is being forwarded, not hosted

Mail to this domain is being forwarded — you have working email reachability.

WEBQ-85

3 additional standards didn't apply to this site