Audit Result

UUID: 019cdc73-519e-7385-b3e5-5c8a3df3708a

Share on X Back to history
stripe.com

https://stripe.com/

Scanned 5 days ago

82
Fair Score
39 total checks
Passed
27
Warnings
10
Errors
2

Meta Information

  • Title Tag Pass

    Found 54 characters. Length is optimal.

  • Meta Description Pass

    Found 149 characters. Good snippet length.

  • Canonical URL Pass

    Canonical found: https://stripe.com/

  • Favicon Pass

    Favicon found and reachable: https://images.stripeassets.com/fzn2n1nzq965/1hgcBNd12BfT9VLgbId7By/01d91920114b124fb4cf6d448f9f06eb/favicon.svg (HTTP 200).

    Favicon
  • Viewport Meta Pass

    Viewport configured: width=device-width, initial-scale=1, viewport-fit=cover

  • HTML Lang Pass

    Language declared as "en-US".

Content Structure

  • H1 Tag Warning

    Found 2 H1 tags.

    Fix: Use a single, descriptive <h1> that states the primary purpose of the page.

  • Heading Hierarchy Pass

    Valid heading flow across 48 headings.

  • Image Alt Text Error

    39 of 44 images are missing alt text.

    Fix: Add meaningful alt attributes to all informative images for accessibility and image SEO.

Technical Optimization

  • HTTPS Pass

    Page is served over HTTPS.

  • HSTS & HTTPS Redirect Warning

    1 HTTPS hardening issues detected.

    • • Could not probe the HTTP version of this page.
    • • Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

    Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.

  • Security Headers Pass

    Core security headers were detected.

  • CSP Quality Pass

    Content Security Policy looks restrictive and avoids common unsafe directives.

    • • Content-Security-Policy: base-uri 'none'; child-src 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://b.stripecdn.com https://js.stripe.com https://support-conversations.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com 'self'; manifest-src 'none'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; object-src 'none'; script-src https://b.stripecdn.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-KxhSaxKB5RFTQsqfRwp+zG7iLjvMrTAySqnSvWlqct0=' 'sha256-tMuJ8c00j54yuxogrdIJeGhNVB350dc56i969XRz/Mc=' 'sha256-aEFSvCaVnb2wNwuO3IzA8J44RdTKt6vms9beA7BcCYg=' 'sha256-0SWEc2BfR2o77i2vUiNNIrFKQkjc2Ujsr2hlfZ6oUek=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; worker-src https://b.stripecdn.com 'self'; upgrade-insecure-requests; report-uri https://q.stripe.com/csp-violation?q=SS2vgQhhZFizD_wJteai36Z4ZgK3mnscPEdo49LFvqY-Tcg8MFMCJUV1qbedvvI%3D
  • Cookie Security Pass

    No first-party cookies were set during the initial page load.

  • Server Version Disclosure Pass

    Server response headers do not expose version tokens.

  • Cloudflare Proxy Warning

    Domain does not appear to be behind Cloudflare.

  • Perceived Load Time Pass

    Loaded in 0.28s (perceived).

  • Render Blocking Resources Warning

    0 scripts and 6 styles may block rendering.

    • • style: https://b.stripecdn.com/mkt-ssr-statics/assets/_next/static/css/fef86a199a9ef83c.css
    • • style: https://b.stripecdn.com/mkt-ssr-statics/assets/_next/static/css/9ad1a1fb74bddb29.css
    • • style: https://b.stripecdn.com/mkt-ssr-statics/assets/_next/static/css/ebd004de31d78a4a.css
    • • style: https://b.stripecdn.com/mkt-ssr-statics/assets/_next/static/css/ffdf79ba5cbad3be.css
    • • style: https://b.stripecdn.com/mkt-ssr-statics/assets/_next/static/css/8a7edb7ce9163de2.css
    • • style: https://b.stripecdn.com/mkt-ssr-statics/assets/_next/static/css/6d8976d77ef644c4.css

    Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.

  • Compression Warning

    14 text resources look uncompressed.

    • • https://b.stripecdn.com/mkt-ssr-statics/assets/_next/static/chunks/48158.13de208e4f503036.js (text/javascript; charset=utf-8)
    • • https://b.stripecdn.com/mkt-ssr-statics/assets/_next/static/chunks/86467.d924a26a13940f4d.js (text/javascript; charset=utf-8)
    • • https://b.stripecdn.com/mkt-ssr-statics/assets/_next/static/chunks/313.80858fd19b388bbd.js (text/javascript; charset=utf-8)
    • • https://b.stripecdn.com/mkt-ssr-statics/assets/_next/static/eNvRblVP4%2BxpdxlA4O4jbOxlmMYPF3KDGljlH8sB5y4%3D/_ssgManifest.js (text/javascript; charset=utf-8)
    • • https://b.stripecdn.com/stripethirdparty-srv/assets/v32.1/PrivacyCompliance.html?id=2ae7c9ea-c638-413d-88b5-c1479eacb80d&origin=https%3A%2F%2Fstripe.com (text/html; charset=utf-8)
    • • https://stripe.com/notifications?as=json (application/json; charset=utf-8)
    • • https://ext.stripe.com/universal-chat/agent-availability?qr=qvb&country=US (application/json; charset=utf-8)
    • • https://b.stripecdn.com/stripethirdparty-srv/assets/v32.1/GoogleTagManager.html?id=deaaeb0f-428c-4399-838c-abe82b573e59&origin=https%3A%2F%2Fstripe.com (text/html; charset=utf-8)
    • • https://stripe.com/cookie-settings/enforcement-mode (application/json; charset=utf-8)
    • • https://s.company-target.com/s/sync?exc=lr (text/html; charset=UTF-8)
    • • https://api.company-target.com/api/v3/ip.json?referrer=https%3A%2F%2Fstripe.com%2F&page=https%3A%2F%2Fb.stripecdn.com%2Fstripethirdparty-srv%2Fassets%2Fv32.1%2FGoogleTagManager.html%3Fid%3Ddeaaeb0f-428c-4399-838c-abe82b573e59%26origin%3Dhttps%253A%252F%252Fstripe.com&page_title= (application/json; charset=utf-8)
    • • https://r.stripe.com/0 (text/plain)
    • • https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=9QEE9_HZYc8CVLHVfT5g9Tjuhuzom7k3S5GPdXJOIsUg437PmzKPkw==&api-version=v3 (text/html)
    • • blob:https://b.stripecdn.com/caab0cf0-9019-4c72-b18e-4fca3c3cb427 (text/javascript)

    Fix: Enable Brotli or Gzip compression for HTML, CSS, JS, and JSON responses.

  • Robots.txt Pass

    Found robots.txt (200).

  • Sitemap File Pass

    Found sitemap (200) at https://stripe.com/sitemap/sitemap.xml.

  • Crawl Directives Warning

    No robots meta tag defined.

    Fix: Add <meta name="robots" content="index,follow"> (or the intended directive) in <head>.

Accessibility Basics

  • Form Labels Pass

    All 0 controls are labeled.

  • Landmarks Pass

    Header, nav, main, and footer landmarks are present.

  • Tap Target Size Warning

    25 interactive elements appear smaller than 48px.

    • • a.hds-link.navigation-menu-home-link (Stripe homepage) - 60x25px
    • • button.hds-button.hds-navigation-menu__trigger (Products) - 83x40px
    • • button.hds-button.hds-navigation-menu__trigger (Solutions) - 85x40px
    • • button.hds-button.hds-navigation-menu__trigger (Developers) - 97x40px
    • • button.hds-button.hds-navigation-menu__trigger (Resources) - 92x40px
    • • a.hds-button.hds-navigation-menu__trigger (Pricing) - 48x38px
    • • a.hds-button.navigation-cta-button (Sign in) - 87x40px
    • • a.hds-button.navigation-cta-button (Contact sales) - 147x40px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px
    • • a.hds-link - 142x34px

    Fix: Increase target size to at least 48x48 CSS pixels for touch interactions.

Social & Rich Results

  • Open Graph Basics Pass

    Core Open Graph tags are present.

  • Open Graph Image Pass

    og:image is present and absolute.

    Open Graph Image
  • Twitter Card Pass

    twitter:card set to summary_large_image.

  • Structured Data Pass

    JSON-LD schema detected.

  • PWA Metadata Warning

    Manifest or Apple touch icon is missing.

    Fix: Link your web app manifest and apple-touch-icon for improved install/share experiences.

  • Open Graph/Twitter Quality Pass

    Social preview metadata and image quality look good for Open Graph/Twitter.

    • • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
    • • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
    • • GUIDELINE: Optimal preview image size: 1200x630 pixels.
    • • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
    • • GUIDELINE: Optimal preview image file size: under 5 MB.
    • • GUIDELINE: Recommended twitter:card: summary_large_image.
    • • MEASURED: Image size: 0.30 MB
    • • MEASURED: Image dimensions: 2048x1024

Links Analysis

  • Internal Links Pass

    Checked 80 links. No broken internal links found.

  • External Links Pass

    No broken external links found in checked URLs.

  • Link Format Pass

    All 174 links use non-empty href values.

Performance & Runtime

  • Core Web Vitals: LCP Pass

    Largest Contentful Paint: 0.30s.

  • Core Web Vitals: CLS Pass

    Cumulative Layout Shift: 0.000.

  • Main Thread Blocking (TBT) Warning

    Total Blocking Time estimate: 317ms.

    Fix: Reduce heavy JavaScript work, split long tasks, and defer non-critical scripts.

  • Broken Assets Error

    1 asset requests failed.

    • • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dstripe.com%26pId%3d%24UID (net::ERR_BLOCKED_BY_ORB)

    Fix: Fix missing files, update asset URLs, and ensure static assets return HTTP 200.

  • JavaScript Runtime Errors Warning

    9 JavaScript runtime issues detected.

    • • Request failed: https://www.google.com/ccm/collect?frm=2&ae=g&en=page_view&dr=stripe.com&dl=https%3A%2F%2Fb.stripecdn.com%2Fstripethirdparty-srv%2Fassets%2Fv32.1%2FGoogleTagManager.html&scrsrc=www.googletagmanager.com&rnd=976096721.1773225057&navt=n&npa=0&ep.ads_data_redaction=0&gtm=45He63a0h2v838837448za200zd838837448xea&gcd=13l3l3l3l1l1&dma=0&tag_exp=103116026~103200004~115938465~115938468~116024733~117484252&apve=1&apvf=f&apvc=1&tft=1773225057475&tfd=224 (net::ERR_ABORTED, type: fetch)
    • • Request failed: https://px.ads.linkedin.com/attribution_trigger?pid=332772&time=1773225057666&url=https%3A%2F%2Fstripe.com%2F&tm=gtmv2 (csp, type: xhr)
    • • Request failed: https://analytics.google.com/g/collect?v=2&tid=G-SEKFWD1C9J&gtm=45je63a0h2v875200074z8838837448za20gzb838837448zd838837448&_p=1773225057285&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=1639176287.1773225057&ecid=921296920&ul=en-us&sr=1280x800&uaa=x86&uab=64&uafvl=Not%253AA-Brand%3B99.0.0.0%7CHeadlessChrome%3B145.0.7632.6%7CChromium%3B145.0.7632.6&uamb=0&uam=&uap=Linux&uapv=&uaw=0&are=1&frm=2&pscdl=noapi&ec_mode=a&_eu=AAAAAGA&_s=1&tag_exp=103116026~103200004~115938465~115938469~116024733~117484252~117625641&dl=https%3A%2F%2Fstripe.com%2F&dr=&dt=Stripe%20%7C%20Financial%20Infrastructure%20to%20Grow%20Your%20Revenue&dp=%2F&sid=1773225057&sct=1&seg=0&_tu=aA&en=page_view&_fv=1&_ss=1&ep.url_passthrough=true&ep.gtm_container_id=GTM-WK8882T&ep.gtm_container_version=375&ep.page_url=https%3A%2F%2Fb.stripecdn.com%2Fstripethirdparty-srv%2Fassets%2Fv32.1%2FGoogleTagManager.html%3Fid%3Ddeaaeb0f-428c-4399-838c-abe82b573e59%26origin%3Dhttps%253A%252F%252Fstripe.com&ep.dl_url=%2F&ep.hostname=https%3A%2F%2Fstripe.com&ep.db_company_name=(Non-Company%20Visitor)&ep.gtm_tag_name=GA4%20-%20Page%20View&up.logged_in=False&tfd=377 (net::ERR_ABORTED, type: fetch)
    • • Request failed: https://r.stripe.com/0 (net::ERR_ABORTED, type: fetch)
    • • Request failed: https://www.google.com/ccm/collect?frm=2&en=page_view&dr=stripe.com&dl=https%3A%2F%2Fb.stripecdn.com%2Fstripethirdparty-srv%2Fassets%2Fv32.1%2FGoogleTagManager.html&scrsrc=www.googletagmanager.com&rnd=976096721.1773225057&navt=n&npa=0&gtm=45be63a0h2v889774910z8838837448za20gzb838837448zd838837448xec&gcd=13l3l3l3l1l1&dma=0&tag_exp=103116026~103200004~115616985~115938465~115938469~116024733~117484252&apve=1&apvf=f&apvc=0&tids=AW-848119022&tid=AW-848119022&tft=1773225057741&tfd=490 (net::ERR_ABORTED, type: fetch)
    • • Connecting to 'https://px.ads.linkedin.com/attribution_trigger?pid=332772&time=1773225057666&url=https%3A%2F%2Fstripe.com%2F&tm=gtmv2' violates the following Content Security Policy directive: "connect-src 'self' *.clickagy.com *.company-target.com *.doubleclick.net *.google.com *.marketo.com *.mktoresp.com *.prod.uidapi.com *.stripe.com *.yahoo.co.jp *.reddit.com connect.facebook.net prod.uidapi.com evnt.byspotify.com js.zi-scripts.com munchkin.marketo.net pixels.spotify.com q.quora.com rlcdn.com static.ads-twitter.com tag-logger.demandbase.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com". The action has been blocked. [https://b.stripecdn.com/stripethirdparty-srv/assets/v32.1/vendors~AddressAutocomplete~AffirmInContext~AfterpayInContext~AmazonPayButton~ApplePay~Arkose~Arkose~daedefc0.dbeca930e1d74334cc68.bundle.js:16]
    • • Blocked script execution in 'https://s.company-target.com/s/sync?exc=lr' because the document's frame is sandboxed and the 'allow-scripts' permission is not set. [https://s.company-target.com/s/sync?exc=lr:1]
    • • Connecting to 'https://dm.slim02.jp/tppa/v2/vs?adv_id=5000000244218781&cnropq=eyJ0YWdfaWQiOiIwMjJmMmQwYi1iOGU4LTRmZTgtYWU1Yy1lMzBiM2JjZWNiYmIiLCJsYWJlbCI6IiIsImV2ZW50IjoicGFnZV92aWV3IiwicmVmIjoiaHR0cHM6Ly9zdHJpcGUuY29tLyIsInJlcV90eXBlIjoibHl0YWcifQ&evt=5&pid=5000000244218780&xci=dc42dd2d-a5bc-4288-8d52-24f6cd588681' violates the following Content Security Policy directive: "connect-src 'self' *.clickagy.com *.company-target.com *.doubleclick.net *.google.com *.marketo.com *.mktoresp.com *.prod.uidapi.com *.stripe.com *.yahoo.co.jp *.reddit.com connect.facebook.net prod.uidapi.com evnt.byspotify.com js.zi-scripts.com munchkin.marketo.net pixels.spotify.com q.quora.com rlcdn.com static.ads-twitter.com tag-logger.demandbase.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com". The action has been blocked. [https://b.stripecdn.com/stripethirdparty-srv/assets/v32.1/vendors~AddressAutocomplete~AffirmInContext~AfterpayInContext~AmazonPayButton~ApplePay~Arkose~Arkose~daedefc0.dbeca930e1d74334cc68.bundle.js:16]
    • • Fetch API cannot load https://dm.slim02.jp/tppa/v2/vs?adv_id=5000000244218781&cnropq=eyJ0YWdfaWQiOiIwMjJmMmQwYi1iOGU4LTRmZTgtYWU1Yy1lMzBiM2JjZWNiYmIiLCJsYWJlbCI6IiIsImV2ZW50IjoicGFnZV92aWV3IiwicmVmIjoiaHR0cHM6Ly9zdHJpcGUuY29tLyIsInJlcV90eXBlIjoibHl0YWcifQ&evt=5&pid=5000000244218780&xci=dc42dd2d-a5bc-4288-8d52-24f6cd588681. Refused to connect because it violates the document's Content Security Policy. [https://b.stripecdn.com/stripethirdparty-srv/assets/v32.1/vendors~AddressAutocomplete~AffirmInContext~AfterpayInContext~AmazonPayButton~ApplePay~Arkose~Arkose~daedefc0.dbeca930e1d74334cc68.bundle.js:16]

    Fix: Fix JS files returning 404/failed requests and resolve the listed runtime exceptions.