Audit Result

Found 16 characters. Keep title between 30 and 60 characters.

Fix: Add a unique <title> tag describing the main page intent in 30-60 characters.

Found 82 characters. Good snippet length.

Canonical found: https://www.dsebastien.net/

Favicon found and reachable: https://www.dsebastien.net/content/images/size/w256h256/2022/11/logo_symbol.png (HTTP 200).

Viewport configured: width=device-width, initial-scale=1.0

Language declared as "en".

Exactly one H1 found: "Too Much Information, Too Much Noise, And Too Little Time?".

Valid heading flow across 34 headings.

All 3 images include alt text.

Page is served over HTTPS.

1 HTTPS hardening issues detected.

• • Could not probe the HTTP version of this page.
• • Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Fix: Set Strict-Transport-Security with a long max-age, add includeSubDomains, and redirect all HTTP requests to HTTPS.

Core security headers were detected.

1 CSP hardening issues detected.

• • script-src/default-src permits 'unsafe-inline'.
• • Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' www.knowii.net blue-bar-dsebastien-19fd.developassion.workers.dev media.ethicalads.io cdn.jsdelivr.net js.stripe.com; style-src 'self' 'unsafe-inline' www.knowii.net cdn.jsdelivr.net; img-src 'self' data: www.gravatar.com *.unsplash.com images.unsplash.com static.ghost.org public-files.gumroad.com www.theartofsimple.net www.wholelifepractitioner.com; font-src 'self'; connect-src 'self' dsebastien.ghost.io blue-bar-dsebastien-19fd.developassion.workers.dev media.ethicalads.io api.stripe.com *.knowii.net cdn.jsdelivr.net; frame-src www.youtube.com www.youtube-nocookie.com player.vimeo.com js.stripe.com *.knowii.net; frame-ancestors 'self'; base-uri 'self'; form-action 'self' *.stripe.com; media-src 'self'; object-src 'none'; manifest-src 'self'; worker-src 'self' blob:; upgrade-insecure-requests;

Fix: Tighten Content-Security-Policy by removing unsafe directives and adding object-src, base-uri, and frame-ancestors restrictions.

No first-party cookies were set during the initial page load.

Server response headers do not expose version tokens.

Domain appears to be behind Cloudflare.

• • server: cloudflare
• • cf-cache-status: DYNAMIC
• • cf-ray: 9dafa190c9ffe611-IAD

Loaded in 0.30s (perceived).

0 scripts and 3 styles may block rendering.

• • style: https://www.dsebastien.net/assets/built/screen.css?v=45f9e7f65c
• • style: https://www.dsebastien.net/public/cards.min.css?v=45f9e7f65c
• • style: https://www.knowii.net/external/widget.css

Fix: Defer non-critical scripts and inline critical CSS to improve first paint speed.

2 text resources look uncompressed.

• • https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html (text/html; charset=utf-8)
• • https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js (text/javascript; charset=utf-8)

Fix: Enable Brotli or Gzip compression for HTML, CSS, JS, and JSON responses.

Found robots.txt (200).

Found sitemap (200) at https://www.dsebastien.net/sitemap.xml.

Robots meta found: index,follow,max-image-preview:large

2 of 2 controls are missing labels.

• • input[type="email"]#home-email.gh-form-input (email)
• • input[type="email"]#footer-email.gh-form-input (email)

Fix: Associate each form control with a visible label, aria-label, or aria-labelledby.

Header, nav, main, and footer landmarks are present.

19 interactive elements appear smaller than 48px.

• • button (close) - 32x32px
• • a.gh-navigation-logo.is-title (Sébastien Dubois) - 248x40px
• • button.gh-search.gh-icon-button (Search this site) - 20x48px
• • a.gh-portal-close (Sign in) - 50x24px
• • a.gh-button.gh-portal-close (Subscribe) - 117x39px
• • button.gh-button (Subscribe) - 165x44px
• • a (Learn More →) - 114x28px
• • a (Learn More →) - 114x28px
• • a (Obsidian) - 66x20px
• • a (Learn More →) - 114x28px
• • a (Learn More →) - 114x28px
• • a.text-gray-600.hover:text-gray-900 (All Articles) - 83x28px
• • a.text-gray-600.hover:text-gray-900 (All Tags) - 61x28px
• • button.gh-button (Subscribe) - 165x44px
• • a.!text-white.hover:!text-gray-200 (X) - 25x25px
• • a.!text-white.hover:!text-blue-400 (Bluesky) - 25x25px
• • a.!text-red-500 (YouTube) - 35x35px
• • a.!text-white.hover:!text-blue-400 (LinkedIn) - 24x24px
• • a.!text-white.hover:!text-gray-200 (GitHub) - 24x24px

Fix: Increase target size to at least 48x48 CSS pixels for touch interactions.

Core Open Graph tags are present.

og:image is missing.

Fix: Add <meta property="og:image" content="https://..."> with a high-quality share image.

twitter:card set to summary.

JSON-LD schema detected.

Manifest or Apple touch icon is missing.

Fix: Link your web app manifest and apple-touch-icon for improved install/share experiences.

2 social preview quality issues detected.

• • ISSUE: Use an absolute URL for og:image or twitter:image.
• • ISSUE: twitter:card should be summary_large_image for richer previews.
• • GUIDELINE: Optimal og:title length: 40-60 characters (acceptable: 10-70).
• • GUIDELINE: Optimal og:description length: 110-160 characters (acceptable: 50-200).
• • GUIDELINE: Optimal preview image size: 1200x630 pixels.
• • GUIDELINE: Optimal preview image aspect ratio: 1.91:1.
• • GUIDELINE: Optimal preview image file size: under 5 MB.
• • GUIDELINE: Recommended twitter:card: summary_large_image.

Fix: Use absolute OG/Twitter URLs, keep metadata lengths in recommended ranges, and provide a preview image near 1200x630 under 5MB.

1 internal links returned errors.

• • https://www.dsebastien.net/cdn-cgi/content?id=cR6kAYXIZU0OtWbz4fcwa7kuH_e5OwflFjQk0MWj._k-1773285291.6483154-1.0.1.1-Trm4ELzaOmepFzRUedx03szZBa2QD4ZvZLMC2NrMSrM (HTTP 404)

Fix: Fix or remove the listed internal URLs, and ensure routes/pages return 200 responses.

1 external links returned errors or timed out.

• • https://bsky.app/profile/dsebastien.net (HTTP 404)

Fix: Replace dead external URLs or point to working alternatives.

2 links are empty, invalid, or placeholder-only.

• • href="#"
• • href="#" text="Close"

Fix: Replace empty/#/javascript href values with real destinations or use buttons for non-navigation actions.

Largest Contentful Paint: 0.30s.

Cumulative Layout Shift: 0.052.

Total Blocking Time estimate: 110ms.

1 asset requests failed.

• • https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516 (csp)

Fix: Fix missing files, update asset URLs, and ensure static assets return HTTP 200.

5 JavaScript runtime issues detected.

• • Request failed: https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516 (csp, type: script)
• • Request failed: https://www.dsebastien.net/members/api/member/ (net::ERR_ABORTED, type: fetch)
• • Loading the script 'https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516' violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' www.knowii.net blue-bar-dsebastien-19fd.developassion.workers.dev media.ethicalads.io cdn.jsdelivr.net js.stripe.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked. [https://www.dsebastien.net/:1]
• • Failed to load resource: the server responded with a status of 403 () [chrome-error://chromewebdata/:1]
• • Refused to display 'https://www.knowii.net/' in a frame because it set 'X-Frame-Options' to 'sameorigin'. [chrome-error://chromewebdata/:1]

Fix: Fix JS files returning 404/failed requests and resolve the listed runtime exceptions.